What advice do you have for others considering Qualys Patch Management?

In Qualys, it can not only push patches but also apply registry changes and PowerShell scripts on the system, supporting greater automation. Qualys patch management is a better choice.

I rate Qualys eight out of 10. It's a great tool, and if I consulted for a client, I would recommend it.

The risk-based approach is essential. When you enroll devices, Qualys automatically identifies vulnerabilities, focusing on reducing risks to your company, not just patching browsers or applications but also addressing outdated software and misconfigurations. Collecting this data allows for automated and prioritized patching based on risk. I have used Qualys Patch Management for just one year, but I have handled many clients during that specific time period. We always do proof of concept and demonstrations to our clients, so I believe I can deliver more details regarding Qualys Patch Management. I have used the Risk Reduction Recommendation Report. There are several types of reports in Qualys, including technical reports and managerial or CEO reports. Qualys offers comprehensive reports detailing vulnerabilities, recommendations, next action plans, and risk reductions, along with insights into potential MITRE attacks. This information allows clients to fortify their systems and reduce attack risks. I haven't integrated Qualys Patch Management with any CMDB or ITSM tools for ticket management yet, but I believe Qualys Patch Management cannot be integrated with CMDB. However, Qualys CSAM can easily integrate with CMDB without needing an API. It focuses on cybersecurity risks, adding devices to Qualys Patch Management directly from CMDB as long as they have the Qualys agent installed. It's a best practice to implement Qualys Patch Management alongside vulnerability management as part of the remediation process in Qualys. If clients lack a Qualys Patch Management subscription, the reports can still provide details on vulnerabilities and recommendations. However, we encourage them to add Qualys Patch Management subscription to ease the patching process for their devices. Maintenance can be challenging, especially if there are bugs or errors in Qualys Patch Management. The difficulty mainly arises when deploying patches, which can significantly affect IT operations. However, Qualys offers support to assist with these issues. I have resigned from my previous company, but I have the knowledge, skills, and fundamentals in using Qualys. I would rate this product overall as an 8.

I use Qualys Patch Management with VMDR. This integration with VMDR is important for me. Qualys Patch Management gives me a single source of truth for assets and vulnerabilities that need to be assessed, prioritized, and remediated. I use the Risk Reduction Recommendation report in Qualys Patch Management. The Risk Reduction Recommendation report is helpful. Qualys Patch Management helps me streamline remediation and gives me a good starting point. If the risk-based approach to automation is set up correctly, it performs excellently. For newer deployments of Qualys Patch Management, typically one person handles the implementation. I maintain Qualys Patch Management consistently, so it requires minimal effort on my end. My advice for new users of Qualys Patch Management is to spend time at the training center. A streamlined initial video guide would be beneficial. I rate Qualys Patch Management an eight out of ten overall.

I think that's where we have to go as an industry because you can't address everything all the time. Adding the risk on top, if it's an external asset compared to something internal inside your vault, the risk is much greater for exfiltration of data. The risk-based approach absolutely is the right way to go about it.I rate Qualys Patch Management a nine out of ten.

I use Qualys Patch Management with VMDR. On a scale from one to 10, I would rate Qualys Patch Management a nine overall.

I would recommend this product to other users because it's very user-friendly. I can't speak to the pricing aspect, but from a user standpoint, it's a very good product. I would rate it a nine out of ten.

I do not use the solution's integrations with CMDB or ITSM tools for ticket management. Adding Qualys Patch Management affected my infrastructure positively, as it replaced BigFix, allowing for better integration of patch management with our existing vulnerability management, resulting in improved report access and vulnerability fixing. The integration with risk management like VMDR and other security solutions provides significant benefits for eliminating vulnerabilities and avoiding exploitation. The single source of truth provided by Qualys Patch Management has helped reduce costs by integrating multiple tools into a single platform, making it easier to analyze and user-friendly. On a scale of one to ten, I rate Qualys Patch Management an eight out of ten.

Regarding whether Qualys Patch Management gives a single source of truth for assets and vulnerabilities that need to be assessed, prioritized, and remediated, I cannot say we solely rely on it. We are also using VMDR, as we do not depend only on the patch management module for patch priorities. Our patch priorities are established using the VMDR for vulnerability prioritization, and the patch criticality comes after that. I saw the benefits of Qualys Patch Management after we started using it. Before purchasing Qualys Patch Management, we remedied around 100 or 150 vulnerabilities from more than 90,000 vulnerabilities. We still remedy 150 or 160 vulnerabilities, but the management was aware of that because we were doing it manually. When we started the Patch Management module during the testing phase, we remedied 400 vulnerabilities in a month. That was very impressive from the management perspective. They agreed to move out of the testing phase, so we could bring up the process for some common vulnerabilities such as Google Chrome, Microsoft Teams, or any other related software we are using. The true risk automation helps us remediate vulnerabilities without needing to involve the security team. Although we did not actually rely on the true list dashboard because we are using the QIDs released. By using the QID, we are able to update the formulas automatically. We do it manually in some cases due to applications that have dependencies on servers we need to exclude. I have not used the risk reduction recommendation report. We are using the normal vulnerability scan report generated from VMDR. From the Patch Management perspective, we only generate the report once the patch is completed, where we assess which patches have failed and why. We do not use integrations with CMDB or ITSM tools for ticket management yet, as the management is not approving that particular request. However, integrating that would make automation and report generation much easier, allowing us to segregate the tasks among different teams, applications, or servers. The integration in VMDR is very important for us, as we are getting many dashboards by different criteria, such as SLA. We differentiate on SLA based on critical, high, or medium criteria, so we are using trending formulas also. It is very helpful for us to prioritize the vulnerabilities by considering the exploitability rate and if it is publicly available. Overall, I would rate Qualys Patch Management a ten out of ten for everything.

