Qualys VMDR Reviews

The interface is pretty good, as all the instructions are clear enough. The way you can create groups or scheduling scans and reports is a very good feature, and the CSV reports have very good information.

In this case, my last employer was a Qualys partner and the consultancy was extra. But, the reports and the way the information is, helped a lot. Also, with this information concise presentations were sent to the CIO every month.

I think the only area to improve it is the way the scores are calculated. That was the only problem I had and because of that, all scores had to be rectified manually.

I was using both Multimedios Redes (Enterprise version) and Lamosa for three years. I also used PC, PCI, and WAS.

No issues were encountered.

Maybe one or two times, but they were caused by scheduled windows, but these problems were fixed very quickly.

No issues were encountered.

Very good! I think I would give them 10/10 because in Latin America the service was excellent.

Again, I would give them 10/10, as the documentation is so good and all is clear, but if you have a doubt, technical support was always concise and had a quick answer. Also the community helps a lot.

I did not personally, but the technical contacts that worked for my customers tried another solutions, and they chose Qualys for the easy way it manages the processes.

The initial setup was very easy, with no complications found when the instructions were followed. Also, this activity was done with a physical and virtual appliance, and both ways were very easy to follow.

I was the vendor team, but I can give you the answer from the actual companies I worked for. The administrators, before Qualys, did not care so much about security, patching, etc.; but, after Qualys they changed their minds. Security took a very important role and of course they reduced, a lot, the chances of being hacked or attacked. It also helped, at this point, to be verified by auditors.

It's worth it, really, when you see the complete picture and see all the factors. It is a very good investment. Qualys is a very good tool and very easy to use and it is also better to have an annual subscription rather than paying for a scan.

My customers evaluated Foundstone and Rapid7, and possibly others.

• Vulnerability management
• Policy compliance
• Scalability

As a leading IT services organization, it is very important for us to have a proactive identification/assessment of vulnerabilities. We also need to be able to remedy them in a timely manner before they exploit our security configuration compliance, and then harden our security for both system/network devices and applications. We need to do this both before and after placing them in production environment.

With QualsyGuard we have been able to achieve this by utilizing its modules, such as vulnerability management, policy compliance, web scanning, malware detection, and asset tagging.

As users of Qualys for the last three years, we have identified and shared many areas where Qualys needed to have improvements, including --

• Vulnerability database having some false positives, although this is rare;
• Web scan module requires authentication to access basic web forms;
• Asset tagging needs lots of improvements as it's currently a complex technique; and
• For policy compliance, they need to add more leading IT standards with regards to all the leading IT service provides like Juniper, Cisco, Microsoft, etc.

I've been using this product for the last three years.

This is a very stable product and we haven't faced any issues since its deployment apart from announced downtimes for upgrades and improvements.

No issues encountered.

Support is available 24/7 via phone and e-mail. Remote session support is also available.

They have excellent expertise.

No previous solution was used.

It's easy as it is a SaaS, cloud-based service. The installation of the local hardware scanner appliance is also easy.

We used a vendor team who was excellent.

I cannot give you the exact ROI on this, but as a large information and communication technology service provider, a 24/7 service availability that leads to customer satisfaction is our key goal. Regular VM and compliance assessment results in the complete hardening of our critical assets defending us against any exploits that leads to unavailability of our services.

No, because it was already in use at our parent company and it was providing good results for a low price as well.

• Collect complete asset inventory details (asset type, service/application details, administrator details etc.).
• Provide awareness session to the support team about Qualys, its usage, and functionality.
• Prepare OLAs and SOPs for better co-ordination between the teams.

The fact that it's on the cloud, so there's no configuration whatsoever on my physical machine except for the VM scanner.

It now takes less time to run a vulnerability assessment for our client. I do not have to bring two laptops anymore to my clients sites.

Maybe the reporting features. It is too granular, so that if someone new wants to get familiar with it, they will have a hard time. A few more tutorials or guide on screen would also be appreciated.

I've been using the consultant edition for two years.

During the internal scanner deployment, but the issue was mostly not the product, but more the network architecture of our client.

No issues encountered.

No issues encountered.

9/10

9/10

Rapid 7 Nexpose. To use the software, it takes a whole laptop just to run it, and the results have too much redundancy. Additionally, the scan rate is very slow compared to Qualys, and furthermore it is too expensive when compared to Qualys.

