My main use cases for Qualys VMDR are for server vulnerability and missing patches.

The most helpful and useful features of Qualys VMDR are its user-friendly design.

Qualys VMDR is easy to understand and provides detailed reports.

It impacts my workflow overall, with the patch management features as it has the missing patches listed in detail, making it easier to get a comprehensive report and providing some dashboards that offer visual representation.

There were some issues later with Qualys VMDR regarding security, specifically with numerous false positive reports.

It doesn't take much time to deploy Qualys VMDR. There is a process mentioned already on the website about how to proceed with the installation, so we followed that process.

I am satisfied with the support of Qualys VMDR as they are supportive. However, there are sometimes issues where we cannot talk to customer support directly, and we have to raise tickets, which sometimes takes a lot of time to resolve issues because it goes through their own phase. We cannot change the SLA or the priority of the tickets, so that is an issue.

Positive

Our organization changed to something else due to a higher management decision, and that might be the reason for the change regarding the pricing.

We are not using any AI features with Qualys VMDR.

Overall, I would rate Qualys VMDR as good, giving it an eight.

We use Qualys VMDR for daily vulnerability management, scanning vulnerabilities, identifying vulnerabilities, reporting, creating dashboards, and the whole vulnerability management process. We also use it for patch management.

What I find valuable about Qualys VMDR is the capability of the tool and its user-friendliness. It is easy to use and provides accurate results, which is exactly what we are looking for. The prioritization of vulnerabilities has improved our remediation efforts by around thirty to thirty-five percent. The tool's integration between Patch Management and other Qualys products is also indispensable.

They can tweak their UI since the new version seems a bit jumbled up, and the old UI was more user-friendly.

I have been using Qualys VMDR for three years.

We find Qualys VMDR quite stable and have not faced any performance issues with it.

I believe the solution is scalable.

We usually get on calls with tech support, and they are very helpful. I would rate the technical support a nine out of ten.

Positive

We worked with Nessus and Rapid7 before switching to Qualys VMDR. Qualys offers better pricing and more features compared to other tools. We did not find anything particularly missing from previous tools.

The setup is straightforward and easy. We deployed scanners and agents on all our devices, configured the network, whitelisted policy scanners, and public URLs. Testing was conducted before deploying, and it went smoothly.

We had a team of five to six people involved in the deployment aspect due to the large number of assets.

Qualys VMDR helps us be compliant, and vulnerability management is a crucial part of maintaining our organization's security, significantly contributing to ROI.

Qualys offers better pricing and is feature-packed compared to other tools.

We evaluated Nessus and Rapid7 before choosing Qualys VMDR.

I would recommend getting both VMDR and the Cloud Agent to ensure comprehensive asset coverage. Understanding the network architecture is crucial to ensure no segments are missed under Qualys. Overall, I rate Qualys a nine out of ten.

We mostly use Qualys VMDR for vulnerability management and compliance practices. Every week, my team and I run automated scans that are scheduled, and we share whatever vulnerabilities are found with the infrastructure team to remediate them.

Qualys VMDR provides a real-time response and reporting feature, which is excellent. It allows us to see real-time graphs and reports for every asset, server, and more, which is very user-friendly. 

Our clients have given good feedback, and they are satisfied with the tool. We use it daily to fix vulnerabilities by connecting with infrastructure to remediate. The feedback from the client side is very good.

Regarding improvement, compliance features haven't been utilized much. I anticipate more benefits in this area in the future. Integrating other teams, such as GRV, with Qualys would be very beneficial. 

Additionally, if AI features were integrated, it could enhance the capabilities significantly.

I have been using Qualys VMDR for about six months. I started working in vulnerability management with my company in the SOC.

I haven't experienced any downtime during my working hours. However, there might be times when it could go down. I would rate stability around 8.5 or nine out of ten.

Qualys VMDR can handle scalability, although increasing the inventory can raise the licensing costs. However, it can escalate and adapt to many needs if required.

Customer support is satisfactory. When reaching out via email, they reply quickly. I would rate their customer support eight out of ten.

