Qualys VM Review

The installation of the local hardware scanner appliance is easy, but the asset tagging needs lots of improvements.


What is most valuable?

  • Vulnerability management
  • Policy compliance
  • Scalability

How has it helped my organization?

As a leading IT services organization, it is very important for us to have a proactive identification/assessment of vulnerabilities. We also need to be able to remedy them in a timely manner before they exploit our security configuration compliance, and then harden our security for both system/network devices and applications. We need to do this both before and after placing them in production environment.

With QualsyGuard we have been able to achieve this by utilizing its modules, such as vulnerability management, policy compliance, web scanning, malware detection, and asset tagging.

What needs improvement?

As users of Qualys for the last three years, we have identified and shared many areas where Qualys needed to have improvements, including --

  • Vulnerability database having some false positives, although this is rare;
  • Web scan module requires authentication to access basic web forms;
  • Asset tagging needs lots of improvements as it's currently a complex technique; and
  • For policy compliance, they need to add more leading IT standards with regards to all the leading IT service provides like Juniper, Cisco, Microsoft, etc.

For how long have I used the solution?

I've been using this product for the last three years.

What do I think about the stability of the solution?

This is a very stable product and we haven't faced any issues since its deployment apart from announced downtimes for upgrades and improvements.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service:

Support is available 24/7 via phone and e-mail. Remote session support is also available.

Technical Support:

They have excellent expertise.

Which solution did I use previously and why did I switch?

No previous solution was used.

How was the initial setup?

It's easy as it is a SaaS, cloud-based service. The installation of the local hardware scanner appliance is also easy.

What about the implementation team?

We used a vendor team who was excellent.

What was our ROI?

I cannot give you the exact ROI on this, but as a large information and communication technology service provider, a 24/7 service availability that leads to customer satisfaction is our key goal. Regular VM and compliance assessment results in the complete hardening of our critical assets defending us against any exploits that leads to unavailability of our services.

Which other solutions did I evaluate?

No, because it was already in use at our parent company and it was providing good results for a low price as well.

What other advice do I have?

  • Collect complete asset inventory details (asset type, service/application details, administrator details etc.).
  • Provide awareness session to the support team about Qualys, its usage, and functionality.
  • Prepare OLAs and SOPs for better co-ordination between the teams.
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Qualys VM reviews from users
...who work at a Comms Service Provider
...who compared it with Tenable Nessus
Add a Comment
Guest
1 Comment

author avatarit_user216711 (Product Manager with 1,001-5,000 employees)
Vendor

Yes, this review is helpful.