It's very straightforward. Basically you can scan anything external/internet facing within five minutes. For internal scans you have to deploy the internal scanner which can be done in five minutes if the network architecture is not too complex.

It was done In-house, but the help we get from their Singapore support team is awesome.

• Nessus
• Nexpose

Use it. It is a great product. Many people are sceptical that their scan results are in the cloud. But if you want something affordable and that works like a charm, go for Qualys. Less headaches and easy to achieve ROI as you don't spend much on the deployment or maintenance.

The top one for me is that the vulnerabilities are kept up to date.

It has reduced the cost of ownership for the engineers who can launch scans on the customers’ networks.

I’m convinced it could be possible to do a simpler interface.

I used it for about four years.

No issues encountered.

There is an issue with the web browser, but it's not an issue with the product itself.

No issues encountered.

9/10.

8/10.

I switched due to the cost.

It was simple because it's only used for external scans.

You have to find the best solution regarding functions and cost.

• Tripwire
• Nessus
• Accunetix
• OIpenvas

• Take your time
• Study all the functionalities of the product
• Try to set it up in a lab first before your production environment.

Vulnerability management.

It has helped to automate the vulnerability management program, increasing the security posture and helped us to identify the security risks in our infrastructure.

Web application security model needs some work.

I've been using it for four years, including including VM, PCI, WAS and MDS features.

No issues encountered.

There's been a few times, related to reporting, that we've had issues, but overall it's stable.

Excellent, the Qualys support team always helps on a priority basis.

Excellent!

No previous solution was used.

It was straightforward.

It was done in-house.

No other options were looked at.

• Vulnerability assessment
• Asset management
• WAS

Since this is a SaaS based solution, the vulnerability scan with the external scanners as well as the reporting has improved a lot. The reporting is very granular and you can please higher management with your reports.

None, as the product is great.

I've used it for four years.

Stability of the product is very high, I have never seen it unavailable.

The support needs to improve a lot, their response is absolutely slow. I have had terrible experience with support over the years.

I would rate it great because of its improvement since I have had terrible experiences in the past.

We used McAfee Vulnerability Manager/Foundstone and had to switch because this is a SaaS based solution and has more features/capabilities.

The initial setup is very simple in terms of configuring the appliance.

We installed it ourselves,

I would definitely recommmend using this product, as this is very simple and yet an effective way to do vulnerability assessment.

.

The reporting and vulnerability analysis features.

Vulnerability scans are easily managed and maintained using Qualys. What used to be a manual process is now automatic. When we have an issue, I can easily see what production systems are affected and I can easily pinpoint a solution to mitigate the issue.

The reporting is lacking a little, and it would be nice to have reports sent via email. Often times we have to manually generate the reports after a vulnerability is fixed and a scan has to be re-run.

I've used it for three years.

We did not.

Our Qualys box is hardware and it's very easy to set up and maintain. It's very little maintenance, and the most time consuming part is setting up everything initially, such as what subnets you want to scan, what reports you want to run, etc.

We have over 15,000 devices and had no issues with scaling up our Qualys infrastructure.

I have never had to interact with them. I get most of the information on the forums, and even there the responses are lighting fast. As far as actually talking to someone, I personally have never had to speak to Qualys support.

It's great. The users on the forums are very knowledgeable and eager to help. If I need a quick answer I will always get one from the support forum.

We used Nessus before. It was a manual process and very time consuming. I like Nessus, but it was very tedious to get it to function automatically.

There are always complexities to every setup. I think the biggest issue was the learning curve. Having to learn all the new pieces and how they fit into our environment was probably the single biggest hurdle we had to face.

We did it in-house.

We looked at Metasploit Expose but the price was too much for what we needed.

Do your research and see how this product would best fit into your environment.

WAF integration is valuable.

We can now perform vulnerability scans with WAF integration. The WAF has improved the vulnerability identification and reports to the SOC and CSO.

The IT infrastructure, especially server administration, needs to be improved.

I've used it for two years.

There was only one related, and that need work on our technology. As the solution is cloud based, we needed to adapt our internal policies.

There were no issues.

This been done without a problem.

It's good.

It's good.

There was no previous solution, but I did execute several POCs.

It was a regular setup for the configuration, but the official training was necessary.

We also looked at Nessus and GFI Languard.