Qualys VM Review

The main purpose was to remove the granularity. It really helped us manage the security of our organization.


What is our primary use case?

My primary use case is for the web application scans of websites. I also made some new search profiles and other scanning profiles.

How has it helped my organization?

Before using Qualys, we had other security tools. And, the main purpose was to remove the granularity. We had so many attacks every day. Qualys really helped us manage the security for our operations.

What is most valuable?

The most valuable features are that it is a simple solution that makes scanning easy. You just give it a scheduled task, and it will do everything for you. The reporting is fine, too. And, the knowledge base is pretty good, too.

What needs improvement?

The only improvement I can think of is on the implementation side, otherwise the operation is fine. At times it is a bit slow.

Qualys is really nice, but people only use Qualys for the VM and web scan. They just file the report, and send the report to the customer or client. They don't do anything with the reports. They will get the report, and there are usually 30 to 40 vulnerabilities, not in the web servers. And, of those 30 vulnerabilities, 10 or 15 were usually the first cases. In case of those vulnerabilities are around 50, in which around 50-60% of vulnerabilities are usually found worse. So, for those cases, was pretty low and in Qualys we have to look for them also. Whenever the report comes, we just send the report from the client. And that was one of the biggest issues. So, in this area, we only have to actually check the vulnerabilities in the report. You just have to catch a little bit of this, when we do the type or not. That was one of the issues we had with Qualys.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No, we have not experienced any issues with stability of the product at all.

What do I think about the scalability of the solution?

I have not encountered issues with scalability of the solution. I had scanned 77 servers at a time, and found no issues with scalability while doing so.

How is customer service and technical support?

I have not had a need to deal with Qualys tech support.

Which solutions did we use previously?

I have previous experience with Tenable Nessus. I like Qualys better because there are so many nice features, it builds better.

What's my experience with pricing, setup cost, and licensing?

I am not personally involved with the pricing or licensing of the solution for our organization.

Which other solutions did I evaluate?

I have prior experience with Alert Logic CloudDefender, RSA, Odyssey and Forcepoint Websense (formerly Raytheon Websense). 

What other advice do I have?

A really nice feature of Qualys is the asset management. Some of the end users were using that function, and paid for that particular function. It is helpful to get a bit of history of all types of supports of scanning of particular servers.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email