My main use case for Qualys VMDR is to manage and remediate vulnerabilities and prioritize it based on the criticality score.

I can give a quick, specific example of how I've managed and remediated vulnerabilities using Qualys VMDR: First of all, we use it to quickly detect critical vulnerabilities in the network environment, and apart from that, we are using it to apply patches directly through integrated patch management, which reduces exposure time and human efforts.

I don't have anything else to add about my main use case or how I use Qualys VMDR at the moment.

The best features Qualys VMDR offers include built-in threat intelligence for prioritizing high-risk vulnerabilities and integrated patch management to remediate a vulnerability, providing coverage on the network level and on the OS level as well.

Qualys VMDR has positively impacted my organization by reducing vulnerability exposure time through faster detection and patching, and it has improved compliance reporting with accurate and up-to-date data. It also lowered manual effort for the security team by automating workflow.

One specific outcome I can share is that it has decreased by 30%.

One area where Qualys VMDR can be improved is the missing feature for deploying agents for over 1,000 assets, as we need to do it manually. Qualys doesn't have its own tool to deploy the agents all at once, so we need to use third-party tools such as BigFix or something else to deploy the agents, which is my main concern and should be fixed by the Qualys team.

That is the main thing I would like to see changed, and apart from that, everything is good.

I have been using Qualys VMDR for the past one year.

We directly purchased Qualys VMDR from Qualys, not through the AWS Marketplace.

Sometimes we are facing downtime, but it is very rare, occurring once in a blue moon.

Qualys VMDR is stable.

Qualys VMDR's scalability is good, and the customer support is good, but sometimes the customer support occasionally delays in response more than expected.

Qualys VMDR's scalability is good, and the customer support is good, but sometimes the customer support occasionally delays in response more than expected. I would rate the customer support an eight.

Positive

We didn't use any solution before Qualys.

My experience with pricing, setup cost, and licensing shows that we can consider both time and money saved.

The detail I can share is that it is around 30 to 40%.

One specific outcome or metric I can share is that it has decreased by 30%.

My experience with pricing, setup cost, and licensing shows that we can consider both time and money saved.

Before choosing Qualys VMDR, we didn't evaluate any other options.

I would advise others looking into using Qualys VMDR to make sure that Qualys is compatible with your network, and please ensure that all the configurations are in place before proceeding.

I wasn't offered any gift card or incentive for this review.

On a scale of 1-10, I rate Qualys VMDR a 10.

My main use cases for Qualys VMDR are for server vulnerability and missing patches.

The most helpful and useful features of Qualys VMDR are its user-friendly design.

Qualys VMDR is easy to understand and provides detailed reports.

It impacts my workflow overall, with the patch management features as it has the missing patches listed in detail, making it easier to get a comprehensive report and providing some dashboards that offer visual representation.

There were some issues later with Qualys VMDR regarding security, specifically with numerous false positive reports.

It doesn't take much time to deploy Qualys VMDR. There is a process mentioned already on the website about how to proceed with the installation, so we followed that process.

I am satisfied with the support of Qualys VMDR as they are supportive. However, there are sometimes issues where we cannot talk to customer support directly, and we have to raise tickets, which sometimes takes a lot of time to resolve issues because it goes through their own phase. We cannot change the SLA or the priority of the tickets, so that is an issue.

Positive

Our organization changed to something else due to a higher management decision, and that might be the reason for the change regarding the pricing.

We are not using any AI features with Qualys VMDR.

Overall, I would rate Qualys VMDR as good, giving it an eight.

We use Qualys VMDR for daily vulnerability management, scanning vulnerabilities, identifying vulnerabilities, reporting, creating dashboards, and the whole vulnerability management process. We also use it for patch management.

What I find valuable about Qualys VMDR is the capability of the tool and its user-friendliness. It is easy to use and provides accurate results, which is exactly what we are looking for. The prioritization of vulnerabilities has improved our remediation efforts by around thirty to thirty-five percent. The tool's integration between Patch Management and other Qualys products is also indispensable.

They can tweak their UI since the new version seems a bit jumbled up, and the old UI was more user-friendly.

I have been using Qualys VMDR for three years.

