Qualys VM Review

The users on the forums are very knowledgeable, but the reporting in the solution is lacking.


What is most valuable?

The reporting and vulnerability analysis features.

How has it helped my organization?

Vulnerability scans are easily managed and maintained using Qualys. What used to be a manual process is now automatic. When we have an issue, I can easily see what production systems are affected and I can easily pinpoint a solution to mitigate the issue.

What needs improvement?

The reporting is lacking a little, and it would be nice to have reports sent via email. Often times we have to manually generate the reports after a vulnerability is fixed and a scan has to be re-run.

For how long have I used the solution?

I've used it for three years.

What was my experience with deployment of the solution?

We did not.

What do I think about the stability of the solution?

Our Qualys box is hardware and it's very easy to set up and maintain. It's very little maintenance, and the most time consuming part is setting up everything initially, such as what subnets you want to scan, what reports you want to run, etc.

What do I think about the scalability of the solution?

We have over 15,000 devices and had no issues with scaling up our Qualys infrastructure.

How are customer service and technical support?

Customer Service:

I have never had to interact with them. I get most of the information on the forums, and even there the responses are lighting fast. As far as actually talking to someone, I personally have never had to speak to Qualys support.

Technical Support:

It's great. The users on the forums are very knowledgeable and eager to help. If I need a quick answer I will always get one from the support forum.

Which solution did I use previously and why did I switch?

We used Nessus before. It was a manual process and very time consuming. I like Nessus, but it was very tedious to get it to function automatically.

How was the initial setup?

There are always complexities to every setup. I think the biggest issue was the learning curve. Having to learn all the new pieces and how they fit into our environment was probably the single biggest hurdle we had to face.

What about the implementation team?

We did it in-house.

Which other solutions did I evaluate?

We looked at Metasploit Expose but the price was too much for what we needed.

What other advice do I have?

Do your research and see how this product would best fit into your environment.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest