In our DLP operations, we use the tool to address stability issues and implement fixes suggested by it. This helps manage risk levels and decide whether to fix issues or implement workarounds.

I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagging system is good for tagging. We can still use QualysAgent task ID tools even if tags aren't made.

The asset inventory management feature has improved our security posture, which is good. It was introduced recently, and we've just started using it. In terms of management, I believe it's better than what we were using before.

Qualys VMDR is good at handling vulnerability management trends, especially with its policy module. Qualys VMDR offers customizable labels that fit the organization's needs, unlike other tools. This is important for enhancing security and meeting compliance requirements.

There's a need to upgrade or fix the potential vulnerability rate. Around 20,000 potential vulnerabilities were showing in Qualys VMDR, but none of the other tools showed them. When we checked, it wasn't the case. Support explained that even small issues were being counted as vulnerabilities, causing issues in our audit. So, the security features could be improved to identify vulnerabilities accurately.

I have been working with the product for two years. 

The stability is generally good, but we did face issues during the pandemic due to connectivity problems with Qualys VMDR servers. There were syncing issues, and agents weren't getting updated. However, we later realized it was our issue because our software needed updating. We had to manually update the proxy settings, which Qualys VMDR should have done. We managed to tackle the challenge with the help of another team.

Support should be faster and more customer-friendly. We often have to review a lot of documentation for issues we're already aware of and follow basic steps repeatedly. Additionally, we must wait for Qualys VMDR personnel to move scans into debug mode, which can be time-consuming. Getting notifications or updates on these processes more quickly would be helpful.

Setting up the tool doesn't take long and doesn't require many people.

We have an annual contract for Qualys VMDR. I believe it's for either two years or five years.

I haven't personally done any integration, so I can't comment on it. However, I believe some integration was happening between Qualys VMDR and ServiceNow. Our asset management tool was also trying to integrate with Qualys VMDR, but I'm unsure about the details or how it works. I rate the overall product an eight out of ten. 

I primarily use Qualys VMDR for daily scans, onboarding assets, scanning, reporting, and managing the entire vulnerability management process, including test management.

VMDR has significantly improved our organization by simplifying asset discovery and management. We can easily identify and categorize assets, ensuring comprehensive scanning and reporting.

Qualys Patch Management is excellent for keeping our critical servers and third-party applications updated efficiently.

One area of the product that could be improved is the management of vulnerabilities detected on disabled applications. We currently face challenges with unnecessary alerts for Microsoft Defender, which we do not use. Additionally, enhancing the alerts for agent communication failures would be beneficial.

I have been using Qualys VMDR for approximately three years.

The product has been very reliable in our day-to-day operations.

I would rate the product scalability a ten. It easily scales with our organization's growth, allowing us to add new assets and expand our coverage seamlessly. We are considering expanding our deployment to include 500 assets next year.

The initial setup was straightforward, taking less than a week to configure and generate reports. The deployment process was smooth, and we were able to integrate it effectively into our hybrid environment.

Within three months of deployment, we began seeing improvements in vulnerability management. This helped us significantly reduce vulnerabilities and streamline our patch management processes, providing a notable return on investment.

The solution is reasonably priced for the value it provides. Our contract renewal was approximately 2.5 million ZAR for three years, including managed services.

Before selecting Qualys VMDR, we evaluated other options but ultimately chose Qualys due to its comprehensive features and effective proof of concept.

We integrate Qualys VMDR with our infrastructure, conducting weekly scans and generating reports based on the findings. This provides daily views of vulnerabilities, and we use Qualys' patch management to deploy patches promptly, starting with the most severe vulnerabilities, thus reducing our threat exposure. Conducting a thorough proof of concept is essential to evaluate its effectiveness in your environment and to see how it integrates with your existing systems and handles your specific security needs.

I rate it a ten out of ten. 

We use the product for enterprise network infrastructure scanning.

The product has multiple valuable areas. The process of defining and discovering scans is organized efficiently. It has an effective tagging system and authentication mechanism compared to other tools. Its integration with AD helps us a lot. Additionally, I like the report generation feature.

