What is most valuable?
The first thing we like is the scanner, the device which checks vulnerability management.
They also have threat detection which maps threats. There is a feed that comes from Qualys when a new vulnerability is found. It tells us which machines are infected with that vulnerability. If there is a new attack, we definitely know that it is happening, what is happening in our environment.
What needs improvement?
What we have found is that the solution is not closely tied with the patch management. It is okay with newer ones, like Windows 10 machines; it gives the correct patch. But for Windows 7 or Windows Server 2008, it does not give us the correct patch so we have to manually identify the patches. This is a major problem.
For how long have I used the solution?
This is the third year we are using Qualys. This year we included one more module, the patching module.
What do I think about the stability of the solution?
It's stable. Every month we scan more than 5,000 IP addresses and we are able to detect vulnerabilities.
How are customer service and technical support?
Our experience is that the problems we send them take too much time to resolve. For example, we opened a case for the problem I mentioned earlier, the vulnerabilities with Windows 7 and Server 2008 where it's trying the wrong patch. It took them a long time to even give us the correct explanation. So this is a problem.
How was the initial setup?
The initial setup was very easy. We just needed to download the virtual machine. There is a key and we just needed to provide a proxy setting. That's it.
We did all the configuration as a one-time job where we defined our subnet and mapped. We needed to schedule the scan and the map and we needed to schedule a group of, say, Windows. It was just a one-time job where needed to configure the query and run it. It created a report and sent it to the administrators. After that one-time job, everything happens automatically.
What about the implementation team?
What other advice do I have?
I would recommend Qualys because it's very easy to use. It does not require many specific skills. We are always on the latest version because Qualys provides automatic updates.
We have a virtual appliance in each site and that sends the logs to the cloud. We have the consoles on the cloud which enable us to query and scan. All this happens through the cloud.
We only have one administrator for the solution who monitors and checks if there is anything to be aware of. It sends the reports to all the different administrators, such as network, Linux, and Windows administrators and they take it from there.
We also have Qualys configuration management module. If there are any particular issues in any servers or in any network, it gives us a report to suggest and rectify the issues. It tells us what changes are needed to on that device.