Positive

I have used another vendor for a different client, which is Rapid7. However, I found Rapid7 not as user-friendly as Qualys. The console is less user-friendly, and running sample templates or scans is more complex compared to Qualys.

I am not aware of the exact pricing, as it comes as an MSP model from the client. However, I have a notion that Qualys might be more expensive than Rapid7.

I have evaluated Rapid7 along with Qualys. In a rating out of five, I would give Qualys four and Rapid7 two, as Rapid7 is more complex and not as user-friendly.

I would recommend Qualys VMDR to others comparing it with other VM tools, due to its valuable features, including real-time responses and detailed reporting. 

Overall, I would rate Qualys eight out of ten. With potential improvements and AI integration, it could offer even more.

The primary use case of Qualys VMDR was to monitor around two hundred users, servers, and VMs weekly. We needed to ensure that all vulnerabilities were tracked and addressed. Our users were mainly developers using various applications, and we needed to ensure compliance with client requirements. The goal was to keep our systems up-to-date and secure.

Before using Qualys VMDR, we used OpenVAS, an open-source solution. It was challenging to find a direct solution for vulnerabilities. 

With Qualys VMDR, it became simple to understand the severity of issues and prioritize fixes. We could ensure our top management was satisfied, knowing issues were visible and addressed. 

It allowed us to divide tasks easily among teammates, significantly improving efficiency. We saw a return on investment in time, money, and resources.

Qualys VMDR offers a one-stop solution for monitoring and reporting. The UI is straightforward and user-friendly, and even beginners can master it in a day. 

It allows for simplicity in understanding issues and generating reports for clear visibility. The benefits of task division among teammates and the ability to work together without delays were significant.

Qualys VMDR identifies vulnerabilities and suggests fixes. However, it does not automate patching unless the patch management module is purchased separately. 

Automating features could reduce manual efforts and make the process less lengthy. Integration of AI could enhance benefits, especially in handling false positives.

I have used the solution for around three years.

We did not experience any bugs, glitches, or downtime. I would rate the stability a nine out of ten.

Scalability depends on the license and the number of assets being monitored. I would rate the scalability an eight out of ten.

The technical support provided by Qualys is pretty good, and I would rate it an eight out of ten.

Positive

Before Qualys VMDR, we used Greenhorn’s OpenVAS. It was open-source, but it offered no direct solutions. Reports were only available with scheduled scans, which made immediate issue resolution difficult.

The initial setup was straightforward. The deployment was up and running in a day with assistance from the support team.

Only one person was involved in implementing Qualys VMDR.

We saw a return on investment through significant savings in time, money, and resources. The solution allowed for efficient task management among team members.

For smaller enterprises, the pricing is on the pricier side. However, for larger enterprises, it's considered okay. I would rate the pricing between seven to eight out of ten.

We previously used OpenVAS.

Overall, the solution is highly rated because of its simplicity and efficiency. I would rate it a nine out of ten.

We use it for vulnerability management and report generation mostly. I am trying to solve the issue wherein the stakeholders can get automated vulnerability reports to their mailbox.

Using this product, we now have a vulnerability management cycle wherein VMDR plays a major role. It has greatly increased the capability on the detection aspect of the vulnerability and improved our scope and visibility on all other endpoints.

I like the automated report generation and vulnerability report generation.

I don't have any improvement requests on top of my mind right now. The response time of technical support takes a while.

It's been more than two years now.

I would rate the stability as nine out of ten. It's quite stable.

The solution is scalable.

My rating for the technical support for Qualys is six out of ten. The response time takes a while.

Neutral

I personally didn't use a different solution before Qualys.

Although I was not present during the initial deployment process, it's pretty straightforward. It's just an agent installation, which automatically connects it to the cloud platform, so the implementation won't take as long.

I would recommend Qualys VMDR to the other stakeholders because it already has its place in the market, and it's very reliable.

I'd rate the solution eight out of ten.

The use cases would be for scanning purposes, for identifying assets, identifying and viewing assets, and setting up scan schedules. I use it primarily as a vulnerability management and scanning tool.

