Qualys VM Review

Delivers higher frequency of scans & better aggregation of results. Ticket management has room for improvement.

Valuable Features

Integrity of scanners; never do I need to worry….“Is this scanner going to bring down a host?”.

Improvements to My Organization

Higher frequency of scans, better aggregation of scan results, abundance of different reports (can be scheduled and automated), delivering metrics to senior management.

Room for Improvement

Ticket management

Use of Solution

5 + years

Deployment Issues


Stability Issues


Scalability Issues


Customer Service and Technical Support

Customer Service: Good – 4 out of 5Technical Support: Good – 4 out of 5

Initial Setup

Straightforward. Assuming you know your network layout, # of devices and other basic information it is pretty simple to figure out what you need. Qualys ships you the scanners, you rack them, set them up and technically could start scanning. Though, there is other recommended tasks to complete via the QualysGuard Vulnerability Management web portal such as defining asset groups, setting up scan rules, turning ticketing on, generating reports, etc.

Implementation Team



I do not have a specific quantitative number to provide but from a qualitative perspective it has been enormous. Once you are set up properly and have proper acceptance from support teams, device owners and senior management you can start to scan your environment much more often which increases your organizations ability to detect vulnerabilities more often reducing your overall vulnerability footprint and corresponding business risk.

Pricing, Setup Cost and Licensing

The original setup cost was about $10,000 and the day-to-day costs is less than $100 per day with one caveat. Our parent company is large and has allowed us to fall under their pricing model. If we were not under their model our costs would be about 40% higher.

Other Solutions Considered

No, we had a 3rd party running the scans for us. We were very happy with Qualys but wanted to bring it “in-house”. We brought it in-house 5 years ago and never looked back.

Other Advice

Take the time to properly identify your network and as importantly get approval and acceptance from the group up – especially senior management. In addition, it is very important to have your scan schedule, profiles, reporting, metrics, expectations, etc. documented so that everyone in the company understands your expectations.
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Qualys VM reviews from users
...who work at a Comms Service Provider
...who compared it with Tenable SC
Find out what your peers are saying about Qualys, Rapid7, Tenable Network Security and others in Vulnerability Management. Updated: May 2021.
479,323 professionals have used our research since 2012.
Add a Comment