Qualys VM Review

The installation of the local hardware scanner appliance is easy, but the asset tagging needs lots of improvements.

Valuable Features

  • Vulnerability management
  • Policy compliance
  • Scalability

Improvements to My Organization

As a leading IT services organization, it is very important for us to have a proactive identification/assessment of vulnerabilities. We also need to be able to remedy them in a timely manner before they exploit our security configuration compliance, and then harden our security for both system/network devices and applications. We need to do this both before and after placing them in production environment.

With QualsyGuard we have been able to achieve this by utilizing its modules, such as vulnerability management, policy compliance, web scanning, malware detection, and asset tagging.

Room for Improvement

As users of Qualys for the last three years, we have identified and shared many areas where Qualys needed to have improvements, including --

  • Vulnerability database having some false positives, although this is rare;
  • Web scan module requires authentication to access basic web forms;
  • Asset tagging needs lots of improvements as it's currently a complex technique; and
  • For policy compliance, they need to add more leading IT standards with regards to all the leading IT service provides like Juniper, Cisco, Microsoft, etc.

Use of Solution

I've been using this product for the last three years.

Stability Issues

This is a very stable product and we haven't faced any issues since its deployment apart from announced downtimes for upgrades and improvements.

Scalability Issues

No issues encountered.

Customer Service and Technical Support

Customer Service:

Support is available 24/7 via phone and e-mail. Remote session support is also available.

Technical Support:

They have excellent expertise.

Previous Solutions

No previous solution was used.

Initial Setup

It's easy as it is a SaaS, cloud-based service. The installation of the local hardware scanner appliance is also easy.

Implementation Team

We used a vendor team who was excellent.


I cannot give you the exact ROI on this, but as a large information and communication technology service provider, a 24/7 service availability that leads to customer satisfaction is our key goal. Regular VM and compliance assessment results in the complete hardening of our critical assets defending us against any exploits that leads to unavailability of our services.

Other Solutions Considered

No, because it was already in use at our parent company and it was providing good results for a low price as well.

Other Advice

  • Collect complete asset inventory details (asset type, service/application details, administrator details etc.).
  • Provide awareness session to the support team about Qualys, its usage, and functionality.
  • Prepare OLAs and SOPs for better co-ordination between the teams.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 visitor found this review helpful
1 Comment
Product Manager with 1,001-5,000 employeesVendor

Yes, this review is helpful.

01 July 15
Sign Up with Email