We use Qualys VMDR to scan our public websites and products, anywhere that is publicly available. We deploy it through Qualys's cloud scanner.

Qualys VMDR provides us with a quick response to threat findings through regular scheduled scanning, which improves our security operations. It also offers an impressive knowledge base for quick research results and coverage of all vulnerabilities.

The knowledge base is the most impressive feature because it provides quick research results and coverage of all vulnerabilities. Additionally, the real-time threat detection feature provides quick responses to threat findings.

Qualys VMDR should improve authenticated scanning capabilities. It currently only allows basic authorization tokens and preset parameters. In contrast, Burp's in-built browser works more like a proxy, which makes security testing easier and more accurate. Pricing is also an issue; it's high enough to deter mid-sized to small companies. Moreover, the technical support is slow and tends to just reference documentation rather than providing real technical assistance.

I have been using it personally for five years, while my company has been using it for three years.

The technical support is slow to respond. Most likely, they just provide reference links for documentation instead of offering in-depth technical guidance. This level of support doesn't compare well to others like Cisco, Juniper, or Avaya, which offer more hands-on assistance.

Neutral

This goes beyond my scope of responsibilities and is managed by my superior.

The pricing for Qualys products is too high, and the licensing model involves paying for the whole bundle, which may not be affordable for mid-sized to small companies.

We are currently looking for alternatives to Qualys by researching competitor products on the market.

For midsize to small-size companies, Qualys might not be the best choice if you don't have enough funding for security due to its high pricing. Qualys VMDR is still recommended for comprehensive vulnerability management but be prepared for slow technical support.

I'd rate the solution nine out of ten.

The primary focus of this solution is to identify and detect vulnerabilities in real time and use that information to patch them using Qualys VMDR task management module. We have a variety of devices within our network, including network devices, firewalls, vCenters, VMs, web applications, and endpoints. We deploy cloud agents on workstations and servers where possible, and we scan network devices using a virtual scanner where we cannot deploy the cloud agent. Additionally, we perform web application scanning for our web apps. We also use the tool to manage our cloud security and container security.

With the help of Qualys VMDR, we were able to get real-time knowledge base updates from Qualys and perform scans on all devices to identify vulnerable devices. This allowed us to plan the next course of action for mitigating vulnerabilities. For example, during the zero-day events, such as the Log4j vulnerability, we received critical real-time information from Qualys, enabling us to identify and plan for mitigation while the rest of the world was still struggling. This capability has tremendously helped us maintain the cybersecurity posture within our organization.

The most valuable features of Qualys VMDR include CSAM, Qualys Gateway Service, Web Application Scanning, patch management and the use of virtual scanners to scan appliances and devices, especially those provided by vendors. 

The ability to run a map scan and identify all assets within our network is extremely beneficial for medium to large organizations. Real-time asset discovery and patch management have also been vital features for us.

One area for improvement is the simplification of the process to ignore certain vulnerabilities on specific devices. Currently, the process is quite long, requiring the creation of separate knowledge bases and lists. Simplifying this to one or two clicks would be beneficial. Additionally, enhancing patch management to support third-party tools and simplifying the creation of patch jobs would greatly improve usability. Improving the interconnection between multiple modules would also be helpful, making navigation and operations more straightforward.

I have been using Qualys VMDR for more than two - three years now.

I would rate the stability of Qualys VMDR as eight. It is a stable solution with minimal issues.

The scalability of Qualys VMDR is good. If we add additional resources, the tool can scale efficiently, ingesting new data seamlessly. Qualys has auto-scaling enabled for their cloud platform, which ensures performance remains high, even with increased resources.

Technical support from Qualys needs some improvement. There are instances where Level 2 support is not able to assist, requiring escalation, which can take time. Overall, basic troubleshooting and issue resolution are straightforward.

Neutral

I have worked with other vulnerability management solutions prior to Qualys. In my current organization, we selected Qualys after a POC. Other tools have not evolved well as Qualys has over the years, making Qualys the preferred solution.

The initial setup of Qualys VMDR is straightforward. The setup's complexity depends on the organization’s size and collaboration with various teams. For organizations with a clear device inventory, the deployment can be completed within a month.

In-house

We evaluated other tools available in the market during our POC process yet found Qualys to be the best solution.

I would recommend Qualys VMDR to other users if they want a comprehensive solution for real-time vulnerability detection and mitigation. The tool is easy to implement, backed by a reliable knowledge base, and offers quick updates during zero-day events. While there are areas for improvement, such as simplifications in handling certain features, the overall solution is robust and effective.

I'd rate the solution eight out of ten.

Qualys VMDR is used as a vulnerability management tool. We have more than a thousand users in our company, and we have integrated Qualys with their machines to help update software and measure known or unknown risks, prioritize them, and patch the devices. We monitor and mitigate alerts, and we find vulnerabilities in specific machines or systems, which we then address.

Before implementing Qualys, we used third-party companies to conduct vulnerability audits and paid them separately for mitigation. With Qualys, we now conduct our vulnerability management and mitigation internally, saving both time and money since we can monitor every system and threat without requiring manual processes or third-party involvement. This has resulted in significant ROI and reduced the risk of breaches.

The best features of Qualys VMDR are its patch management capabilities and the ability to mitigate vulnerabilities automatically. The report export feature allows us to see how many incidents have been mitigated and which ones still need attention. The compliance dashboard helps us track and fix threats efficiently, ensuring all machines comply with security standards.

The user interface (UI) is quite complicated. Initial-stage engineers or analysts might miss something due to the complexity. Also, for hybrid users, the agent might get disconnected, requiring users to revisit the office to reinstall the agent. Additionally, the reports could be more interactive.

I have had five years of experience with cybersecurity platforms and have been using Qualys VMDR for that duration.

I would rate the stability of the solution nine out of ten. It is a robust platform that provides consistent performance.

For scalability, I would rate it nine or 9.5 out of ten. The cloud-based architecture allows us to deploy it across multiple locations seamlessly.

The technical support provided by Qualys is good. Queries are responded to promptly, and if needed, we can contact the TAM or any POCs directly. I would rate their support nine out of ten.

Positive

Before using Qualys, we used a third-party solution for vulnerability audits and mitigations. However, we switched to Qualys because it allows us to handle everything internally, avoiding the need for additional external services.

The initial setup is agent-based and straightforward, especially if you have necessary tools like Active Directory. Given the cloud-based nature of Qualys, deployment can be completed within a day with appropriate resources.

We have seen a significant ROI with Qualys, which is estimated to be around twenty to thirty percent. It has saved a lot of time and money by allowing us to mitigate issues without user interaction and preventing breaches.

Compared to Tenable, Qualys is quite expensive. However, its performance justifies the cost, making it a worthwhile investment.

We also use Tenable Solutions for vulnerability management. However, Tenable requires manual processes for mitigation, whereas Qualys allows for automated mitigation of vulnerabilities and threats.

I would definitely recommend Qualys to other users. Depending on the number of users and specific needs, Qualys is a good vulnerability management product that offers efficient solutions. I'd rate the solution nine out of ten.

We have multiple modules, including Qualys VMDR solution and Qualys TotalCloud solution. We use them in our organization, like VMDR, for vulnerability management, detection, and response, as well as policy compliance to amend policies according to CIA benchmarks and other frameworks. 

We also use the web application module and the Qualys Gateway module to ensure that scanner appliances are functioning properly. These modules allow us to check various scenarios and initiate scans, either on-demand or as per a scheduled plan.

My primary work is with VMDR module. In my previous organization, I worked with TotalCloud, but right now, I am focused only on VMDR and other modules.

Sometimes, we receive CVIDs from customers who require vulnerability scans, but they are not available in the Qualys knowledge base. This makes it complicated because we need to contact Qualys to add the required QID and CVID to their knowledge base and provide the corresponding vulnerability criteria. It affects our business since, without that information, we can't identify or notify our teams about the vulnerabilities.

Compared to other tools, VMDR provides a clearer view and is easy to understand. It's also highly customizable, allowing us to tailor it to our needs. I find it to be better than tools like Belwix, Rapid7, and Tenable.

For asset management, there's a feature that tracks unused machines and purging mechansim. It informs us if a machine hasn’t been used for 180 days, or if it’s been idle for 368 days, allowing us to segregate the data. This reduces our active vulnerability count, which improves tracking and helps us provide more accurate information to customers. It gives more active grip on the information.

With continuous monitoring, we can customize dashboards according to customer needs. Whether they require reports on a daily, weekly, or quarterly basis, we can set up the dashboard to display the relevant data. It's essential to understand their requirements and adjust the Qualys Query Language (QQL) accordingly. A solid grasp of QQL is a plus when working with Qualys.

Sometimes, it can take more time than other tools to resolve certain issues. For example, if there's a problem with policy compliance, you might not get an immediate solution from Qualys' technical team. 

