Qualys VM Review
Delivers higher frequency of scans & better aggregation of results. Ticket management has room for improvement.


Valuable Features

Integrity of scanners; never do I need to worry….“Is this scanner going to bring down a host?”.

Improvements to My Organization

Higher frequency of scans, better aggregation of scan results, abundance of different reports (can be scheduled and automated), delivering metrics to senior management.

Room for Improvement

Ticket management

Use of Solution

5 + years

Deployment Issues

No

Stability Issues

No

Scalability Issues

No

Customer Service and Technical Support

Customer Service: Good – 4 out of 5Technical Support: Good – 4 out of 5

Initial Setup

Straightforward. Assuming you know your network layout, # of devices and other basic information it is pretty simple to figure out what you need. Qualys ships you the scanners, you rack them, set them up and technically could start scanning. Though, there is other recommended tasks to complete via the QualysGuard Vulnerability Management web portal such as defining asset groups, setting up scan rules, turning ticketing on, generating reports, etc.

Implementation Team

In-house

ROI

I do not have a specific quantitative number to provide but from a qualitative perspective it has been enormous. Once you are set up properly and have proper acceptance from support teams, device owners and senior management you can start to scan your environment much more often which increases your organizations ability to detect vulnerabilities more often reducing your overall vulnerability footprint and corresponding business risk.

Pricing, Setup Cost and Licensing

The original setup cost was about $10,000 and the day-to-day costs is less than $100 per day with one caveat. Our parent company is large and has allowed us to fall under their pricing model. If we were not under their model our costs would be about 40% higher.

Other Solutions Considered

No, we had a 3rd party running the scans for us. We were very happy with Qualys but wanted to bring it “in-house”. We brought it in-house 5 years ago and never looked back.

Other Advice

Take the time to properly identify your network and as importantly get approval and acceptance from the group up – especially senior management. In addition, it is very important to have your scan schedule, profiles, reporting, metrics, expectations, etc. documented so that everyone in the company understands your expectations.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Add a Comment

Guest
Why do you like it?

Sign Up with Email