Our use cases are primarily on-premises vulnerability management and remediation, external attack surface management and vulnerability scanning.
Qualys VMDR (US Only)
QualysExternal reviews
180 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Helped us quickly remediate vulnerabilities thanks to its automation and ease of use
What is our primary use case?
How has it helped my organization?
The benefits I've seen are twofold. The biggest benefit is from a security operations perspective, where we are able to drive our security posture upwards by remediating any discovered vulnerabilities. We can also automate the remediation process. The other big benefit is executive reporting because it's very easy to produce trends over time to report on risk.
What is most valuable?
The most valuable features are vulnerability detection, patching capabilities, and remediation. Cloud security posture management is also very valuable. I find these features valuable because getting a unified view of your cloud security posture across different environments is not always easy. For example, you might have most of your resources sitting in Azure, but you might have a couple of workloads in AWS. Naturally, there are different tools that report on that, so it's invaluable to have those pulled into a single dashboard so you can drive your remediation from a single platform.
What needs improvement?
If anything, I would like to see the user interface modernized a bit more. Also, there are a lot of various modules, and if they could be consolidated into fewer options, it would make the buying experience easier.
For how long have I used the solution?
I've been working with Qualys VMDR for the last three years or so.
What do I think about the stability of the solution?
We haven’t faced any issues, the solution is very stable.
What do I think about the scalability of the solution?
Because the management sits in the cloud, you don't have to worry about management appliances or anything like that on-premise, so the solution is very scalable. You can split your assets into asset groups and delegate management to different teams. Around 1,000 users are using Qualys in my organization across 60 locations.
How are customer service and support?
We've had very few technical issues, and the customer support team has quickly resolved issues we've had.
How would you rate customer service and support?
Positive
How was the initial setup?
In the first step, Qualys provisions your cloud-based management instance. From there, you get a small, lightweight agent deployed by deployment technology like Microsoft Intune, in our case, SCCM, or any deployment technology.
We worked with BCX Namibia and the Qualys team in South Africa while deploying the solution. It took two weeks to deploy the solution. The solution is not difficult to maintain because the management component is cloud-based and is taken care of by Qualys. Any agent upgrades that might be necessary are very seamless.
What was our ROI?
We have seen an ROI using Qualys. Most breaches nowadays are because of a vulnerability that is exploited. By virtue of being able to identify and remediate these vulnerabilities, I believe we are significantly driving our cybersecurity risk downwards.
What's my experience with pricing, setup cost, and licensing?
The pricing is very competitive, especially because Qualys is integrated and does vulnerability management and remediation patching in one solution, so there's no need for a separate patching solution. You can also get very granular with the amount of IP addresses you can cover. You can go from as few as 16 IP addresses to many more. And the Qualys team is also willing to work with organizations to make the solution make commercial sense. The prices are fixed. We have a yearly subscription model based on the number of IP addresses we’re scanning.
Which other solutions did I evaluate?
We evaluated vulnerability management in Microsoft Defender, but we found the reporting and functionality lacking compared to Qualys. And then the Microsoft licensing costs were also a bit of a dealbreaker.
What other advice do I have?
If you're considering implementing Qualys in your organization, work with a strong pre-sales partner. Evaluate the product, make sure it does what you need, make sure you buy the features that you need, and make sure to use the training and onboarding material that Qualys has made available on its website so you can leverage the solution's full capability from the start. I rate Qualys VMDR a nine out of ten.
With an interesting dashboard, the solution offers stability and scalability
What is our primary use case?
Using the solution, I go through the reports and advise my organization on what needs to be done and how to go about it.
What is most valuable?
I find the solution's dashboard interesting since we get a proper view to streamline our findings and assist in prioritizing the schedule for patching or any other related incidents we believe have already been worked on.
What needs improvement?
Presently, I am more of the technical part. I am allowed to just go through the details of the report, which has been very interesting. It is a struggle to be able to pull our report and to be able to do onboarding using automated tools. So basically, the aforementioned aspect of the report needs improvement.
Presently, whatever I'm working on has been quite fantastic to the best of my knowledge.
For how long have I used the solution?
I have been using Qualys VMDR. I have been using it on my own site as a client. I am just a consultant. I work with Qualys VMDR due to my understanding of the product so that I can help my clients check one or two things that can help improve the digital infrastructure part.
What do I think about the stability of the solution?
The stability of the tool is okay. Most of the time, you need to do the updates online to be able to get off from any vulnerability. As long as you are online since it's on the cloud, it's just as software of which the update has been handled on the cloud as well.
The response time is fine. You can pull up reports without dragging or consuming bandwidth.
What do I think about the scalability of the solution?
The scalability of the tool is okay. Scalability-wise, I rate the solution an eight out of ten. I have not been able to have the solution function at a large scale. Hence, I will be able to categorically say that everything is fantastic.
How are customer service and support?
Presently on my own part, I've not been able to experience the support, but I can search the technical algorithm of which I've not yet got any reports.
How was the initial setup?
The initial setup phase has been quite interesting because of our experience when we had to use the agents on most of the endpoints, which means it was okay for us.
The solution is deployed on the cloud.
What other advice do I have?
I would tell those planning to use it that it is definitely not about the technology. However, at the same time, if you have the technology, make sure you have the right person with the ability to assist you in addressing the advantages of the product.
I rate the overall product an eight out of ten.
Efficient automation feature and provides us with a comprehensive security solution
What is our primary use case?
Qualys VMDR is a vulnerability management and detection response tool. It belongs to the first generation of vulnerability assessment tools. It enables us to manually identify vulnerable keys and fix them. It is built as a cutting-edge continuous platform where we can detect and protect. With this product, we can respond to specific vulnerabilities, going beyond just using artificial intelligence features. We have implemented VMDR across our cloud, physical interfaces, endpoints, and log servers. It's a good digital product for our organization.
How has it helped my organization?
It has improved our organization in many ways. We needed to have a security solution that focuses on different types of things. We discussed budgeting for the cloud and the need for an alternative to taking care of malware. Additionally, we have to consider various attacks. Therefore, Qualys VMDR is a great tool that helps us improve.
What is most valuable?
The most valuable feature is automation.
What needs improvement?
Qualys VMDR is basically susceptible to false positives, and false negatives. We receive a lot of false positives in there. VMDR can be considered a complex solution, especially for enterprises with limited resources or organizations. It requires extensive knowledge as an engineer. So, when using this tool, you need to utilize other tools to remediate the false security issues.
So maybe it should also have the ability to automatically identify and address false positives. In additional features, an automated process for remediating false positives. We might be looking for new types of signatures that can help us identify and address specific issues.
For how long have I used the solution?
I have been using Qualys VMDR for one last year.
What do I think about the stability of the solution?
I would rate the stability an eight out of ten.
What do I think about the scalability of the solution?
I would rate the scalability an eight out of ten.
How was the initial setup?
It took us one month to set up.
What was our ROI?
I have seen an ROI.
What's my experience with pricing, setup cost, and licensing?
The price is very reasonable, so you can definitely go with all the endpoints it offers.
What other advice do I have?
Just consider the licenses we have within VMware. They could replicate some of these features, which are used for premium customers. So, it might be useful to include those features in the subscription plans.
Overall, I would rate the solution a nine out of ten.
Qualys VMDR - Optimize Security and Simplify Vulnerability Management
What do you like best about the product?
Qualys VMDR grants users entry to a holistic vulnerability management solution that operates on a risk-centric approach. Through the prioritization of vulnerabilities, misconfigurations, and assets according to their level of risk, security teams can efficiently distribute resources and promptly tackle the most vital potential threats. This approach significantly enhances the mitigation of security risks associated with vulnerabilities.
What do you dislike about the product?
False positives and false negatives can be a concern with Qualys VMDR. The platform's complex nature may pose challenges for organizations with limited resources or less mature security programs, as it demands a heightened level of asset exposure. It is important to consider these factors when evaluating Qualys VMDR's suitability for specific enterprise environments.
What problems is the product solving and how is that benefiting you?
One of the standout features of Qualys VMDR is its seamless integration with popular ITSM solutions such as ServiceNow and Jira. This integration empowers organizations to automate the entire vulnerability management process, resulting in improved efficiency and streamlined workflows. By automating and integrating these essential tasks, Qualys VMDR greatly enhances overall operational efficiency and ensures a comprehensive end-to-end approach to vulnerability management.
Comprehensive and stable solution, but its technical support service needs improvement
What is our primary use case?
We use the solution for vulnerability management. It helps us identify potentially vulnerable assets. Thus, we can prioritize patching based on a risk score.
What is most valuable?
The solution is easy to use and has many essential features. I found the concept of tags the most valuable feature. It allows us to build assets from different views. We can categorize systems with tags, either automatically or manually.
What needs improvement?
The solution's cloud agent is available only for limited operating systems such as Windows and Linux. They should make it accessible for more systems like FreeBSD. Also, it would be helpful if they made it available for Cisco or Juniper routers. Additionally, its price and support could be better as well.
For how long have I used the solution?
We have been using the solution for six years.