When you have everything in one place, the job is very easy. Qualys VMDR having a Russian nesting doll sort of environment does take a steep learning curve, but having everything in one place is quite neat.

The most valuable feature is the asset view where I can find individual assets and take a deeper dive into their information gathering section, potential vulnerabilities, and confirmed vulnerabilities. I also value the scheduling of scans and reports as per the desired timeframes.

The reporting section needs improvement as running reports can take several hours. A more intuitive way to configure reports settings to reduce run time would be helpful. Improvements are needed for sorting QIDs and findings during the reporting section without downloading the entire report. 

Additionally, there is a need to address the issue of retaining report sections when they exceed one or two GBs. For asset management, adding a notification for unscanned assets or those missing CVE ratings would help.

I have been using it for close to three and a half to four years now.

There are rarely any stability issues. Discrepancies are usually anticipated due to the downtime and maintenance window provided in advance. It's a technological tool, and random anomalies may happen, but they are manageable.

Qualys offers one of the best scalability capabilities for large-scale deployments. Its tools and solutions work effectively with large corporations. VMDR helps club multiple vulnerabilities into one QID, which assists with remediation cycles.

Customer support is fast, although there can be a lot of back and forth. However, the overall service is satisfactory and of great quality.

Positive

I have used Nessus and Burp Suite, however, Burp Suite isn't in close proximity with Qualys for scanning purposes. Microsoft Defender offers some advantages with real-time, agent-based scanning that consumes fewer resources.

The initial setup was quite simple and straightforward. Setting up Qualys was fairly easy with clear documentation and guidance.

I am not familiar with the pricing side as I am not a part of that aspect. However, it is on the higher side, but it provides large-scale scalability for vulnerability management.

I have evaluated Nessus and Microsoft Defender for vulnerability management.

Users should go through the training offered by Qualys for all VMDR modules and take an introductory call on how to use and schedule tasks. Setting up one thing at a time and testing the desired results before moving on is advised.

I'd rate the solution eight out of ten.

The primary use case for Qualys VMDR is for infrastructure vulnerability management. It assists devices, including all infrastructure devices like serverless network devices and development environments.

The solution has improved the organization significantly because it helps in assessing and prioritizing risk. Based on the results from Qualys, I can prioritize remediations with the remediation teams, thereby reducing the volume of vulnerabilities.

The most valuable feature is the QID part, especially of CentralList, which makes it easy to assess new critical vulnerabilities. It saves a lot in assessing and prioritizing risks to the organization.

Support could be improved since the response can be slow. There is always room for improvement to align with the latest content and technologies.

I have used the solution for three years.

The solution is stable. Anytime there is downtime or maintenance, Qualys ensures that we are well-informed with priority communications.

Scalability would be rated nine or nine point five out of ten. We have high satisfaction with this aspect.

Technical support response can sometimes be slow, leading to a rating of eight or nine out of ten.

Positive

I previously used a different tool. I switched to Qualys as it didn't have the same feature set.

The initial setup was straightforward. Deployment took two to three days.

The deployment was done by a different team, so I do not have specific details about the implementation team size.

I have used RapidSky before Qualys.

I would recommend Qualys VMDR because it ensures comprehensive coverage, including aspects like vulnerability management and PCI, providing good inputs and improvements over time.

I'd rate the solution nine out of ten.

We use continuous monitoring to schedule scans for all the applications in our organization. We create a parent tag and sub-tags for each application and schedule scans based on our requirements, such as every alternate day, weekly, or monthly. This helps us identify vulnerabilities in the web applications, especially those that are public-facing.

Since implementing Qualys, we have seen a reduction in the time required to scan applications, as it automates the process. This efficiency is one of the key improvements we have noticed. Additionally, the tool is effective compared to others, particularly for automated scans.

In Qualys VMDR, there are multiple valuable features such as Continuous Monitoring, SFU Connector, and WebVPN. Continuous monitoring is a crucial feature that we use more frequently.

There are scenarios where a vulnerability is reported once yet not in subsequent scans, even if we have not fixed it. Sometimes, Qualys is unable to crawl certain URLs due to unspecified issues. Additionally, the report download option occasionally has problems.

