Qualys VM Room for Improvement

Sujit Sharma
Information Security Engineer at a tech services company with 1,001-5,000 employees
The only improvement I can think of is on the implementation side, otherwise the operation is fine. At times it is a bit slow. Qualys is really nice, but people only use Qualys for the VM and web scan. They just file the report, and send the report to the customer or client. They don't do anything with the reports. They will get the report, and there are usually 30 to 40 vulnerabilities, not in the web servers. And, of those 30 vulnerabilities, 10 or 15 were usually the first cases. In case of those vulnerabilities are around 50, in which around 50-60% of vulnerabilities are usually found worse. So, for those cases, was pretty low and in Qualys we have to look for them also. Whenever the report comes, we just send the report from the client. And that was one of the biggest issues. So, in this area, we only have to actually check the vulnerabilities in the report. You just have to catch a little bit of this, when we do the type or not. That was one of the issues we had with Qualys. View full review »
Dr. SureshHungenahally
Chief Executive Officer at Suraksha Pty Ltd
The server application scanning has room for improvement. It's quite complex on the way it is set up, so it takes a fair bit of time in order to get your head around it in order to deploy it. Once you've deployed it, then you're never confident on the versions of the browsers and the SSL certificates, etc. You have to always go back into Qualys and check. They do talk about an agent-based scanning for non-IP machines. It sort of sits between server scanning and endpoint scanning. That's not very clear. If they can improve that and deploy, then it'll be such a nice package. The solution should help its vendors more with renewals. For example, we had deployed the solution as a reseller to a client and then somebody else came along and we didn't end up getting the renewal licenses for the servers. I wasn't very happy about that. We put all the hard work to get it in, but the following years we didn't get the benefit of our low pricing in the first year. They should integrate with the dashboard and provide a plugins link for data that's coming into API on the dashboard. When the users buy the license, they can turn it items on. So, that way you know you've got the full solution. What you don't pay for is not switched on, and what you pay for can get switched on immediately. View full review »
RaghunandanRaju
Senior Vulnerability Analyst at a comms service provider with 10,001+ employees
When tested on Zero day, there were errors. In addition, they have integrated with other third parties, but it is still not viable. They are using their own Q id's. This sometimes leads to a false positive. And, even the updating of signatures into Qualys is not that much quicker. Maybe for Windows and Linux, it is a little quicker or networks and other devices. The signature updating is not quicker. View full review »
Find out what your peers are saying about Qualys, Rapid7, Tenable Network Security and others in Vulnerability Management. Updated: August 2019.
366,918 professionals have used our research since 2012.
SecuritySpec783
Information Security Specialist at a manufacturing company with 10,001+ employees
I think it could improve asset imagery. View full review »
Reviewer214
Senior Information Security Engineer at a financial services firm with 501-1,000 employees
One note for room for improvement is that all of the data is stored on the cloud. I think it would be better if they came up with a big box that could store the data and collect data from, it would be a huge improvement. View full review »
Florin Alexandru Pătruţa
Junior Information Security Analyst at a tech services company with 5,001-10,000 employees
* Improve the API speed. * Make some minimal dashboard improvements. * Improve the user interface. View full review »
Priyanka Dash
Information Technology Analyst at a tech services company with 10,001+ employees
Representation of the total number of vulnerabilities (with name) vs. the number of patches (with name). View full review »
Find out what your peers are saying about Qualys, Rapid7, Tenable Network Security and others in Vulnerability Management. Updated: August 2019.
366,918 professionals have used our research since 2012.
Sign Up with Email