Users have noted that Qualys VMDR offers strong automated vulnerability scanning capabilities, comprehensive reporting features, and integration capabilities with other security tools, although there are concerns about the outdated user interface and system performance. On the other hand, Prisma Cloud is praised for its competitive pricing, ease of deployment, and comprehensive security capabilities.
The summary above is based on 142 interviews we conducted recently with Qualys VMDR and Prisma Cloud by Palo Alto Networks users. To access the review's full transcripts, download our report.
"The runtime mechanism on the solution is very useful. It's got very good network mapping between containers. If you have more than one container, you can create a content data link between them."
"I would say Twistlock is a fairly sophisticated tool."
"It helps to identify the misconfigurations by monitoring regularly which helps to secure the organization's cloud environment."
"The ability to monitor the artifact repository is one of the most valuable features because we have a disparate set of development processes, but everything tends to land in a common set of artifact repositories. The solution gives us a single point where we can apply security control for monitoring. That's really helpful."
"The most valuable feature is the option to add custom queries using the RQL language that they supply so that we can customize the compliance frameworks to what we need to look for."
"The client wasn't using all of the features, but the one that stood out was infrastructure-as-code (IaC). I built IaC use cases and was trying to get them to use it. I also liked cloud workload protection. I worked with the vulnerability management team to develop a process. It's a manual process, so it can be challenging to remediate many image or container issues. It was nice that we could build out a reporting process and download the reports. The reports are solid."
"It provides insights into potential vulnerabilities in our code, helping us identify and rectify issues before they can be exploited."
"One of the most valuable features is the compliance of RedLock, which we are using for any issues with security. It flags them and that's the primary objective of that feature."
"The most valuable feature is that this solution is very lightweight."
"Provides great functionality."
"The reporting is fine."
"I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagging system is good for tagging. We can still use QualysAgent task ID tools even if tags aren't made."
"The integrations for this solution are very good. I use a different product for virtual patching of vulnerabilities and Qualys integrates well with that product."
"This solution gives us insight into our environment and improves our security. It helps us to maintain a good patching system whereby we know that XYZ is vulnerable within the system."
"The biggest benefit is from a security operations perspective, where we are able to drive our security posture upwards by remediating any discovered vulnerabilities."
"The most valuable features are vulnerability detection and the scanning capability to enable identification of vulnerabilities across our network."
"I would like Prisma Cloud to improve its mapping feature to increase usability."
"Based on my experience, the customization—especially the interface and some of the product identification components—is not as customizable as it could be. But it makes up for that with the fact that we can access the API and then build our own systems to read the data and then process and parse it and hand it to our teams."
"Currently, custom reports are available, but I feel that those reports are targeting just the L1 or L2 engineers because they are very verbose. So, for every alert, there is a proper description, but as a security posture management portal, Prisma Cloud should give me a dashboard that I can present to my stakeholders, such as CSO, CRO, or CTO. It should be at a little bit higher level. They should definitely put effort into reporting because the reporting does not reflect the requirements of a dashboard for your stakeholders. There are a couple of things that are present on the portal, but we don't have the option to customize dashboards or widgets. There are a limited set of widgets, and those widgets don't add value from the perspective of a security team or any professional who is above L1 or L2 level. Because of this, the reach of Prisma Cloud in an organization or the access to Prisma Cloud will be limited only to L1 and L2 engineers. This is something that their development team should look into."
"We identified two things that we felt would be great to have, but they are under NDA. So, I can't disclose them. Other than those two things, we identified a generic bug in the secret key management service on AWS that needs to be fixed. We reported it to them, and we want them to fix it."
"There needs to be a mechanism that allows me to manually configure compliance more easily."
"The UI is the worst."
"In terms of improvement, there are some small things like hardening and making sure the Linux resources are deployed well but that's more at an operational level."
"The first time I looked at Prisma Cloud, it took me a while to understand how to implement the integration or how to enable features by using the interface for integration. That portion can probably be improved."
"The only improvement I can think of is on the implementation side. At times it is a bit slow."
"Finding things in management can be quite difficult."
"Improve the user interface."
"This solution could be improved by extending the agent capabilities to different operating systems including Mac and Linux. We would also like the capability to easily check for vulnerability in assets in the IOTs."
"What we have found is that the solution is not closely tied with the patch management. It is okay with newer ones, like Windows 10 machines; it gives the correct patch. But for Windows 7 or Windows Server 2008, it does not give us the correct patch so we have to manually identify the patches. This is a major problem."
"Qualys VMDR is basically susceptible to false positives, and false negatives."
"Qualys VM's scanner doesn't pick up every vulnerability, so we have to use multiple scanners to cover that gap."
"I would like to see this solution more developed and competitive in the Cloud space."
More Prisma Cloud by Palo Alto Networks Pricing and Cost Advice →
Prisma Cloud by Palo Alto Networks is ranked 1st in Container Security with 82 reviews while Qualys VMDR is ranked 11th in Container Security with 77 reviews. Prisma Cloud by Palo Alto Networks is rated 8.4, while Qualys VMDR is rated 8.2. The top reviewer of Prisma Cloud by Palo Alto Networks writes "The dashboard is very user-friendly and can be used to generate custom RQL based on user requirements". On the other hand, the top reviewer of Qualys VMDR writes "Good visibility but expensive and needs better support". Prisma Cloud by Palo Alto Networks is most compared with Wiz, Microsoft Defender for Cloud, Aqua Cloud Security Platform, AWS Security Hub and AWS WAF, whereas Qualys VMDR is most compared with Tenable Nessus, Tenable Security Center, Rapid7 InsightVM, Microsoft Defender Vulnerability Management and CrowdStrike Falcon Cloud Security. See our Prisma Cloud by Palo Alto Networks vs. Qualys VMDR report.
See our list of best Container Security vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
