Qualys Container Security Review

A lightweight solution with good reporting, but multi-cloud support should be improved


What is our primary use case?

We are a solution provider and this is one of the products that we implement for our clients. We do a lot of work with containers. With respect to containerization, security is important for us and we regularly check the market to see what solutions are available in these areas.

This solution is primarily used for container security and compliance. Moving into any environment, in particular, one that is cloud-based, our clients want to make sure that things are okay from a compliance perspective. We generate reports and they can see whether there are any violations. If they see violations or security breaches during the audit then they have to be addressed.

What is most valuable?

The most valuable feature is that this solution is very lightweight.

What needs improvement?

I would like to see this solution simplified to work more easily in a multi-cloud environment. One of our customers has more than 3,000 servers across multiple regions, and they were asking about security and vulnerability checking in an automated fashion. This could be done with a cloud-based service that monitors all of the deployments, pulls the data from the containers, and checks for compliance.

For how long have I used the solution?

We have been dealing with Qualys for at least three years, which is when our container journey began. At that point, our proposals did not deal with security for containers because our customers did not ask for it, but now it is something that we recommend.

How are customer service and technical support?

The technical support for this solution is good. We are required to solve any kind of security issue whin two hours, so these are critical tickets. The entire instance usually has to come down until the fix is delivered.

Which other solutions did I evaluate?

We often demonstrate these types of tools to the enterprise architecture team, who will ultimately decide which solutions they are going to implement based on their environment and requirements.

We are completely agnostic with respect to which tools our customers decide to implement. As an engineering team, we implement what the customer wants. In the case of Qualys and other solutions, we download the information and pass it along to our customers. We also facilitate or set up communication between vendors and customers to best help our clients.

We do try to learn about who the providers are and what differentiates their solutions from others. Sometimes our customers do not know very much about the products, so we try to provide as much insight as possible to facilitate their decision making. 

What other advice do I have?

A lot of our customers have a workload that is scattered across a multi-cloud environment. This means that some of the RFPs we answer are based on very large landscapes with distributed workloads.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

Private Cloud
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest