I primarily use Qualys VMDR for daily scans, onboarding assets, scanning, reporting, and managing the entire vulnerability management process, including test management.
External reviews
186 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Simplifies asset discovery and management, ensuring comprehensive scanning and reporting
What is our primary use case?
How has it helped my organization?
VMDR has significantly improved our organization by simplifying asset discovery and management. We can easily identify and categorize assets, ensuring comprehensive scanning and reporting.
What is most valuable?
Qualys Patch Management is excellent for keeping our critical servers and third-party applications updated efficiently.
What needs improvement?
One area of the product that could be improved is the management of vulnerabilities detected on disabled applications. We currently face challenges with unnecessary alerts for Microsoft Defender, which we do not use. Additionally, enhancing the alerts for agent communication failures would be beneficial.
For how long have I used the solution?
I have been using Qualys VMDR for approximately three years.
What do I think about the stability of the solution?
The product has been very reliable in our day-to-day operations.
What do I think about the scalability of the solution?
I would rate the product scalability a ten. It easily scales with our organization's growth, allowing us to add new assets and expand our coverage seamlessly. We are considering expanding our deployment to include 500 assets next year.
How was the initial setup?
The initial setup was straightforward, taking less than a week to configure and generate reports. The deployment process was smooth, and we were able to integrate it effectively into our hybrid environment.
What was our ROI?
Within three months of deployment, we began seeing improvements in vulnerability management. This helped us significantly reduce vulnerabilities and streamline our patch management processes, providing a notable return on investment.
What's my experience with pricing, setup cost, and licensing?
The solution is reasonably priced for the value it provides. Our contract renewal was approximately 2.5 million ZAR for three years, including managed services.
Which other solutions did I evaluate?
Before selecting Qualys VMDR, we evaluated other options but ultimately chose Qualys due to its comprehensive features and effective proof of concept.
What other advice do I have?
We integrate Qualys VMDR with our infrastructure, conducting weekly scans and generating reports based on the findings. This provides daily views of vulnerabilities, and we use Qualys' patch management to deploy patches promptly, starting with the most severe vulnerabilities, thus reducing our threat exposure. Conducting a thorough proof of concept is essential to evaluate its effectiveness in your environment and to see how it integrates with your existing systems and handles your specific security needs.
I rate it a ten out of ten.
Has an effective tagging system and authentication mechanism compared to other tools
What is our primary use case?
We use the product for enterprise network infrastructure scanning.
What is most valuable?
The product has multiple valuable areas. The process of defining and discovering scans is organized efficiently. It has an effective tagging system and authentication mechanism compared to other tools. Its integration with AD helps us a lot. Additionally, I like the report generation feature.
What needs improvement?
Qualys could improve the inbuilt dashboards. They could be advanced compared to competitors like Rapid7 and Tenable. They should include a faster reverse integration process. They could enhance its integration with ServiceNow CMDB to ensure that mapping IP addresses, domains, and net bias names is consistent and accurate.
For how long have I used the solution?
We have been using Qualys VMDR for nearly two and a half years.
What do I think about the stability of the solution?
I rate the product's stability a nine out of ten. I have rarely seen any stability issues with Qualys.
What do I think about the scalability of the solution?
I rate the product's scalability an eight out of ten. We only recommend some people use Qualys in our organization. It is a limited audience. It is used by the vulnerability management team and a few critical resources from different parts of the cybersecurity department. We have 50 users in total. They should provide role-based access for managers, reviewers, and scanners.
How was the initial setup?
The initial setup process is simple as I have prior experience working on two full-time projects with it. I find it simple as I have enough background knowledge of it.
What's my experience with pricing, setup cost, and licensing?
The product is more expensive than that of any other vendor.
Which other solutions did I evaluate?
I did work on Tenable's POC and some other vendors. It has some limitations in detecting different types of vulnerabilities or false positives. Qualys is on the higher side when compared to the other tools.
What other advice do I have?
I rate the product an eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Very Satisifed Customer
What do you like best about the product?
Getting real-time insight into our vulnerabilities and patching has had an immense positive impact on our VM program. Being able to build out complex dashboards in an easy way has allowed us to showcase our progress and inefficiencies to the rest of the business.
What do you dislike about the product?
Their has occasionally been some discrepancies in the asset counts and data being reported across different modules
What problems is the product solving and how is that benefiting you?
Understanding which areas of the business are lacking on patches, and where we are vulnerable on our public facing assets.
Qualys' Questions
What do you like best about the product?
I like that I can see all Vulnerabilities that are backend as well as what is patchable.
What do you dislike about the product?
Reporting needs a big improvement and I wish you can automate reports that work with patch jobs to show what has installed, failed, etc.
What problems is the product solving and how is that benefiting you?
It is giving us visibility to our internal vulnerabilities and it is allowing us to see what we need to fix to improve our security posture.
Qualys doing what Qradar does in less than half the price
What do you like best about the product?
It is way less expensive than other leaders in this category, with abou the same features and capabilities. It is easy to implement and does patch management on a single click with live customer support
What do you dislike about the product?
the interface is very static and looks straight out of 2000s but on web
What problems is the product solving and how is that benefiting you?
Protecting our critical assets in datacenter, we must keep these secure and Qualys is helping us do that in less price than others without compromising security posture.
Qualys VMDR
What do you like best about the product?
It serves the purpose and deploying scanner appliance in cloud is difficult. Qualys also provides training and lot of material that'll be helpful for your use-cases.
What do you dislike about the product?
It gets too vast. Being a beginner sometimes it is hard to connect information. Also syncing of information sometimes lags like if I am changing settings of an appliance it might not be reflected soon on Qualys dashboard. It is not big issue but something I noticed.
What problems is the product solving and how is that benefiting you?
Helps cover the organizations resources and gives a centralised dashboard for risk based assessment and vulnerability management.
Helped us quickly remediate vulnerabilities thanks to its automation and ease of use
What is our primary use case?
Our use cases are primarily on-premises vulnerability management and remediation, external attack surface management and vulnerability scanning.
How has it helped my organization?
The benefits I've seen are twofold. The biggest benefit is from a security operations perspective, where we are able to drive our security posture upwards by remediating any discovered vulnerabilities. We can also automate the remediation process. The other big benefit is executive reporting because it's very easy to produce trends over time to report on risk.
What is most valuable?
The most valuable features are vulnerability detection, patching capabilities, and remediation. Cloud security posture management is also very valuable. I find these features valuable because getting a unified view of your cloud security posture across different environments is not always easy. For example, you might have most of your resources sitting in Azure, but you might have a couple of workloads in AWS. Naturally, there are different tools that report on that, so it's invaluable to have those pulled into a single dashboard so you can drive your remediation from a single platform.
What needs improvement?
If anything, I would like to see the user interface modernized a bit more. Also, there are a lot of various modules, and if they could be consolidated into fewer options, it would make the buying experience easier.
For how long have I used the solution?
I've been working with Qualys VMDR for the last three years or so.
What do I think about the stability of the solution?
We haven’t faced any issues, the solution is very stable.
What do I think about the scalability of the solution?
Because the management sits in the cloud, you don't have to worry about management appliances or anything like that on-premise, so the solution is very scalable. You can split your assets into asset groups and delegate management to different teams. Around 1,000 users are using Qualys in my organization across 60 locations.
How are customer service and support?
We've had very few technical issues, and the customer support team has quickly resolved issues we've had.
How would you rate customer service and support?
Positive
How was the initial setup?
In the first step, Qualys provisions your cloud-based management instance. From there, you get a small, lightweight agent deployed by deployment technology like Microsoft Intune, in our case, SCCM, or any deployment technology.
We worked with BCX Namibia and the Qualys team in South Africa while deploying the solution. It took two weeks to deploy the solution. The solution is not difficult to maintain because the management component is cloud-based and is taken care of by Qualys. Any agent upgrades that might be necessary are very seamless.
What was our ROI?
We have seen an ROI using Qualys. Most breaches nowadays are because of a vulnerability that is exploited. By virtue of being able to identify and remediate these vulnerabilities, I believe we are significantly driving our cybersecurity risk downwards.
What's my experience with pricing, setup cost, and licensing?
The pricing is very competitive, especially because Qualys is integrated and does vulnerability management and remediation patching in one solution, so there's no need for a separate patching solution. You can also get very granular with the amount of IP addresses you can cover. You can go from as few as 16 IP addresses to many more. And the Qualys team is also willing to work with organizations to make the solution make commercial sense. The prices are fixed. We have a yearly subscription model based on the number of IP addresses we’re scanning.
Which other solutions did I evaluate?
We evaluated vulnerability management in Microsoft Defender, but we found the reporting and functionality lacking compared to Qualys. And then the Microsoft licensing costs were also a bit of a dealbreaker.
What other advice do I have?
If you're considering implementing Qualys in your organization, work with a strong pre-sales partner. Evaluate the product, make sure it does what you need, make sure you buy the features that you need, and make sure to use the training and onboarding material that Qualys has made available on its website so you can leverage the solution's full capability from the start. I rate Qualys VMDR a nine out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Qualys needs improvement
What do you like best about the product?
During our time using the tool, 2 years, we really liked the capabilities of the agent. The amount of details collected by the Qualys agent is really impresive. Also, the capabilities to check for default credentials during scans.
What do you dislike about the product?
VMDR seems outdated, very old, and hard to navigate, plus some areas are in a newer version and then some still in the mid 2000. The reporting component in Qualys is terrible, very time consuming to do simple stuff. The connectivity to their SaaS console can get really slow.
What problems is the product solving and how is that benefiting you?
The business wanted to have a tool to scan for vulnerabilities. Also capable of being deployed to devices out of the network, like laptops, here is where the Qualys agent excel. Connect it to the current Cloud environment for compliance purposes, and robust reporting capabilities.
Streamlined Security: A Qualys VMDR Review
What do you like best about the product?
The best aspect of Qualys VMDR is its user-friendly interface that allows for easy and intuitive vulnerability scanning. The platform empowers us to select and customize the specific types of scans we need, providing a tailored approach to address our unique security requirements. This flexibility and simplicity have significantly improved our overall scanning efficiency and helped us stay on top of potential vulnerabilities, ensuring a robust security posture for our organization.
What do you dislike about the product?
Some organizations may find the pricing of Qualys VMDR to be higher compared to other vulnerability management solutions, especially for smaller businesses with budget constraints.
What problems is the product solving and how is that benefiting you?
VMDR offers automated, continuous scanning across our entire IT infrastructure, helping us identify vulnerabilities in real-time. This proactive approach ensures we are aware of potential security gaps promptly, reducing the window of exposure to threats.
Review Qualys VMDR
What do you like best about the product?
Vulnerability Management and Asset Management
What do you dislike about the product?
Some dashboard on Qualys VMDR and api feature
What problems is the product solving and how is that benefiting you?
Help us vulnerability management all of asset on my cloud
showing 21 - 30