Senior Manager at a financial services firm with 10,001+ employees
Real User
Top 5
Feb 23, 2026
The live threat intelligence updates in Qualys are good, with updates provided on the last Friday of each month. However, I am not satisfied with Qualys support. The response time is slower than needed. I have raised only technical cases with Qualys. I am comfortable with the GUI and how they have defined it. However, I do require a certain level of technical input, and they take considerable time to provide responses. This typically misses the timeline or the criticality of the particular matter. After three years of working with Qualys, I am familiar with most aspects of the system. When the system misbehaves and I need to raise a case with Qualys, they take an extended amount of time to provide input. Even after that, the response time for scheduling calls to discuss and understand the issue is slow. Overall, they are good. A few bugs once or twice per month is acceptable because no tool is perfect. My primary recommendation is to increase their technical support team to ensure that clients are not impeded or running back and forth. We only raise support when we need urgent assistance or when action needs to be taken immediately. Receiving a response three to seven days later does not align with our needs.
Qualys Enterprise TruRisk Management has a few things that need to be enhanced. First, there is the issue of superseded patches. Superseded means if we miss the current month patch, for example, if we miss the January patch to deploy on a particular server, Microsoft includes January changes in the second month security patch, and then the second month security patch includes all things in March. For example, if we miss two month patches and we directly deploy the March month security patch on a system, the other two patches, such as January and February, will be closed. Superseded means these patches are not deployed on a system, but after the latest one, which we already deployed, the older one does not need to be installed or deployed on a system. Qualys Enterprise TruRisk Management takes a report of each and every vulnerability and shows that the January month patch was not deployed on a system and the February month patch was not deployed on a system. However, that is not a proper scanning method. If we have already deployed the latest patch that includes the older security things or older security parameters and the latest parameters, when we deploy that latest patch, why does Qualys Enterprise TruRisk Management show the older patches also in potential vulnerabilities? That is a main factor that should be improved from Qualys Enterprise TruRisk Management. Second, the remedies provided by Qualys Enterprise TruRisk Management are sometimes not useful most of the time. In that case, we need to troubleshoot or find out the remedies by ourselves. The remedies will also be something that needs to be improved in the system or in the application.
When a customer does not have control over vulnerabilities or architecture and needs a solution that automates this function for the company, it can be difficult to identify the vulnerabilities. Because the case study is of the business model, I think identifying different vulnerabilities is not easy as companies need to be prepared to make decisions in time regarding what affects the business. I focus on areas that could be improved with Qualys Enterprise TruRisk Management.
Learn what your peers think about Qualys Enterprise TruRisk Management. Get advice and tips from experienced pros sharing their opinions. Updated: March 2026.
Qualys Enterprise TruRisk Management offers a comprehensive approach to risk management, allowing businesses to identify, assess, and mitigate risks effectively. It brings advanced capabilities for organizations to enhance their security posture with real-time visibility and prioritized remediation.The solution equips security teams with actionable insights, helping them streamline vulnerability management and integrate security into every aspect of their operations. By focusing on critical...
The live threat intelligence updates in Qualys are good, with updates provided on the last Friday of each month. However, I am not satisfied with Qualys support. The response time is slower than needed. I have raised only technical cases with Qualys. I am comfortable with the GUI and how they have defined it. However, I do require a certain level of technical input, and they take considerable time to provide responses. This typically misses the timeline or the criticality of the particular matter. After three years of working with Qualys, I am familiar with most aspects of the system. When the system misbehaves and I need to raise a case with Qualys, they take an extended amount of time to provide input. Even after that, the response time for scheduling calls to discuss and understand the issue is slow. Overall, they are good. A few bugs once or twice per month is acceptable because no tool is perfect. My primary recommendation is to increase their technical support team to ensure that clients are not impeded or running back and forth. We only raise support when we need urgent assistance or when action needs to be taken immediately. Receiving a response three to seven days later does not align with our needs.
Qualys Enterprise TruRisk Management has a few things that need to be enhanced. First, there is the issue of superseded patches. Superseded means if we miss the current month patch, for example, if we miss the January patch to deploy on a particular server, Microsoft includes January changes in the second month security patch, and then the second month security patch includes all things in March. For example, if we miss two month patches and we directly deploy the March month security patch on a system, the other two patches, such as January and February, will be closed. Superseded means these patches are not deployed on a system, but after the latest one, which we already deployed, the older one does not need to be installed or deployed on a system. Qualys Enterprise TruRisk Management takes a report of each and every vulnerability and shows that the January month patch was not deployed on a system and the February month patch was not deployed on a system. However, that is not a proper scanning method. If we have already deployed the latest patch that includes the older security things or older security parameters and the latest parameters, when we deploy that latest patch, why does Qualys Enterprise TruRisk Management show the older patches also in potential vulnerabilities? That is a main factor that should be improved from Qualys Enterprise TruRisk Management. Second, the remedies provided by Qualys Enterprise TruRisk Management are sometimes not useful most of the time. In that case, we need to troubleshoot or find out the remedies by ourselves. The remedies will also be something that needs to be improved in the system or in the application.
When a customer does not have control over vulnerabilities or architecture and needs a solution that automates this function for the company, it can be difficult to identify the vulnerabilities. Because the case study is of the business model, I think identifying different vulnerabilities is not easy as companies need to be prepared to make decisions in time regarding what affects the business. I focus on areas that could be improved with Qualys Enterprise TruRisk Management.