Qualys VM Review

The users on the forums are very knowledgeable, but the reporting in the solution is lacking.

Valuable Features

The reporting and vulnerability analysis features.

Improvements to My Organization

Vulnerability scans are easily managed and maintained using Qualys. What used to be a manual process is now automatic. When we have an issue, I can easily see what production systems are affected and I can easily pinpoint a solution to mitigate the issue.

Room for Improvement

The reporting is lacking a little, and it would be nice to have reports sent via email. Often times we have to manually generate the reports after a vulnerability is fixed and a scan has to be re-run.

Use of Solution

I've used it for three years.

Deployment Issues

We did not.

Stability Issues

Our Qualys box is hardware and it's very easy to set up and maintain. It's very little maintenance, and the most time consuming part is setting up everything initially, such as what subnets you want to scan, what reports you want to run, etc.

Scalability Issues

We have over 15,000 devices and had no issues with scaling up our Qualys infrastructure.

Customer Service and Technical Support

Customer Service:

I have never had to interact with them. I get most of the information on the forums, and even there the responses are lighting fast. As far as actually talking to someone, I personally have never had to speak to Qualys support.

Technical Support:

It's great. The users on the forums are very knowledgeable and eager to help. If I need a quick answer I will always get one from the support forum.

Previous Solutions

We used Nessus before. It was a manual process and very time consuming. I like Nessus, but it was very tedious to get it to function automatically.

Initial Setup

There are always complexities to every setup. I think the biggest issue was the learning curve. Having to learn all the new pieces and how they fit into our environment was probably the single biggest hurdle we had to face.

Implementation Team

We did it in-house.

Other Solutions Considered

We looked at Metasploit Expose but the price was too much for what we needed.

Other Advice

Do your research and see how this product would best fit into your environment.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email