We find Qualys VMDR quite stable and have not faced any performance issues with it.

I believe the solution is scalable.

We usually get on calls with tech support, and they are very helpful. I would rate the technical support a nine out of ten.

Positive

We worked with Nessus and Rapid7 before switching to Qualys VMDR. Qualys offers better pricing and more features compared to other tools. We did not find anything particularly missing from previous tools.

The setup is straightforward and easy. We deployed scanners and agents on all our devices, configured the network, whitelisted policy scanners, and public URLs. Testing was conducted before deploying, and it went smoothly.

We had a team of five to six people involved in the deployment aspect due to the large number of assets.

Qualys VMDR helps us be compliant, and vulnerability management is a crucial part of maintaining our organization's security, significantly contributing to ROI.

Qualys offers better pricing and is feature-packed compared to other tools.

We evaluated Nessus and Rapid7 before choosing Qualys VMDR.

I would recommend getting both VMDR and the Cloud Agent to ensure comprehensive asset coverage. Understanding the network architecture is crucial to ensure no segments are missed under Qualys. Overall, I rate Qualys a nine out of ten.

We mostly use Qualys VMDR for vulnerability management and compliance practices. Every week, my team and I run automated scans that are scheduled, and we share whatever vulnerabilities are found with the infrastructure team to remediate them.

Qualys VMDR provides a real-time response and reporting feature, which is excellent. It allows us to see real-time graphs and reports for every asset, server, and more, which is very user-friendly. 

Our clients have given good feedback, and they are satisfied with the tool. We use it daily to fix vulnerabilities by connecting with infrastructure to remediate. The feedback from the client side is very good.

Regarding improvement, compliance features haven't been utilized much. I anticipate more benefits in this area in the future. Integrating other teams, such as GRV, with Qualys would be very beneficial. 

Additionally, if AI features were integrated, it could enhance the capabilities significantly.

I have been using Qualys VMDR for about six months. I started working in vulnerability management with my company in the SOC.

I haven't experienced any downtime during my working hours. However, there might be times when it could go down. I would rate stability around 8.5 or nine out of ten.

Qualys VMDR can handle scalability, although increasing the inventory can raise the licensing costs. However, it can escalate and adapt to many needs if required.

Customer support is satisfactory. When reaching out via email, they reply quickly. I would rate their customer support eight out of ten.

Positive

I have used another vendor for a different client, which is Rapid7. However, I found Rapid7 not as user-friendly as Qualys. The console is less user-friendly, and running sample templates or scans is more complex compared to Qualys.

I am not aware of the exact pricing, as it comes as an MSP model from the client. However, I have a notion that Qualys might be more expensive than Rapid7.

I have evaluated Rapid7 along with Qualys. In a rating out of five, I would give Qualys four and Rapid7 two, as Rapid7 is more complex and not as user-friendly.

I would recommend Qualys VMDR to others comparing it with other VM tools, due to its valuable features, including real-time responses and detailed reporting. 

Overall, I would rate Qualys eight out of ten. With potential improvements and AI integration, it could offer even more.

The primary use case of Qualys VMDR was to monitor around two hundred users, servers, and VMs weekly. We needed to ensure that all vulnerabilities were tracked and addressed. Our users were mainly developers using various applications, and we needed to ensure compliance with client requirements. The goal was to keep our systems up-to-date and secure.

Before using Qualys VMDR, we used OpenVAS, an open-source solution. It was challenging to find a direct solution for vulnerabilities. 

With Qualys VMDR, it became simple to understand the severity of issues and prioritize fixes. We could ensure our top management was satisfied, knowing issues were visible and addressed. 

It allowed us to divide tasks easily among teammates, significantly improving efficiency. We saw a return on investment in time, money, and resources.

Qualys VMDR offers a one-stop solution for monitoring and reporting. The UI is straightforward and user-friendly, and even beginners can master it in a day. 

It allows for simplicity in understanding issues and generating reports for clear visibility. The benefits of task division among teammates and the ability to work together without delays were significant.

Qualys VMDR identifies vulnerabilities and suggests fixes. However, it does not automate patching unless the patch management module is purchased separately. 

Automating features could reduce manual efforts and make the process less lengthy. Integration of AI could enhance benefits, especially in handling false positives.