Qualys could improve the inbuilt dashboards. They could be advanced compared to competitors like Rapid7 and Tenable. They should include a faster reverse integration process. They could enhance its integration with ServiceNow CMDB to ensure that mapping IP addresses, domains, and net bias names is consistent and accurate.

We have been using Qualys VMDR for nearly two and a half years.

I rate the product's stability a nine out of ten. I have rarely seen any stability issues with Qualys.

I rate the product's scalability an eight out of ten. We only recommend some people use Qualys in our organization. It is a limited audience. It is used by the vulnerability management team and a few critical resources from different parts of the cybersecurity department. We have 50 users in total. They should provide role-based access for managers, reviewers, and scanners.

The initial setup process is simple as I have prior experience working on two full-time projects with it. I find it simple as I have enough background knowledge of it.

The product is more expensive than that of any other vendor.

I did work on Tenable's POC and some other vendors. It has some limitations in detecting different types of vulnerabilities or false positives. Qualys is on the higher side when compared to the other tools.

I rate the product an eight out of ten.

Our use cases are primarily on-premises vulnerability management and remediation, external attack surface management and vulnerability scanning.

The benefits I've seen are twofold. The biggest benefit is from a security operations perspective, where we are able to drive our security posture upwards by remediating any discovered vulnerabilities. We can also automate the remediation process. The other big benefit is executive reporting because it's very easy to produce trends over time to report on risk.

The most valuable features are vulnerability detection, patching capabilities, and remediation. Cloud security posture management is also very valuable. I find these features valuable because getting a unified view of your cloud security posture across different environments is not always easy. For example, you might have most of your resources sitting in Azure, but you might have a couple of workloads in AWS. Naturally, there are different tools that report on that, so it's invaluable to have those pulled into a single dashboard so you can drive your remediation from a single platform.

If anything, I would like to see the user interface modernized a bit more. Also, there are a lot of various modules, and if they could be consolidated into fewer options, it would make the buying experience easier.

I've been working with Qualys VMDR for the last three years or so.

We haven’t faced any issues, the solution is very stable.

Because the management sits in the cloud, you don't have to worry about management appliances or anything like that on-premise, so the solution is very scalable. You can split your assets into asset groups and delegate management to different teams. Around 1,000 users are using Qualys in my organization across 60 locations.

We've had very few technical issues, and the customer support team has quickly resolved issues we've had.

Positive

In the first step, Qualys provisions your cloud-based management instance. From there, you get a small, lightweight agent deployed by deployment technology like Microsoft Intune, in our case, SCCM, or any deployment technology.

We worked with BCX Namibia and the Qualys team in South Africa while deploying the solution. It took two weeks to deploy the solution. The solution is not difficult to maintain because the management component is cloud-based and is taken care of by Qualys. Any agent upgrades that might be necessary are very seamless.

We have seen an ROI using Qualys. Most breaches nowadays are because of a vulnerability that is exploited. By virtue of being able to identify and remediate these vulnerabilities, I believe we are significantly driving our cybersecurity risk downwards.

The pricing is very competitive, especially because Qualys is integrated and does vulnerability management and remediation patching in one solution, so there's no need for a separate patching solution. You can also get very granular with the amount of IP addresses you can cover. You can go from as few as 16 IP addresses to many more. And the Qualys team is also willing to work with organizations to make the solution make commercial sense. The prices are fixed. We have a yearly subscription model based on the number of IP addresses we’re scanning.

We evaluated vulnerability management in Microsoft Defender, but we found the reporting and functionality lacking compared to Qualys. And then the Microsoft licensing costs were also a bit of a dealbreaker.

If you're considering implementing Qualys in your organization, work with a strong pre-sales partner. Evaluate the product, make sure it does what you need, make sure you buy the features that you need, and make sure to use the training and onboarding material that Qualys has made available on its website so you can leverage the solution's full capability from the start. I rate Qualys VMDR a nine out of ten.