Occasionally, customers ask for RCA (Root Cause Analysis), and if Qualys doesn't provide it, we can't give a clear answer. This can be frustrating, but it doesn't happen in every case.

In terms of improvement for the web application console, in the older version, things were more segregated and presented in a brief format. However, in the latest version, you have to write a query to retrieve the kind of data you want. Sometimes, if you write the wrong query, you don't get the proper count or the right data, such as how many days a scan has been failing. This can be an issue if you're not familiar with the query language. So, they should offer an optional feature where, if someone isn't familiar with the query language, they can use tab buttons or other features to enable or disable options and get the correct data and information on time.

Qualys VMDR should enhance the EDR (Endpoint Detection and Response) part because there's a lack of information and features in Qualys EDR. Sometimes, organizations have to buy different EDR tools, like Carbon Black and others, to cover the gap.

From a learning perspective, Qualys VMDR needs to improve. Right now, they only provide information, but they don't offer any library or testing environment. Often, customers don't allow changes to be made in the live environment, and I don’t think it’s a good idea to make any changes directly there. It would be great if they could provide a lab environment for testing. That would be really useful.

Qualys is updating certain product modules. Sometimes, they need to provide clearer deadlines. Customers aren't always informed when Qualys updates a module from the backend, which can disrupt our work. For example, they recently updated the "Asset View" module and converted it to "Cybersecurity Asset Management." Customers weren’t aware of this change beforehand.

In situations like this, they need to ensure that they provide proper information, SOPs, or documents so we can share them with customers. Customers also have access to the tool, so they can use the SOPs to learn how the updates work. This would improve productivity because we wouldn't need to spend extra time learning how to use the updated tool.

I have been using it for around four years. 

It’s very stable. Qualys provides advisories faster than other tools when it comes to exploitable vulnerabilities. This helps ensure we can secure the environment promptly.

But, last year we did encounter an issue with the Qualys Gateway Console, where the gateway went down and it took around six hours to set up a new one. After that, we implemented two gateways to ensure we could switch to a secondary one if the primary failed.

Around 300 users work with Qualys, with different permission levels—leaders, managers, and regular users. We have over 50,000 hardware devices in total.

We have a dedicated person for support. She’s always available to help, or if she's on leave, she ensures someone else is aligned to handle our cases, so we don’t breach any timelines. I'd give the support a high rating.

Positive

In other tools, like Rapid7 and InsightVM, everything is done within a single module. In Qualys, we have separated modules with distinct functionalities. You can choose to purchase only the modules and licenses you need, which makes it cost-effective. You don’t have to pay for features you're not using, unlike other tools where everything is bundled.

It's not an issue with Qualys itself. We encountered some problems when migrating from physical scanners to virtual ones, but that was more on our network team’s side. Qualys provided excellent support in that scenario, which helped us identify and resolve the issue on time, and we provided the solution to our customer.

I work with the on-premises version. We updated from physical scanners to virtual scanners.

In my previous organization, I worked on deploying the solution. There, I customized the Windows OS image so that when you install the image on any machine, it prompts for a key that’s already embedded. Once the steps are completed, it automatically installs the Cloud Agent module on every machine. The agent syncs data every four hours, providing vulnerability data and security insights for each machine.

It’s not a one-person task. We had to coordinate with several teams, such as the network and system teams, for deployment. In total, we worked with about six teams during the process.

For about 1,400 machines, it took around three months to complete the deployment and resolve any issues. For example, sometimes policies weren't pushed properly from Ivanti or other tools, or users didn’t turn on their machines, which stopped Qualys services. We had to address these issues for each user, so it took some time. But we completed the deployment in about three months.

Maintenance isn't difficult, especially when working with the Cloud Agent. You just need to set up rules, like purging machines that haven’t connected to the network in three months. You write policies to manage this, which simplifies the decommissioning process and other tasks.

Qualys provides good value for the investment. Before using Qualys, we weren’t clear on how many assets needed purging or how many open vulnerabilities we had. Qualys gave us a clearer picture, so from a cost perspective, it’s been valuable.

I would recommend it. For enterprises, I’d suggest understanding how the tool works and which modules meet your needs. It’s important to coordinate with the customer team or Qualys technical team to figure out how many licenses you need and which modules will benefit your organization. Proper calculation and understanding are key before purchasing.

Overall, I would rate it a nine out of ten. 

It's primarily for vulnerability management. We use VMDR to deploy the cloud agents and scanners in our environment to cover everything holistically. We also use it for service integration so that vulnerabilities can be tracked through there. So, it's more or less vulnerability management.

