We just raised a $30M Series A: Read our story
2018-05-21T09:21:00Z

What needs improvement with Qualys VM?

18

Please share with the community what you think needs improvement with Qualys VM.

What are its weaknesses? What would you like to see changed in a future version?

ITCS user
Guest
1919 Answers

author avatar
Top 20MSP

The user experience, the UI, needs to be improved. The technology is there and it is obvious it is able to do many things, however, from a user experience perspective, the UI design is a bit complicated. If the platform could have a bit more of a user-friendly environment, it could be easier for the admins and analysts to use it. The solution is a bit expensive if you do not have access to discounts. From a general perspective, SLA tracking capabilities could be improved with a building method. There was a tracking method to be able to see if this vulnerability for a while or maybe it was patched. However, an internal SLA mechanism could help with batch prioritization and issue detection. I'd rate the solution at a nine out of ten.

2021-09-22T12:03:29Z
author avatar
Top 20Real User

I felt hindered sometimes within reports in that they were lacking somewhat on the customization side in terms of making use of the data. The cloud user interface could be a little more responsive. It was a click and then a wait.

2021-07-26T16:19:46Z
author avatar
Top 5Real User

It's too early for me to say if there is any room for improvement since we're in the first couple of months of using this solution. So far, we've been pretty happy about it. Nothing comes to mind that is negative. Given that it's really new, we're really trying to use all of the features and get a good comfort level and gain more experience in it. For this reason, I can't speak negatively of it, yet.

2021-03-03T10:54:15Z
author avatar
Top 20Reseller

I'd like to see additional security for the app. The product lacks integrations for third party solutions or automation integration for other tools.

2021-01-12T09:04:44Z
author avatar
Top 5Real User

The Patch Identifications, which are supersedence identifications, need improvement. I would like to see more accuracy in detections, better reporting capabilities, and better dashboard download capabilities. These are things that are definitely needed.

2021-01-08T19:00:41Z
author avatar
Top 20MSP

Its integration with ServiceNow and other similar products is complicated and can be improved. It should also have virtual batching. They should support more standards and compliance requirements and more customizations. For policy compliance, they can add the standards required by the countries in the Middle East. Each country generates its own standards and frameworks, and those frameworks should be there in all products, not only in Qualys. The market here is huge, especially in the cybersecurity field. Qatar has a framework for Qatar 2022, and each and every company in the public or private sector has to follow the Qatar 2022 framework.

2021-01-04T17:17:01Z
author avatar
Top 20Real User

We are moving away from Qualys to Defender ATP because I find that Defender ATP is much better at prioritizing the vulnerabilities that I should be looking at. In general, I would like to see some better analytics and prioritization of vulnerabilities.

2020-12-02T14:39:04Z
author avatar
Top 20Consultant

The ability to manage user accounts and give rights to the operator to know about abnormalities of applications is something that needs improvement. The pricing is also expensive.

2020-11-18T11:05:00Z
author avatar
Top 20Real User

Sometimes we face a problem with accessing the tool and not getting an expected result. From a technology point of view, they need to look into this. They need to consider how they can improve tool usability and different scanning options. Sometimes we are facing issues while performing a scan and things are not correctly shown on the GUI. Even as we are doing a task, it may show up as completed, and then something is not visible. Sometimes we face other technical problems. For example, sometimes we can't go to the next page. It's limiting any positive results. The solution needs to be easier to understand and configure. The pricing is a bit on the higher side compared to other products in the industry.

2020-09-17T08:05:51Z
author avatar
Top 20Consultant

Reporting can be improved more. It should generate much more stuff like field reports. Though the reports generally meet our need we hope we can customize it better.

2020-04-16T08:44:00Z
author avatar
Top 10Real User

Customer support needs to be improved because it was not to our SLA standards. Suddenly, the scan engine will go down. We don't know what the reason is, or how it goes down. Because of that, the business is impacted. I had a look at the PCI reports (policy compliance reports) and I have heard that most memberships have been taken by Azure, although I was not aware of that. I would like to see more documentation or awareness.

2020-03-05T08:39:45Z
author avatar
Top 5Real User

I would like to see this solution more developed and competitive in the Cloud space.

2019-12-11T22:01:00Z
author avatar
Real User

The server application scanning has room for improvement. It's quite complex on the way it is set up, so it takes a fair bit of time in order to get your head around it in order to deploy it. Once you've deployed it, then you're never confident on the versions of the browsers and the SSL certificates, etc. You have to always go back into Qualys and check. They do talk about an agent-based scanning for non-IP machines. It sort of sits between server scanning and endpoint scanning. That's not very clear. If they can improve that and deploy, then it'll be such a nice package. The solution should help its vendors more with renewals. For example, we had deployed the solution as a reseller to a client and then somebody else came along and we didn't end up getting the renewal licenses for the servers. I wasn't very happy about that. We put all the hard work to get it in, but the following years we didn't get the benefit of our low pricing in the first year. They should integrate with the dashboard and provide a plugins link for data that's coming into API on the dashboard. When the users buy the license, they can turn it items on. So, that way you know you've got the full solution. What you don't pay for is not switched on, and what you pay for can get switched on immediately.

2019-09-08T09:50:00Z
author avatar
Real User

Representation of the total number of vulnerabilities (with name) vs. the number of patches (with name).

2019-02-20T09:09:00Z
author avatar
Real User

One note for room for improvement is that all of the data is stored on the cloud. I think it would be better if they came up with a big box that could store the data and collect data from, it would be a huge improvement.

2018-10-28T09:33:00Z
author avatar
Real User

I think it could improve asset imagery.

2018-10-28T09:33:00Z
author avatar
MSP

The only improvement I can think of is on the implementation side, otherwise the operation is fine. At times it is a bit slow. Qualys is really nice, but people only use Qualys for the VM and web scan. They just file the report, and send the report to the customer or client. They don't do anything with the reports. They will get the report, and there are usually 30 to 40 vulnerabilities, not in the web servers. And, of those 30 vulnerabilities, 10 or 15 were usually the first cases. In case of those vulnerabilities are around 50, in which around 50-60% of vulnerabilities are usually found worse. So, for those cases, was pretty low and in Qualys we have to look for them also. Whenever the report comes, we just send the report from the client. And that was one of the biggest issues. So, in this area, we only have to actually check the vulnerabilities in the report. You just have to catch a little bit of this, when we do the type or not. That was one of the issues we had with Qualys.

2018-10-28T09:33:00Z
author avatar
Real User

When tested on Zero day, there were errors. In addition, they have integrated with other third parties, but it is still not viable. They are using their own Q id's. This sometimes leads to a false positive. And, even the updating of signatures into Qualys is not that much quicker. Maybe for Windows and Linux, it is a little quicker or networks and other devices. The signature updating is not quicker.

2018-10-28T09:33:00Z
author avatar
Real User

* Improve the API speed. * Make some minimal dashboard improvements. * Improve the user interface.

2018-05-21T09:21:00Z
Find out what your peers are saying about Qualys, Rapid7, Tenable Network Security and others in Vulnerability Management. Updated: September 2021.
542,267 professionals have used our research since 2012.