What do I think about the stability of the solution?
The solution is stable. However, it takes time to generate reports.
What do I think about the scalability of the solution?
We have ten solution users in our organization.
How are customer service and support?
The solution's technical support team replies with generic answers. The quality of the response could be better.
How would you rate customer service and support?
Neutral
How was the initial setup?
The solution's initial setup process was straightforward. We just followed the documentation.
What's my experience with pricing, setup cost, and licensing?
The solution is costly.
What other advice do I have?
I recommend the solution to others and rate it as a eight.
Helps with vulnerability scanning and understanding of cyber security controls
What is our primary use case?
We use the solution for vulnerability and policy scan.
How has it helped my organization?
The product has helped us understand cybersecurity controls.
What is most valuable?
I am impressed with the VMDR feature.
What needs improvement?
The tool needs to improve the adding assets and report generation features. I would like to see the policy scan of offline appliances in the product's future releases.
For how long have I used the solution?
I have been using the product for three years.
What do I think about the stability of the solution?
I would rate the product's stability a nine out of ten.
What do I think about the scalability of the solution?
I would rate the tool's scalability an eight out of ten. My company has 10 IT specialists using the product.
How are customer service and support?
The product's support is not very helpful. They suggest things that we already know.
How would you rate customer service and support?
Neutral
How was the initial setup?
I would rate the product's setup an eight out of ten. The tool's deployment took one to two days to complete.
What about the implementation team?
We deployed the solution in-house.
What's my experience with pricing, setup cost, and licensing?
The tool's pricing is expensive and I would rate the pricing a seven out of ten.
What other advice do I have?
I would rate the product an eight out of ten. You need to complete the training before using the product.
Solid platform overall. Support is frustrating & lack of integrations can make automation painful
What do you like best about the product?
Best thing about Qualys VMDR is the ease of deployment of the cloud agent and cloud agent in general. It allows you to (essentially) replace the "old school" internal authenticated scanning process with a continuous light-weight agent based scanning and reporting process. Getting the agent deployed as part of normal CI/CD build processes in modern cloud architecture/infrastructure deployments is a piece of cake as well. It has worked fairly reliably too.
What do you dislike about the product?
Getting support is painful. I ran into a recent issue with the VM API that suddenly occurred out of the blue, with nothing more than a non-descript general error message. Opened a support ticket, and two months later, it still wasn't resolved. I ended up tracking it down myself to an issue with our account (an accident made on their end to our subscription), and that was apparently what was causing the random error. Additionally, there seems to be little-to-no innovation happening and I rarely see any meaningful updates to the platforms we use (VMDR, PCI, WAS, FIM) aside from them breaking out pre-existing modules into new stand-alone services that they then add as new SKUs ( and want to charge extra $$$). For example, instead of improving the existing, native asset management/inventory management module that is included with VMDR, they build a new Cyber Security Asset Management (CSAM) platform, designate the old one as a "legacy" module, and now charge extra for the new one. Total BS.
What problems is the product solving and how is that benefiting you?
Qualys VMDR is a decent vulnerability management solution that is relatively holistic in terms of satisfying internal, external, and host-based vulnerability scanning needs. We mainly use it (over another solution like Tenable) simply because their PCI module is straightforward to use and reliable (and we're in the payments space, so PCI is a must). It's nice to have everything (PCI, WAS, VMDR, FIM, etc.) under one roof. There is much to be desired in the VMDR, WAS, and FIM modules, though. If you want to automate or integrate with ChatOps, you'll be forced to roll your own integration. There's not even a Slack or other collaboration platform integration for VMDR or WAS module, so we were forced to build our own Slack relay for VM and WAS scans; otherwise, we'd be forced to rely on email reports.
Vmdr is game changer
What do you like best about the product?
Remediation and integration with service now
What do you dislike about the product?
UI could be a little easier and easy to use.
What problems is the product solving and how is that benefiting you?
Assigning the ticket.
Impressive show My 1st exposure to the product line
What do you like best about the product?
It's all over here on messenger the ability to explain the different scenarios where one Might be vulnerable to attack
What do you dislike about the product?
I cannot think of any downsides however I am not familiar with the pricing structure
What problems is the product solving and how is that benefiting you?
I'm interested understanding if there is an API integration as it relates to Sip protocol for voice
Best VM product on the market
What do you like best about the product?
The platform and sensors and the intercompatability
What do you dislike about the product?
New products take awhile to be fully mature.
What problems is the product solving and how is that benefiting you?
End to end coverage of asset inventory and vulnerability as well as multiple other security requirements.
showing 21 - 30