Qualys VM Room for Improvement

Sujit Sharma
Information Security Engineer at a tech services company with 1,001-5,000 employees
The only improvement I can think of is on the implementation side, otherwise the operation is fine. At times it is a bit slow. Qualys is really nice, but people only use Qualys for the VM and web scan. They just file the report, and send the report to the customer or client. They don't do anything with the reports. They will get the report, and there are usually 30 to 40 vulnerabilities, not in the web servers. And, of those 30 vulnerabilities, 10 or 15 were usually the first cases. In case of those vulnerabilities are around 50, in which around 50-60% of vulnerabilities are usually found worse. So, for those cases, was pretty low and in Qualys we have to look for them also. Whenever the report comes, we just send the report from the client. And that was one of the biggest issues. So, in this area, we only have to actually check the vulnerabilities in the report. You just have to catch a little bit of this, when we do the type or not. That was one of the issues we had with Qualys. View full review »
AVP - Information Security at a financial services firm with 10,001+ employees
Sometimes we face a problem with accessing the tool and not getting an expected result. From a technology point of view, they need to look into this. They need to consider how they can improve tool usability and different scanning options. Sometimes we are facing issues while performing a scan and things are not correctly shown on the GUI. Even as we are doing a task, it may show up as completed, and then something is not visible. Sometimes we face other technical problems. For example, sometimes we can't go to the next page. It's limiting any positive results. The solution needs to be easier to understand and configure. The pricing is a bit on the higher side compared to other products in the industry. View full review »
Dr. SureshHungenahally
Chief Executive Officer at Suraksha Pty Ltd
The server application scanning has room for improvement. It's quite complex on the way it is set up, so it takes a fair bit of time in order to get your head around it in order to deploy it. Once you've deployed it, then you're never confident on the versions of the browsers and the SSL certificates, etc. You have to always go back into Qualys and check. They do talk about an agent-based scanning for non-IP machines. It sort of sits between server scanning and endpoint scanning. That's not very clear. If they can improve that and deploy, then it'll be such a nice package. The solution should help its vendors more with renewals. For example, we had deployed the solution as a reseller to a client and then somebody else came along and we didn't end up getting the renewal licenses for the servers. I wasn't very happy about that. We put all the hard work to get it in, but the following years we didn't get the benefit of our low pricing in the first year. They should integrate with the dashboard and provide a plugins link for data that's coming into API on the dashboard. When the users buy the license, they can turn it items on. So, that way you know you've got the full solution. What you don't pay for is not switched on, and what you pay for can get switched on immediately. View full review »
Learn what your peers think about Qualys VM. Get advice and tips from experienced pros sharing their opinions. Updated: September 2020.
438,246 professionals have used our research since 2012.
Anusha Patnaik
IRM Technical Consultant at Shell Exploration & Production Co.
Customer support needs to be improved because it was not to our SLA standards. Suddenly, the scan engine will go down. We don't know what the reason is, or how it goes down. Because of that, the business is impacted. I had a look at the PCI reports (policy compliance reports) and I have heard that most memberships have been taken by Azure, although I was not aware of that. I would like to see more documentation or awareness. View full review »
Senior Vulnerability Analyst at a comms service provider with 10,001+ employees
When tested on Zero day, there were errors. In addition, they have integrated with other third parties, but it is still not viable. They are using their own Q id's. This sometimes leads to a false positive. And, even the updating of signatures into Qualys is not that much quicker. Maybe for Windows and Linux, it is a little quicker or networks and other devices. The signature updating is not quicker. View full review »
Information Security Specialist at a manufacturing company with 10,001+ employees
I think it could improve asset imagery. View full review »
IT Consultant Supervisor at a financial services firm with 5,001-10,000 employees
Reporting can be improved more. It should generate much more stuff like field reports. Though the reports generally meet our need we hope we can customize it better. View full review »
Senior Information Security Engineer at a financial services firm with 501-1,000 employees
One note for room for improvement is that all of the data is stored on the cloud. I think it would be better if they came up with a big box that could store the data and collect data from, it would be a huge improvement. View full review »
Bonnie Mejia
Sr. Manager, Vulnerability Management at United Airlines
I would like to see this solution more developed and competitive in the Cloud space. View full review »
Priyanka Dash
Information Technology Analyst at Tata Consultancy Services
Representation of the total number of vulnerabilities (with name) vs. the number of patches (with name). View full review »
Learn what your peers think about Qualys VM. Get advice and tips from experienced pros sharing their opinions. Updated: September 2020.
438,246 professionals have used our research since 2012.