Qualys VM Overview

Qualys VM is the #4 ranked solution in our list of top Vulnerability Management tools. It is most often compared to Tenable Nessus: Qualys VM vs Tenable Nessus

What is Qualys VM?

Qualys Vulnerability Management (VM) is a cloud-based service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest Internet threats and how to protect them. It helps you to continuously identify threats and monitor unexpected changes in your network before they turn into breaches.

Qualys VM is also known as QualysGuard VM.

Buyer's Guide

Download the Vulnerability Management Buyer's Guide including reviews and more. Updated: June 2021

Qualys VM Customers

Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx

Qualys VM Video

Filter Archived Reviews (More than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
PD
Information Technology Analyst at Tata Consultancy Services
Real User
Patch supersedence has been an invaluable feature

What is our primary use case?

Datacenters which are in different locations.

How has it helped my organization?

Asset discovery Asset sanitization Scan scheduling Patch supersedence.

What is most valuable?

Patch supersedence.

What needs improvement?

Representation of the total number of vulnerabilities (with name) vs. the number of patches (with name).

For how long have I used the solution?

One to three years.
KR
Senior Information Security Engineer at a financial services firm with 501-1,000 employees
Real User
It is a stable product. Tech support is quick to respond to any inquiries.

What is our primary use case?

It mainly scans the model against all of our online websites.

How has it helped my organization?

There are fewer false positives when using this solution. We are also cutting the need for news monitoring with this solution.

What is most valuable?

We find all of the features useful. 

What needs improvement?

One note for room for improvement is that all of the data is stored on the cloud. I think it would be better if they came up with a big box that could store the data and collect data from, it would be a huge improvement.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

It is an extremely impressive and stable product. I would give it a 99% out of 100%. It is very close to…
Find out what your peers are saying about Qualys, Rapid7, Tenable Network Security and others in Vulnerability Management. Updated: June 2021.
509,820 professionals have used our research since 2012.
MW
Information Security Specialist at a manufacturing company with 10,001+ employees
Real User
This solution helps us fill out forms in a timely manner. It is more expensive than competitive products.

What is our primary use case?

My primary use case is to actually fill out forms, ensure that they are being closed in a timely manner. This is why we use these one point solutions.

Pros and Cons

  • "It is quite easy to implement."
  • "When you want to cover yourself for scalability, you will be charged for the number you place on the scan itself."
  • "It is more expensive vs. other products on the market."

What other advice do I have?

I advise that you see if this solution can fit your problems, and help your needs.
Information Security Engineer at a tech services company with 1,001-5,000 employees
MSP
The main purpose was to remove the granularity. It really helped us manage the security of our organization.

What is our primary use case?

My primary use case is for the web application scans of websites. I also made some new search profiles and other scanning profiles.

Pros and Cons

  • "It is a simple solution that makes scanning easy. You just give it a scheduled task, and it will do everything for you."
  • "The reporting is fine."
  • "The only improvement I can think of is on the implementation side. At times it is a bit slow."

What other advice do I have?

A really nice feature of Qualys is the asset management. Some of the end users were using that function, and paid for that particular function. It is helpful to get a bit of history of all types of supports of scanning of particular servers.
Senior Vulnerability Analyst at a comms service provider with 10,001+ employees
Real User
It has a quicker response time to incidents. And it has a stable performance record.

What is our primary use case?

It improves the continuous monitoring of the systems on-premises.

Pros and Cons

  • "I find the most valuable features are the continuous monitoring. Even on premises, there is constant monitoring."
  • "They have integrated with other third parties, but it is still not viable."
  • "When tested on Zero day, there were errors."
Junior Information Security Analyst at Visma
Real User
Detects new hosts along with vulnerabilities

What is our primary use case?

Our primary use case is to manage vulnerabilities, scan web applications, and report assets throughout the network. Also, we create reports based on this data. 

How has it helped my organization?

Tracks workstations and servers. Monitors workstations and servers for vulnerabilities and creates reports. Performs automated, regular scans in the network. Detects new hosts along with vulnerabilities.

