Qualys VMDR Reviews

The vulnerability scanning feature is valuable.

QualysGuard has provided us with a valuable insight into vulnerabilities across our environment. Before the use of this product, we had no way of identifying or tracking vulnerabilities.

The reporting capabilities are good but I would like to be able to make more customized reports. In addition, I would like to be able to assign a numerical asset value to critical hosts.

I've used it for six years.

No issues encountered, it went very smoothly.

No issues encountered.

No, as it's very easy to add additional hosts.

8/10.

8/10.

We didn't use a previous solution.

It was straightforward.

It was implemented in-house.

We also looked at Nessus.

Make sure you take advantage of authenticated scans and it is also very helpful if you have a complete server inventory.

The feature where the solutions to issues are mentioned in the reports.

It's easy to reach the current location and download/install the correct patch.

The feature where the solutions to issues are mentioned in the reports could be improved.

I've been using it for over three years.

No issues encountered.

No issues encountered.

No issues encountered.

7/10.

5/10,

No previous solution was used.

It was implemented by the vendor.

The interface is pretty good, as all the instructions are clear enough. The way you can create groups or scheduling scans and reports is a very good feature, and the CSV reports have very good information.

In this case, my last employer was a Qualys partner and the consultancy was extra. But, the reports and the way the information is, helped a lot. Also, with this information concise presentations were sent to the CIO every month.

I think the only area to improve it is the way the scores are calculated. That was the only problem I had and because of that, all scores had to be rectified manually.

I was using both Multimedios Redes (Enterprise version) and Lamosa for three years. I also used PC, PCI, and WAS.

No issues were encountered.

Maybe one or two times, but they were caused by scheduled windows, but these problems were fixed very quickly.

No issues were encountered.

Very good! I think I would give them 10/10 because in Latin America the service was excellent.

Again, I would give them 10/10, as the documentation is so good and all is clear, but if you have a doubt, technical support was always concise and had a quick answer. Also the community helps a lot.

I did not personally, but the technical contacts that worked for my customers tried another solutions, and they chose Qualys for the easy way it manages the processes.

The initial setup was very easy, with no complications found when the instructions were followed. Also, this activity was done with a physical and virtual appliance, and both ways were very easy to follow.

I was the vendor team, but I can give you the answer from the actual companies I worked for. The administrators, before Qualys, did not care so much about security, patching, etc.; but, after Qualys they changed their minds. Security took a very important role and of course they reduced, a lot, the chances of being hacked or attacked. It also helped, at this point, to be verified by auditors.

It's worth it, really, when you see the complete picture and see all the factors. It is a very good investment. Qualys is a very good tool and very easy to use and it is also better to have an annual subscription rather than paying for a scan.

My customers evaluated Foundstone and Rapid7, and possibly others.

• Vulnerability management
• Policy compliance
• Scalability

As a leading IT services organization, it is very important for us to have a proactive identification/assessment of vulnerabilities. We also need to be able to remedy them in a timely manner before they exploit our security configuration compliance, and then harden our security for both system/network devices and applications. We need to do this both before and after placing them in production environment.

With QualsyGuard we have been able to achieve this by utilizing its modules, such as vulnerability management, policy compliance, web scanning, malware detection, and asset tagging.

As users of Qualys for the last three years, we have identified and shared many areas where Qualys needed to have improvements, including --

• Vulnerability database having some false positives, although this is rare;
• Web scan module requires authentication to access basic web forms;
• Asset tagging needs lots of improvements as it's currently a complex technique; and
• For policy compliance, they need to add more leading IT standards with regards to all the leading IT service provides like Juniper, Cisco, Microsoft, etc.

I've been using this product for the last three years.

This is a very stable product and we haven't faced any issues since its deployment apart from announced downtimes for upgrades and improvements.

No issues encountered.

Support is available 24/7 via phone and e-mail. Remote session support is also available.

They have excellent expertise.

No previous solution was used.

It's easy as it is a SaaS, cloud-based service. The installation of the local hardware scanner appliance is also easy.

We used a vendor team who was excellent.

I cannot give you the exact ROI on this, but as a large information and communication technology service provider, a 24/7 service availability that leads to customer satisfaction is our key goal. Regular VM and compliance assessment results in the complete hardening of our critical assets defending us against any exploits that leads to unavailability of our services.

No, because it was already in use at our parent company and it was providing good results for a low price as well.

• Collect complete asset inventory details (asset type, service/application details, administrator details etc.).
• Provide awareness session to the support team about Qualys, its usage, and functionality.
• Prepare OLAs and SOPs for better co-ordination between the teams.

The fact that it's on the cloud, so there's no configuration whatsoever on my physical machine except for the VM scanner.

It now takes less time to run a vulnerability assessment for our client. I do not have to bring two laptops anymore to my clients sites.

Maybe the reporting features. It is too granular, so that if someone new wants to get familiar with it, they will have a hard time. A few more tutorials or guide on screen would also be appreciated.

I've been using the consultant edition for two years.

During the internal scanner deployment, but the issue was mostly not the product, but more the network architecture of our client.

No issues encountered.

No issues encountered.

9/10

9/10

Rapid 7 Nexpose. To use the software, it takes a whole laptop just to run it, and the results have too much redundancy. Additionally, the scan rate is very slow compared to Qualys, and furthermore it is too expensive when compared to Qualys.

It's very straightforward. Basically you can scan anything external/internet facing within five minutes. For internal scans you have to deploy the internal scanner which can be done in five minutes if the network architecture is not too complex.

It was done In-house, but the help we get from their Singapore support team is awesome.

• Nessus
• Nexpose

Use it. It is a great product. Many people are sceptical that their scan results are in the cloud. But if you want something affordable and that works like a charm, go for Qualys. Less headaches and easy to achieve ROI as you don't spend much on the deployment or maintenance.

The top one for me is that the vulnerabilities are kept up to date.

It has reduced the cost of ownership for the engineers who can launch scans on the customers’ networks.

I’m convinced it could be possible to do a simpler interface.

I used it for about four years.

No issues encountered.

There is an issue with the web browser, but it's not an issue with the product itself.

No issues encountered.

9/10.

8/10.

I switched due to the cost.

It was simple because it's only used for external scans.

You have to find the best solution regarding functions and cost.

• Tripwire
• Nessus
• Accunetix
• OIpenvas

• Take your time
• Study all the functionalities of the product
• Try to set it up in a lab first before your production environment.

Vulnerability management.

It has helped to automate the vulnerability management program, increasing the security posture and helped us to identify the security risks in our infrastructure.

Web application security model needs some work.

I've been using it for four years, including including VM, PCI, WAS and MDS features.

No issues encountered.

There's been a few times, related to reporting, that we've had issues, but overall it's stable.

Excellent, the Qualys support team always helps on a priority basis.

Excellent!

No previous solution was used.

It was straightforward.

It was done in-house.

No other options were looked at.

• Vulnerability assessment
• Asset management
• WAS

Since this is a SaaS based solution, the vulnerability scan with the external scanners as well as the reporting has improved a lot. The reporting is very granular and you can please higher management with your reports.

None, as the product is great.

I've used it for four years.

Stability of the product is very high, I have never seen it unavailable.

The support needs to improve a lot, their response is absolutely slow. I have had terrible experience with support over the years.

I would rate it great because of its improvement since I have had terrible experiences in the past.

We used McAfee Vulnerability Manager/Foundstone and had to switch because this is a SaaS based solution and has more features/capabilities.

The initial setup is very simple in terms of configuring the appliance.

We installed it ourselves,

I would definitely recommmend using this product, as this is very simple and yet an effective way to do vulnerability assessment.

.