If you were talking to someone whose organization is considering Qualys VM, what would you say?
How would you rate it and why? Any other tips or advice?
I would like for Qualys to have the ability to scan OT operation technology assets as well. If it can I would rate it 8 out of 10.
If you are comparing Nexpose and Qualys, I would prefer Qualys. The UI is good and whatever reports you are getting, are very clear. If you present it to management, the reports are good. They require an executive report that highlights the vulnerability and how many servers are affected. You can customize it also. Nexpose is coming out with new features, but Qualys has already implemented them. I would rate this solution an eight out of ten.
I would advise others to always have a proof of concept version of the solution put into play. Then spend a good two months on it. Stabilize the solution and check out the features and then deploy it into production. Otherwise, you will spend money during the real project for what could have been done as a POC. Deploy the core solution, get the scanning done and all the critical components put it in a proof of concept and then move it into production. I would rate the solution eight out of ten.
A really nice feature of Qualys is the asset management. Some of the end users were using that function, and paid for that particular function. It is helpful to get a bit of history of all types of supports of scanning of particular servers.
I advise that you see if this solution can fit your problems, and help your needs.