What is most valuable?

The Qualys Agent is most valuable for getting insight into what is happening on what device with all its metadata.

What needs improvement?

Improve the API speed.  Make some minimal dashboard improvements. Improve the user interface.

For how long have I used the solution?

Less than one year.
ITSM & AntiFraud Consultant with 51-200 employees
Consultant
Vulnerability management is the most valuable feature but it would be good if they could provide an internal computing appliance.

Pros and Cons

  • "Vulnerability management is the most valuable one and it’s a must in every organization."
  • "One of the biggest issues from the clients' perspective is that all Qualys computing is on the cloud."

What other advice do I have?

Follow the vendor provided steps, and you will not have any problems during the initial implementation. If you don’t have experience with server policies, use a consultant that will be able to identify your business needs.
Shared Information Security Officer at a university with 1,001-5,000 employees
Vendor
It is a totally vendor-managed appliance. It distributes administration functions based on access roles.

What other advice do I have?

Take your time and have each vendor set up an actual proof of concept, rather than just relying on a demo. Get your network and support staff engaged in the process early on because they will be instrumental in deployment and support. Know what you’re trying to accomplish.
Sr. Analyst- Security Testing with 1,001-5,000 employees
Vendor
The reports it generates give us a detailed description of and solution for all network and compliance-related violations, though I'd like an exploitation framework.
Network and Lotus Notes Administrator at a insurance company with 1,001-5,000 employees
Vendor
It updates quickly and works without its presence being felt, but the problem-solving documentation needs improvement.

What is most valuable?

It gets up to date very fast.

How has it helped my organization?

Users do not feel any QualysGuard presence.

What needs improvement?

Solution for fixing problems need to be better documented, such as in a step by step way.

For how long have I used the solution?

I've used it for three years.

What was my experience with deployment of the solution?

No issues encountered.

What do I think about the stability of the solution?

No issues encountered.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service: 8/10. Technical Support: 7/10.

Which solution did I use previously and why did I switch?

No previous solution was used.

What other advice do I

Information Risk Analyst at a healthcare company with 1,001-5,000 employees
Vendor
We've gained insight into vulnerabilities across our environment, but reports should be more customizable.

What other advice do I have?

Make sure you take advantage of authenticated scans and it is also very helpful if you have a complete server inventory.
Senior System Engineer at a comms service provider with 1,001-5,000 employees
Vendor
It's easy to download/install the correct patch, but the reporting could be improved.

What is most valuable?

The feature where the solutions to issues are mentioned in the reports.

How has it helped my organization?

It's easy to reach the current location and download/install the correct patch.

What needs improvement?

The feature where the solutions to issues are mentioned in the reports could be improved.

For how long have I used the solution?

I've been using it for over three years.

What was my experience with deployment of the solution?

No issues encountered.

What do I think about the stability of the solution?

No issues encountered.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service: 7/10. Technical Support: 5/10,

Which solution did I use

Analista de Seguridad TI at a manufacturing company with 1,001-5,000 employees
Vendor
It's worth the investment, but score calculation needs to be improved. I had to manually re-calculate scoring at times.
Manager System Security at a comms service provider with 1,001-5,000 employees
Vendor
The installation of the local hardware scanner appliance is easy, but the asset tagging needs lots of improvements.

What other advice do I have?

* Collect complete asset inventory details (asset type, service/application details, administrator details etc.). * Provide awareness session to the support team about Qualys, its usage, and functionality. * Prepare OLAs and SOPs for better co-ordination between the teams.
Security Consultant at Cyber Intelligence Sdn Bhd
Consultant
The reporting features needs to be improved, but you don't need to spend a lot of time on the deployment.

What other advice do I have?

Use it. It is a great product. Many people are sceptical that their scan results are in the cloud. But if you want something affordable and that works like a charm, go for Qualys. Less headaches and easy to achieve ROI as you don't spend much on the deployment or maintenance.
Customer Technical Leader for Galeries Lafayette at a tech company with 10,001+ employees
MSP
The GUI needs work, but the vulnerabilities are kept up to date.