We need to scan different kinds of assets. It could be our desktops, laptops, servers, and network devices. VMDR enables us with the sort of licensing where we can either deploy agents or scanners or both. So wherever we can deploy agents, we are deploying agents for scanning, for instance, on our workstations and servers. 

And then for network devices, we use just the scanner capabilities of Qualys. So that's why we use this VMDR solution across different sorts of assets in a wide environment.

When we use Qualys VMDR's agents, they usually scan or probably reconvene the vulnerabilities within four hours. So, anything that jumps its way immediately alerts us within a few minutes that something is wrong, and we can check on those terms. 

Other than that, I think it does have a module that can help us prioritize vulnerabilities, not only with vulnerabilities that have been attacked in the wild but also if any vulnerabilities have an exploit available. So those sorts of insights do provide us. It should really help us to prioritize vulnerabilities based on the threats that are out there.

It improved the visibility of the organization. It enables us to, first of all, identify all the assets and then scan them for the vulnerabilities. And then it also helps us to prioritize which vulnerabilities we have to fix first, and we can map out strategies. So, it is what it is meant for, and it is doing really, really good in that sense.

First of all, the licensing products itself is a great tool for VM because it's easy to use, and its reporting is excellent. It gives you a lot of ability and tweaking options to get what you want out of the reports. It gives you a lot of options, and it integrates with our ServiceNow for ticketing and all. So that is also a great feature. Then, the licensing that comes with VMDR enables us to scan different devices without getting any sort of extra license. So, it covers everything under one bundle.

It's the capability of scanning that has proven to be most effective in the risk management aspect. The less number of false positives and the authenticated basic scans are more concrete. So,  the reliable reports and the efficiency of scans are something that we appreciate with all of this.

So, it does reduce those false positives and gives us a more concrete report.

From the application security perspective, Qualys has a way to go. We probably use it for infrastructure scanning, but I feel that Qualys can do better in application scanning as well.

Infrastructure scanning is fine. It's doing good with that. However, there is room for improvement in application scanning.

I have been using it since the beginning, even before VMDR. I used Qualys for scanning. I've been continuously using Qualys for at least a decade. So it's almost ten years I've been working with Qualys.

I would rate the stability a nine out of ten. It has been stable for me. I didn't face any challenges. It worked fine for me.

I would rate the scalability a nine out of ten.

This is probably where Qualys can improve themselves a little bit and help us get a little bit quicker responses. So, that's where I think they can definitely spend some time.

Knowledge-sie the customer service and support are fine, I want them to improve the response time.

Neutral

I have used tools like Rapid7, Nessus. But overall, I feel that Qualys has better capabilities in terms of scanning and then in terms of reporting as well. 

So I can compare it with Rapid7 and Tenable Nessus, and Qualys is definitely way ahead from its competitors in that sense.

The initial setup is straightforward. It's nothing complicated. I think we just need to deploy agents and enable our scanner for the connectivity, and then it's all good.

It is in an hybrid environment. 

The deployment time depends upon the size of the infrastructure. It usually doesn't take much time. You just need to deploy the scanners and agents, which is also usually automated. I don't see it as very time-consuming. So, if I have to rate between one to ten, then I would rate around seven to eight, somewhere down to cover that.

It does require maintenance because it keeps updating its agent version as well, but I see that this is also automated. And then, if we have deployed this on hardware as well, like Windows and all, those also need to be updated online. But, the maintenance is required for sure.

From the security side, we have seven to eight people who are managing Qualys. But then we have people from IT as well who are supposed to see the vulnerabilities and remediate those. So such roles, we also have in Qualys that need the access and also on the vulnerabilities.

I can see the time-to-value benefits of Qualys. It's more of a time and resource. Security is always an expense. We don't get active revenue out of it, so it's more of an expense. 

So returns in terms of risk reduction. It helps us to identify those potential vulnerabilities on time and help facilitate those. So in those terms, it's a return on investment.

It saved us 20% of time because it is easy to use, and since it is integrated, we don't have to touch anything much. 

The pricing is a little expensive on that sense, but it also delivers the value. So, if anybody has the budget for Qualys, then, they should go with Qualys for sure.

I would recommend Qualys VMDR to other users because it is efficient and reliable, and it does what it's supposed to.

Overall, I would rate it an eight out of ten. 

Our primary use case of the product is comprehensive vulnerability management and asset inventory across a hybrid environment consisting of both cloud and on-premises deployments. We manage approximately 45,000 endpoints spread across multiple geographical locations.