I have used the solution for around three years.

We did not experience any bugs, glitches, or downtime. I would rate the stability a nine out of ten.

Scalability depends on the license and the number of assets being monitored. I would rate the scalability an eight out of ten.

The technical support provided by Qualys is pretty good, and I would rate it an eight out of ten.

Positive

Before Qualys VMDR, we used Greenhorn’s OpenVAS. It was open-source, but it offered no direct solutions. Reports were only available with scheduled scans, which made immediate issue resolution difficult.

The initial setup was straightforward. The deployment was up and running in a day with assistance from the support team.

Only one person was involved in implementing Qualys VMDR.

We saw a return on investment through significant savings in time, money, and resources. The solution allowed for efficient task management among team members.

For smaller enterprises, the pricing is on the pricier side. However, for larger enterprises, it's considered okay. I would rate the pricing between seven to eight out of ten.

We previously used OpenVAS.

Overall, the solution is highly rated because of its simplicity and efficiency. I would rate it a nine out of ten.

We use it for vulnerability management and report generation mostly. I am trying to solve the issue wherein the stakeholders can get automated vulnerability reports to their mailbox.

Using this product, we now have a vulnerability management cycle wherein VMDR plays a major role. It has greatly increased the capability on the detection aspect of the vulnerability and improved our scope and visibility on all other endpoints.

I like the automated report generation and vulnerability report generation.

I don't have any improvement requests on top of my mind right now. The response time of technical support takes a while.

It's been more than two years now.

I would rate the stability as nine out of ten. It's quite stable.

The solution is scalable.

My rating for the technical support for Qualys is six out of ten. The response time takes a while.

Neutral

I personally didn't use a different solution before Qualys.

Although I was not present during the initial deployment process, it's pretty straightforward. It's just an agent installation, which automatically connects it to the cloud platform, so the implementation won't take as long.

I would recommend Qualys VMDR to the other stakeholders because it already has its place in the market, and it's very reliable.

I'd rate the solution eight out of ten.

The use cases would be for scanning purposes, for identifying assets, identifying and viewing assets, and setting up scan schedules. I use it primarily as a vulnerability management and scanning tool.

When you have everything in one place, the job is very easy. Qualys VMDR having a Russian nesting doll sort of environment does take a steep learning curve, but having everything in one place is quite neat.

The most valuable feature is the asset view where I can find individual assets and take a deeper dive into their information gathering section, potential vulnerabilities, and confirmed vulnerabilities. I also value the scheduling of scans and reports as per the desired timeframes.

The reporting section needs improvement as running reports can take several hours. A more intuitive way to configure reports settings to reduce run time would be helpful. Improvements are needed for sorting QIDs and findings during the reporting section without downloading the entire report. 

Additionally, there is a need to address the issue of retaining report sections when they exceed one or two GBs. For asset management, adding a notification for unscanned assets or those missing CVE ratings would help.

I have been using it for close to three and a half to four years now.

There are rarely any stability issues. Discrepancies are usually anticipated due to the downtime and maintenance window provided in advance. It's a technological tool, and random anomalies may happen, but they are manageable.

Qualys offers one of the best scalability capabilities for large-scale deployments. Its tools and solutions work effectively with large corporations. VMDR helps club multiple vulnerabilities into one QID, which assists with remediation cycles.

Customer support is fast, although there can be a lot of back and forth. However, the overall service is satisfactory and of great quality.

Positive

I have used Nessus and Burp Suite, however, Burp Suite isn't in close proximity with Qualys for scanning purposes. Microsoft Defender offers some advantages with real-time, agent-based scanning that consumes fewer resources.

The initial setup was quite simple and straightforward. Setting up Qualys was fairly easy with clear documentation and guidance.

I am not familiar with the pricing side as I am not a part of that aspect. However, it is on the higher side, but it provides large-scale scalability for vulnerability management.

I have evaluated Nessus and Microsoft Defender for vulnerability management.

Users should go through the training offered by Qualys for all VMDR modules and take an introductory call on how to use and schedule tasks. Setting up one thing at a time and testing the desired results before moving on is advised.

I'd rate the solution eight out of ten.