What is most valuable?

The top one for me is that the vulnerabilities are kept up to date.

How has it helped my organization?

It has reduced the cost of ownership for the engineers who can launch scans on the customers’ networks.

What needs improvement?

I’m convinced it could be possible to do a simpler interface.

For how long have I used the solution?

I used it for about four years.

What was my experience with deployment of the solution?

No issues encountered.

What do I think about the stability of the solution?

There is an issue with the web browser, but it's not an issue with the product itself.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service: 9/10. Technical…
Manager Information Security at a healthcare company with 10,001+ employees
Vendor
There are some stability issues with reporting, but it's straightforward to implement.

What is most valuable?

Vulnerability management.

How has it helped my organization?

It has helped to automate the vulnerability management program, increasing the security posture and helped us to identify the security risks in our infrastructure.

What needs improvement?

Web application security model needs some work.

For how long have I used the solution?

I've been using it for four years, including including VM, PCI, WAS and MDS features.

What was my experience with deployment of the solution?

No issues encountered.

What do I think about the stability of the solution?

There's been a few times, related to reporting, that we've had issues, but overall it's stable.

How are customer service and technical support?

Customer Service: Excellent, the Qualys support team…
Technical Services Manager at a tech company with 10,001+ employees
MSP
It is very simple and yet an effective way to do vulnerability assessment.

What other advice do I have?

I would definitely recommmend using this product, as this is very simple and yet an effective way to do vulnerability assessment. .
Linux Administrator at a comms service provider with 501-1,000 employees
Vendor
The users on the forums are very knowledgeable, but the reporting in the solution is lacking.

What other advice do I have?

Do your research and see how this product would best fit into your environment.
Senior IT Security Analyst at a tech services company with 501-1,000 employees
Consultant
The IT infrastructure needs work but WAF has improved our vulnerability identification.

What is most valuable?

WAF integration is valuable.

How has it helped my organization?

We can now perform vulnerability scans with WAF integration. The WAF has improved the vulnerability identification and reports to the SOC and CSO.

What needs improvement?

The IT infrastructure, especially server administration, needs to be improved.

For how long have I used the solution?

I've used it for two years.

What was my experience with deployment of the solution?

There was only one related, and that need work on our technology. As the solution is cloud based, we needed to adapt our internal policies.

What do I think about the stability of the solution?

There were no issues.

What do I think about the scalability of the solution?

This been done without a problem.

How are

Consultant with 501-1,000 employees
Vendor
Using the vulnerability management module you can track the list of vulnerabilities.
Security Expert at a financial services firm with 1,001-5,000 employees
Vendor
Makes many promises but in order to do so, Qualys requires the client to provide a backdoor to the system.
The QualysGuard Private Cloud Platform (QG PCP) makes many promises, one of which is that vulnerability scan data can be hosted by a private cloud platform in a client's data center and under the client's control. If taken at their word, this may seen promising, but the reality is that Qualys still will have to manage this platform remotely. By doing so, they will have access to this data remotely anyway and can pull it down to their site as needed. Needless to say, Qualys requires the client to provide a backdoor to the system. The Qualys PCP equipment is leased and never sold to the customer. There are many legal issues with this which allows them to access their equipment. They require the customer to give them remote access in order for them to manage it remotely…
Security Compliance Analyst at a healthcare company with 501-1,000 employees
Vendor
Delivers higher frequency of scans & better aggregation of results. Ticket management has room for improvement.

What other advice do I have?

Take the time to properly identify your network and as importantly get approval and acceptance from the group up – especially senior management. In addition, it is very important to have your scan schedule, profiles, reporting, metrics, expectations, etc. documented so that everyone in the company understands your expectations.
Product Categories
Vulnerability Management
Buyer's Guide
Download our free Vulnerability Management Report and find out what your peers are saying about Qualys, Rapid7, Tenable Network Security, and more!