The platform's most valuable features include its robust vulnerability detection capabilities and automated remediation workflows. These features not only help us identify vulnerabilities promptly but also enable us to prioritize and remediate them efficiently.

While Qualys VMDR is comprehensive, improvements in asset management functionality would be beneficial. Additionally, reducing dependency on multiple agents for data collection across different endpoints could simplify management and resource utilization.

In the next release, enhancements in reporting and analytics would be appreciated. Advanced analytics capabilities for trend analysis and predictive insights could further empower proactive decision-making in cybersecurity management.

I have been using Qualys VMDR for approximately two years now.

The product is stable. I rate the stability a seven. 

I rate the product scalability an eight. 

The technical support services are good. 

Positive

The initial setup was relatively straightforward. They provided comprehensive documentation and support during deployment, which helped streamline the process. 

I would rate the process a seven or eight. 

We implemented the product with the help of in-house resources and support from Qualys.

We evaluated other options such as Tenable and Rapid7.

I rate Qualys VMDR a nine out of ten. 

In our DLP operations, we use the tool to address stability issues and implement fixes suggested by it. This helps manage risk levels and decide whether to fix issues or implement workarounds.

I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagging system is good for tagging. We can still use QualysAgent task ID tools even if tags aren't made.

The asset inventory management feature has improved our security posture, which is good. It was introduced recently, and we've just started using it. In terms of management, I believe it's better than what we were using before.

Qualys VMDR is good at handling vulnerability management trends, especially with its policy module. Qualys VMDR offers customizable labels that fit the organization's needs, unlike other tools. This is important for enhancing security and meeting compliance requirements.

There's a need to upgrade or fix the potential vulnerability rate. Around 20,000 potential vulnerabilities were showing in Qualys VMDR, but none of the other tools showed them. When we checked, it wasn't the case. Support explained that even small issues were being counted as vulnerabilities, causing issues in our audit. So, the security features could be improved to identify vulnerabilities accurately.

I have been working with the product for two years. 

The stability is generally good, but we did face issues during the pandemic due to connectivity problems with Qualys VMDR servers. There were syncing issues, and agents weren't getting updated. However, we later realized it was our issue because our software needed updating. We had to manually update the proxy settings, which Qualys VMDR should have done. We managed to tackle the challenge with the help of another team.

Support should be faster and more customer-friendly. We often have to review a lot of documentation for issues we're already aware of and follow basic steps repeatedly. Additionally, we must wait for Qualys VMDR personnel to move scans into debug mode, which can be time-consuming. Getting notifications or updates on these processes more quickly would be helpful.

Setting up the tool doesn't take long and doesn't require many people.

We have an annual contract for Qualys VMDR. I believe it's for either two years or five years.

I haven't personally done any integration, so I can't comment on it. However, I believe some integration was happening between Qualys VMDR and ServiceNow. Our asset management tool was also trying to integrate with Qualys VMDR, but I'm unsure about the details or how it works. I rate the overall product an eight out of ten. 

I primarily use Qualys VMDR for daily scans, onboarding assets, scanning, reporting, and managing the entire vulnerability management process, including test management.

VMDR has significantly improved our organization by simplifying asset discovery and management. We can easily identify and categorize assets, ensuring comprehensive scanning and reporting.

Qualys Patch Management is excellent for keeping our critical servers and third-party applications updated efficiently.

One area of the product that could be improved is the management of vulnerabilities detected on disabled applications. We currently face challenges with unnecessary alerts for Microsoft Defender, which we do not use. Additionally, enhancing the alerts for agent communication failures would be beneficial.

I have been using Qualys VMDR for approximately three years.

The product has been very reliable in our day-to-day operations.

I would rate the product scalability a ten. It easily scales with our organization's growth, allowing us to add new assets and expand our coverage seamlessly. We are considering expanding our deployment to include 500 assets next year.

The initial setup was straightforward, taking less than a week to configure and generate reports. The deployment process was smooth, and we were able to integrate it effectively into our hybrid environment.

Within three months of deployment, we began seeing improvements in vulnerability management. This helped us significantly reduce vulnerabilities and streamline our patch management processes, providing a notable return on investment.

The solution is reasonably priced for the value it provides. Our contract renewal was approximately 2.5 million ZAR for three years, including managed services.

Before selecting Qualys VMDR, we evaluated other options but ultimately chose Qualys due to its comprehensive features and effective proof of concept.

