We performed a comparison between BMC TrueSight Vulnerability Management, Qualys VMDR, and Skybox Security Suite based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Wiz, Check Point Software Technologies and others in Vulnerability Management."Takes reports from other vulnerabilities."
"The most valuable feature is automation."
"The biggest benefit is from a security operations perspective, where we are able to drive our security posture upwards by remediating any discovered vulnerabilities."
"Technical support is great and we've never really had a problem."
"The most recent is VMDR, which provides a comprehensive overview of how to detect, patch, and remediate specific vulnerabilities."
"I like Qualys because it is a very complete product, more so than Tenable."
"It is a simple solution that makes scanning easy. You just give it a scheduled task, and it will do everything for you."
"This is one of the best products I have worked with so far. I like the power of Qualys, and it's a better solution because you can scan a compact file, a BIT file, or batch files. The product already knows what's happening inside, and you don't need to expand the package. Tenable will do the same thing, but you need to have a package issuance claim. With Qualys, we can immediately understand the file, even a compact file. If there's some kind of discovery or incident, you will know what happened in the environment."
"Qualys VM is very stable."
"instead of asking for firewall rules which may or may not be relevant, or could already be there, or could be over-permissioned, Skybox can be used to map out the resources that that application is going to use and provide the exact rules that an application would require to function correctly. If the traffic isn't able to flow for the application, if it's erring out, Skybox can be used to troubleshoot that and say, "All right, where is the traffic being stopped and why, and how do I fix that.""
"The solution's most valuable and unique assets are the vulnerability management and change management solutions because they identify mistakes in the network before implementation which reduces risks."
"The most valuable feature is firewall management."
"The most valuable features are the rule compliance and the OS vulnerability checks."
"It can be integrated with a vulnerability management solution. When a client comes, apart from pitching network and firewall change management, we are recommending having vulnerability management. So, rather than just having the audit of the firewall, they can integrate it with their vulnerability management solution, which could be Rapid7, Qualys, or any other solution. This provides them the most value out of the platform. That is the way we are approaching our customer base."
"When you import all the assets that you have, like desktops, servers, networks, devices, routers, and then firewalls, and other products, then Skybox makes like, a model of the network, but with context. So, it is not just a model in VIZIO. Or something like it like that. You get the model with context, and, like, it looks like a real network in a real-time. So you can check your network and the security of your network on that model."
"We are currently working on rule review and compliance. The logging features are good."
"Skybox allows organizations to reprioritize the vulnerability they attempt to patch and mitigate, based on the contextual awareness of the network."
"No third-party applications or integrations with additional software solutions."
"It would be nice to have an all-in-one solution that was automated and could handle the scanning and reports as well as the patching and updating."
"Qualys VM could improve by having more skilled support personnel."
"It is more expensive vs. other products on the market."
"Qualys VM should improve its methodology."
"I would like to have CSPM, a continuous scan-like cloud added to the solution."
"The solution is a bit expensive if you do not have access to discounts."
"Qualys currently does not have any features for scanning SCADA, IoT, and Industrial Control Systems."
"We are moving away from Qualys to Defender ATP because I find that Defender ATP is much better at prioritizing the vulnerabilities that I should be looking at."
"They are not satisfied with the complexity of the solution and the price."
"The primary room for improvement would be to enable a web interface, which is not something which is there in the product. This is supposed to have come a year, a year and a half ago, but still has failed to come out. It still needs a client application to be installed on a workstation to be able to access that server and then run these reports. So I cannot extend that access to anybody. It has to be one administrator all the time. So unlike a web interface, where you can give multiple users simultaneous access and generate the various reports, that isn't a possibility at the moment."
"If anything could be improved it would be staying on top of the collector scripts, but I understand that's a very tough challenge."
"The vendor's support is terrible."
"Change Manager can be improved. If they can improve Change Manager so that whatever we want to do on a firewall, we are able to do it through Change Manager, it will be helpful for us. Whenever we are doing a change, it only does them at an L3 and L4 level, but all the firewalls are at the application layer. So, whatever needs to be done on the firewall, we aren't able to get it done through Change Manager. Currently, this functionality is not there because of which we are sometimes losing customers. I can create a role on Layer 3, Layer 4, but when it comes to the application layer, such as configuring and defining URLs or other things at the application level, it can't be done through Change Manager. Customers demand that they should be able to do everything through Change Manager. They don't want to do it through some other mechanism to accomplish their complete change management policy. They don't want to use a firewall manager because sometimes, they don't have any manager. They ask if they can use our solution so that a manager is not required. If Change Manager can do all the management automatically without involving any other manager, it will be great. They can also provide better integration with other managers so that everything can be done through a central point."
"The most recent update was not tested with all of the vendors before it was released, so some of the features are misbehaving."
"The solution needs to add more automation and orchestration capabilities. Those features would make the solution much stronger."
"The tool does not offer options for customization."
Earn 20 points
