Qualys VM Review
Vulnerability management is the most valuable feature but it would be good if they could provide an internal computing appliance.

Valuable Features

From my point of view all the Qualys products are valuable. From the clients' perspective, I believe vulnerability management is the most valuable one and it’s a must in every organization. After the client realize the risks from outside, and that the vulnerabilities are real, a proper compliance policy implementation using Qualys Policy Compliance (I'm using v8.4), the second product needed in any infrastructure, can be done. If the organization has public websites, Web Application Scanning (I'm using v4.1) is the third valuable product needed in an organization.

Improvements to My Organization

After the first scan of the servers at all the POCs QualysGuard discovered many vulnerabilities that are grouped from low to high impact. The ability to use asset management to scan the grouped servers from the vulnerability management feature with the policy compliance engine helps the security officer to perform the daily/monthly tasks faster and make them more organized.

Room for Improvement

One of the biggest issues from the clients' perspective is that all Qualys computing is on the cloud.

As last month ( this is when I found out) Qualys offers a On-Premise instalation for it's customers.


The issue with the private cloud is that is costs very much for a small firm.

Use of Solution

I have been using QualysGuard since 2012, and I have followed the certification from Qualys in class. After that, I implemented it for one of our clients, and did some POCs using Qualys. In the last month I had another PoC with Qualys and the client looks interested.

Deployment Issues

need support from sysadmin to deploy the ovf file.

Stability Issues

Qualys appliances are based on Linux OS, and they are very stable. I didn’t encounter any stability issues.

Scalability Issues

The big advantage of using the virtual appliances is that you can increase the allocated hardware if you need more resources.

Customer Service and Technical Support

Customer Service:

The customer service level is very high. All the requests made to the reseller were fulfilled in a very short time.

Technical Support:

We didn’t need to use Qualys technical support as the product was very stable, and our knowledge of the product was enough to fulfil all the clients needs.

Previous Solutions

I have used both Nessus and Rapid 7 Nexpose. I am working as a security consultant and I need to know the big players so I could present to my clients the pluses and minuses of the products they might choose.

Initial Setup

Qualys initial setup is straightforward and if you follow the manual you don’t have any problems. You receive the credentials, login to the Qualys website, download the virtual appliance, configure the IP, and, after defining the credentials and the assets, you can start scanning your environment. For the hardware appliance you have to connect it to the network and after the configuration you can start the scanning.

Implementation Team

I was part of the consultant team that implemented this solution to the client. We didn't have any complaints from him, and he used us to implement the rest of Qualys' components.

Pricing, Setup Cost and Licensing

Usually every implementation is different and the quote is in function of number of assets.

Other Solutions Considered

The clients are usually evaluating the top three vendors from Gartner. From my clients side, the vendors used in evaluation were Nexpose, McAfee Vulnerability Manager and Nessus. Also I have tried the open source VM OpenVAS

Other Advice

Follow the vendor provided steps, and you will not have any problems during the initial implementation. If you don’t have experience with server policies, use a consultant that will be able to identify your business needs.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are a QualysGuard partner
1 visitor found this review helpful

1 Comment

Niraj Kumar SinhaUser

Looking for more details.

Like (0)08 September 15
Why do you like it?

Sign Up with Email