We integrate Qualys VMDR with our infrastructure, conducting weekly scans and generating reports based on the findings. This provides daily views of vulnerabilities, and we use Qualys' patch management to deploy patches promptly, starting with the most severe vulnerabilities, thus reducing our threat exposure. Conducting a thorough proof of concept is essential to evaluate its effectiveness in your environment and to see how it integrates with your existing systems and handles your specific security needs.

I rate it a ten out of ten. 

We use the product for enterprise network infrastructure scanning.

The product has multiple valuable areas. The process of defining and discovering scans is organized efficiently. It has an effective tagging system and authentication mechanism compared to other tools. Its integration with AD helps us a lot. Additionally, I like the report generation feature.

Qualys could improve the inbuilt dashboards. They could be advanced compared to competitors like Rapid7 and Tenable. They should include a faster reverse integration process. They could enhance its integration with ServiceNow CMDB to ensure that mapping IP addresses, domains, and net bias names is consistent and accurate.

We have been using Qualys VMDR for nearly two and a half years.

I rate the product's stability a nine out of ten. I have rarely seen any stability issues with Qualys.

I rate the product's scalability an eight out of ten. We only recommend some people use Qualys in our organization. It is a limited audience. It is used by the vulnerability management team and a few critical resources from different parts of the cybersecurity department. We have 50 users in total. They should provide role-based access for managers, reviewers, and scanners.

The initial setup process is simple as I have prior experience working on two full-time projects with it. I find it simple as I have enough background knowledge of it.

The product is more expensive than that of any other vendor.

I did work on Tenable's POC and some other vendors. It has some limitations in detecting different types of vulnerabilities or false positives. Qualys is on the higher side when compared to the other tools.

I rate the product an eight out of ten.

Our use cases are primarily on-premises vulnerability management and remediation, external attack surface management and vulnerability scanning.

The benefits I've seen are twofold. The biggest benefit is from a security operations perspective, where we are able to drive our security posture upwards by remediating any discovered vulnerabilities. We can also automate the remediation process. The other big benefit is executive reporting because it's very easy to produce trends over time to report on risk.

The most valuable features are vulnerability detection, patching capabilities, and remediation. Cloud security posture management is also very valuable. I find these features valuable because getting a unified view of your cloud security posture across different environments is not always easy. For example, you might have most of your resources sitting in Azure, but you might have a couple of workloads in AWS. Naturally, there are different tools that report on that, so it's invaluable to have those pulled into a single dashboard so you can drive your remediation from a single platform.

If anything, I would like to see the user interface modernized a bit more. Also, there are a lot of various modules, and if they could be consolidated into fewer options, it would make the buying experience easier.

I've been working with Qualys VMDR for the last three years or so.

We haven’t faced any issues, the solution is very stable.

Because the management sits in the cloud, you don't have to worry about management appliances or anything like that on-premise, so the solution is very scalable. You can split your assets into asset groups and delegate management to different teams. Around 1,000 users are using Qualys in my organization across 60 locations.

We've had very few technical issues, and the customer support team has quickly resolved issues we've had.

Positive

In the first step, Qualys provisions your cloud-based management instance. From there, you get a small, lightweight agent deployed by deployment technology like Microsoft Intune, in our case, SCCM, or any deployment technology.

We worked with BCX Namibia and the Qualys team in South Africa while deploying the solution. It took two weeks to deploy the solution. The solution is not difficult to maintain because the management component is cloud-based and is taken care of by Qualys. Any agent upgrades that might be necessary are very seamless.

We have seen an ROI using Qualys. Most breaches nowadays are because of a vulnerability that is exploited. By virtue of being able to identify and remediate these vulnerabilities, I believe we are significantly driving our cybersecurity risk downwards.

The pricing is very competitive, especially because Qualys is integrated and does vulnerability management and remediation patching in one solution, so there's no need for a separate patching solution. You can also get very granular with the amount of IP addresses you can cover. You can go from as few as 16 IP addresses to many more. And the Qualys team is also willing to work with organizations to make the solution make commercial sense. The prices are fixed. We have a yearly subscription model based on the number of IP addresses we’re scanning.

We evaluated vulnerability management in Microsoft Defender, but we found the reporting and functionality lacking compared to Qualys. And then the Microsoft licensing costs were also a bit of a dealbreaker.

If you're considering implementing Qualys in your organization, work with a strong pre-sales partner. Evaluate the product, make sure it does what you need, make sure you buy the features that you need, and make sure to use the training and onboarding material that Qualys has made available on its website so you can leverage the solution's full capability from the start. I rate Qualys VMDR a nine out of ten.