Information Security Engineer at a university with 1,001-5,000 employees
Real User
Top 10
2025-02-11T10:12:00Z
Feb 11, 2025
Some sort of education or knowledge base about the product would be beneficial for beginners. They could offer more training sessions for beginners who are new to the solution, as learning would be great for them.
The policy creation aspect needs improvement. Our team has limited knowledge about creating policies, and I need to focus on this area more. I should study more about creating and handling policies efficiently.
Policy implementation is sometimes a little bit different than, for example, the CIS standards. If you are using a CIS type of standard, controls will be differently implemented, and that implementation is not straightforward. There is no clear mapping for the CIS controls in terms of how they should be implemented into Qualys, so the implementation stage might be a little bit challenging for the customer. That means that the customer will end up opening support cases, which will overload their support team to explain those. If they are somehow published somewhere, it would save time and effort for both sides.
It would be good if the solution’s technical support could be faster. I would like to improve the solution's detection feature whereby any vulnerability can be detected and immediately put in the sandbox.
The reporting needs improvement. While the tool is really good at doing the assessment, it's not as good at reporting various compliance states. Maybe management reporting could be improved as well. They really need to improve the versioning of the policies. You can create basically your own policy based on the industry practice. However, if that industry practice changes, for example, maybe there's a new version from Microsoft, you basically need to start from scratch. That kind of migration from the old best practice to the new best practice and retaining all those customizations that have been done for the old one that has not been actually done. That's something to improve. However, we typically do it as we work with it. We do it programmatically. We do it through the API.
Qualys Policy Compliance (PC) automates the collection of technical controls from information assets within the enterprise, and maps this information to policies to fix and document compliance with regulations and business mandates. It provides compliance reporting by leveraging a comprehensive knowledge-base that is mapped to prevalent security regulations, industry standards and compliance frameworks.
Some sort of education or knowledge base about the product would be beneficial for beginners. They could offer more training sessions for beginners who are new to the solution, as learning would be great for them.
The policy creation aspect needs improvement. Our team has limited knowledge about creating policies, and I need to focus on this area more. I should study more about creating and handling policies efficiently.
Policy implementation is sometimes a little bit different than, for example, the CIS standards. If you are using a CIS type of standard, controls will be differently implemented, and that implementation is not straightforward. There is no clear mapping for the CIS controls in terms of how they should be implemented into Qualys, so the implementation stage might be a little bit challenging for the customer. That means that the customer will end up opening support cases, which will overload their support team to explain those. If they are somehow published somewhere, it would save time and effort for both sides.
It would be good if the solution’s technical support could be faster. I would like to improve the solution's detection feature whereby any vulnerability can be detected and immediately put in the sandbox.
The reporting needs improvement. While the tool is really good at doing the assessment, it's not as good at reporting various compliance states. Maybe management reporting could be improved as well. They really need to improve the versioning of the policies. You can create basically your own policy based on the industry practice. However, if that industry practice changes, for example, maybe there's a new version from Microsoft, you basically need to start from scratch. That kind of migration from the old best practice to the new best practice and retaining all those customizations that have been done for the old one that has not been actually done. That's something to improve. However, we typically do it as we work with it. We do it programmatically. We do it through the API.