I would rate Qualys Patch Management an eight out of ten.

I would recommend it because of its ease of use and integration as both a Vulnerability Management and Patch Management tool. I rate it nine out of ten.

I would give it a ten out of ten. It is an excellent module to have within the environment, as most environments have Windows Patch cycles, but not for third-party applications. Patch Management not only addresses third-party applications but can also patch vulnerabilities. It allows seamless deployment from the console if a patch for a vulnerability is available. I would rate the overall solution a 10 out of 10.

It is a very good tool to reduce the vulnerabilities in our organization. Our current usage is about 70%, but we have started utilizing more features. We are planning to increase its license in our environment when there is an increase in the assets. I would recommend it to others. It is a very good solution for finding vulnerabilities and patching them. I would rate Qualys Patch Management an eight out of ten.

I would recommend Qualys Patch Management to others because it is user-friendly and has a wide database of vulnerabilities and patches. I am fond of Qualys, having started my journey with them. Overall, I would rate the solution a ten out of ten.

I would rate Qualys Patch Management nine out of ten because there is room for improvement in tool features to enhance competitive market standings.

It automates the patching process, making it more efficient and reducing IT teams' workload by focusing on critical patches. The tool provides real-time visibility into patch status, ensuring you always know where you stand. It integrates smoothly with existing IT workflows.

Overall, I would rate Qualys Patch Management a nine out of ten.

I would rate Qualys Patch Management a nine out of ten. Qualys Patch Management is deployed in multiple departments and locations. We have five members that administor the solution. No maintenance is required from our end. I recommend Qualys Patch Management because it is effective in past deployment and vulnerability management. It identifies necessary patches instead of scanning the entire machine.

I would recommend Qualys Patch Management because of its efficiency, scalability, and excellent support. I would rate Qualys Patch Management an eight out of ten.

It took us some time to realize its benefits. I went to a Qualys conference, and that was when I started to realize its benefits. Till then, I thought Rapid7 was a good one or Manage Engine was a good one. I thought those products were good, and they also patch third parties whereas Qualys did not patch third parties. After going to Qualys, they explained there is a way to do that. It was a longer way, which I did not do. We decided to go with an MSP that specializes in installation and fine-tuning the Qualys product. When they did everything, I did not have to touch any configuration with Qualys Patch Management. Everything was going through. With the way we did things previously, it was going through, but it was a longer approach. It was taking a little longer and was more manual. We did not properly utilize tagging. We did not properly utilize the patching process scheduling. The MSP guys did tagging. They did automation of the patch management according to the risks. That was very important. Previously, we had six or seven jobs and sometimes, we manually patched individual machines. After the MSP guys did the fine-tuning, we had only two scheduled jobs, and that was it. The first job does 10 to 15 testing computers, and then the next one does the old machines. I would rate Qualys Patch Management a nine out of ten.

I would rate Qualys Patch Management a nine out of ten.

When we did our PoC, we already had the VMDR piece. We enabled the patch piece and brought the right hand and the left hand together. This integration automatically should include all the relevant patches and configuration changes required to remediate vulnerabilities detected by VMDR. It will be crucial. That is still to be determined, but when two of our critical service delivery organizations are using the same sheet of music or the same tool, it makes us more agile and more responsive to the threats we are trying to protect our business against. I would rate Qualys Patch Management a nine out of ten.

I would rate Qualys Patch Management eight out of ten. We have three environments: production, development, and QA. To perform patching, we must coordinate with the application team and schedule downtime. Due to the critical nature of the business application running on the production servers, we cannot automate patching; instead, we use satellite servers. Our organization has between 20 and 30 people who use Qualys Patch Management. In the two and a half years I've used Qualys Patch Management, I haven't observed any need for maintenance on the tool. Qualys Patch Management is a valuable tool for large organizations seeking to maintain a secure infrastructure.

At this time, I would not recommend Qualys Patch Management because there are multiple features that need to be developed from their end. You cannot deploy everything through it. I might recommend it in the future. It needs some time to be fully developed. I would rate Qualys Patch Management a six out of ten because of the support quality and lack of features.

I would rate Qualys Patch Management ten out of ten. While the initial setup involves deploying cloud agents, Qualys Patch Management is low maintenance. Updates for both agents, signatures, and related components are automatic. Qualys handles maintenance in the cloud, and new systems are easily enrolled with agents through software distribution or policy enforcement. New Qualys Patch Management users should consult the documentation and training resources before deploying. While a trusted partner can assist with implementation, understanding the process is crucial. Qualys offers free training to cover essential steps like agent deployment, configuration, and security considerations to ensure successful patching. Don't skip these steps, as seemingly minor setup issues can hinder functionality. This applies not just to Qualys, but to any endpoint security solution.