I have been using Qualys for two years.

I would rate the stability as nine out of ten, indicating no significant issues with stability.

The scalability of Qualys is rated as eight to nine out of ten, and there are no problems with scalability.

The customer support system could be improved. While they respond, it takes them two to three days to address a concern, which is an issue. Overall, I would rate customer service as five or six.

Neutral

The setup process was not within my involvement, as it was part of the project I had joined and it was already set up.

I recommend Qualys VMDR as it effectively reduces the time required for vulnerability management and operates well with fewer people.

I'd rate the solution seven out of ten.

We use Qualys VMDR for vulnerability management and operations, such as scanning assets to identify vulnerabilities and updating the reports for different teams.

We identified and resolved many vulnerabilities by using Qualys VMDR. It has been helpful in detecting externally facing asset vulnerabilities and coordinating patching or remediation with different teams.

I find the scans portion of VMDR to be valuable. Authenticated scans provide different options, including those using or not using the FactSet and adding option profiles. Another good feature is the Knowledge Base, which provides detailed information on vulnerabilities, period scores, solutions, issues, and mitigation.

I'd suggest improvements in asset management. It would be helpful to have features for better tracking, including options for adding relevant owners or supporting groups for each asset.

I have been using Qualys VMDR for about three years.

The solution is stable. I would rate it eight out of ten.

Scalability is rated at 7.5 out of ten.

When you raise a report, it will be generated in VMDR and shared with the respective team. Depending on client requests, reports can be in PDF or Excel format.

Positive

I did not use any previous vulnerability solutions; I started directly with Qualys.

The setup for Qualys VMDR is easy since it's a cloud tool. Access is provided through different inboxes, and deployment is straightforward.

I am not aware of the actual cost or pricing as it is managed by the client.

Compared to other solutions like Nexus, Qualys provides more options and is a better tool.

I recommend using Qualys as it offers many valuable features and options. It is better compared to solutions like Nexus.

I'd rate the solution nine out of ten.

I am working for an IT firm where I use Qualys VMDR for my clients. I specifically use it for vulnerability detection and vulnerability remediation as part of our vulnerability assessment team. We scan all the assets for vulnerabilities, both servers and client-side, and then share the vulnerability reports with the relevant teams for remediation planning.

The continuous scanning for vulnerabilities, especially the notifications for zero-day vulnerabilities, greatly aids in keeping our systems secure. The accurate vulnerability assessments and the remediation plans they provide enhance our workflow and effectiveness in vulnerability management.

The most valuable feature is the vulnerability assessment. Qualys VMDR is precise in its assessments and categorizes vulnerabilities by severity from one to five. Additionally, they provide detailed reports and possible remediation steps, such as updating from Java version 3.4 to a more secure version.

Qualys VMDR could improve in reducing the occurrences of false positive vulnerabilities. Enhancing this aspect would make the tool even more effective.

I have been using Qualys VMDR for two years.

There are no issues with stability. They notify us of any scheduled downtime a week in advance, usually planning it for weekends to avoid disrupting business operations.

Qualys VMDR handles scalability very well. It offers extensive features and facilities to create groups for assets or servers, making it easy to add new environments or data centers for scanning.

I have heard that their technical support team is very responsive and takes quick action when needed. However, I have never interacted with them personally.

Positive

We have used ZixSense, also known as Ivanti Neurons. ZixSense is more user-friendly than Qualys, however, the latter provides more comprehensive and accurate vulnerability assessments.

The initial setup of Qualys VMDR was easy. We just had to open the Qualys tool, add the IP addresses of the respective servers or hostnames, and start scanning. Access to vulnerability assessment is only provided via IP addresses, not hostnames.

Any changes or maintenance required are managed by the Qualys team following change requests from our upper management.

New users should complete two training programs from the Qualys training center: Qualys Foundation and Qualys VMDR. These certifications provide the necessary knowledge to set up and use Qualys effectively. Qualys also provides a demo trial account for new users.

I'd rate the solution nine out of ten.