It's primarily for vulnerability management. We use VMDR to deploy the cloud agents and scanners in our environment to cover everything holistically. We also use it for service integration so that vulnerabilities can be tracked through there. So, it's more or less vulnerability management.

We need to scan different kinds of assets. It could be our desktops, laptops, servers, and network devices. VMDR enables us with the sort of licensing where we can either deploy agents or scanners or both. So wherever we can deploy agents, we are deploying agents for scanning, for instance, on our workstations and servers.

And then for network devices, we use just the scanner capabilities of Qualys. So that's why we use this VMDR solution across different sorts of assets in a wide environment.

When we use Qualys VMDR's agents, they usually scan or probably reconvene the vulnerabilities within four hours. So, anything that jumps its way immediately alerts us within a few minutes that something is wrong, and we can check on those terms.

Other than that, I think it does have a module that can help us prioritize vulnerabilities, not only with vulnerabilities that have been attacked in the wild but also if any vulnerabilities have an exploit available. So those sorts of insights do provide us. It should really help us to prioritize vulnerabilities based on the threats that are out there.

It improved the visibility of the organization. It enables us to, first of all, identify all the assets and then scan them for the vulnerabilities. And then it also helps us to prioritize which vulnerabilities we have to fix first, and we can map out strategies. So, it is what it is meant for, and it is doing really, really good in that sense.

First of all, the licensing products itself is a great tool for VM because it's easy to use, and its reporting is excellent. It gives you a lot of ability and tweaking options to get what you want out of the reports. It gives you a lot of options, and it integrates with our ServiceNow for ticketing and all. So that is also a great feature. Then, the licensing that comes with VMDR enables us to scan different devices without getting any sort of extra license. So, it covers everything under one bundle.

It's the capability of scanning that has proven to be most effective in the risk management aspect. The less number of false positives and the authenticated basic scans are more concrete. So, the reliable reports and the efficiency of scans are something that we appreciate with all of this.

So, it does reduce those false positives and gives us a more concrete report.

From the application security perspective, Qualys has a way to go. We probably use it for infrastructure scanning, but I feel that Qualys can do better in application scanning as well.

Infrastructure scanning is fine. It's doing good with that. However, there is room for improvement in application scanning.

I have been using it since the beginning, even before VMDR. I used Qualys for scanning. I've been continuously using Qualys for at least a decade. So it's almost ten years I've been working with Qualys.

I would rate the stability a nine out of ten. It has been stable for me. I didn't face any challenges. It worked fine for me.

I would rate the scalability a nine out of ten.

This is probably where Qualys can improve themselves a little bit and help us get a little bit quicker responses. So, that's where I think they can definitely spend some time.

Knowledge-sie the customer service and support are fine, I want them to improve the response time.

I have used tools like Rapid7, Nessus. But overall, I feel that Qualys has better capabilities in terms of scanning and then in terms of reporting as well.

So I can compare it with Rapid7 and Tenable Nessus, and Qualys is definitely way ahead from its competitors in that sense.

The initial setup is straightforward. It's nothing complicated. I think we just need to deploy agents and enable our scanner for the connectivity, and then it's all good.

It is in an hybrid environment.

The deployment time depends upon the size of the infrastructure. It usually doesn't take much time. You just need to deploy the scanners and agents, which is also usually automated. I don't see it as very time-consuming. So, if I have to rate between one to ten, then I would rate around seven to eight, somewhere down to cover that.

It does require maintenance because it keeps updating its agent version as well, but I see that this is also automated. And then, if we have deployed this on hardware as well, like Windows and all, those also need to be updated online. But, the maintenance is required for sure.

From the security side, we have seven to eight people who are managing Qualys. But then we have people from IT as well who are supposed to see the vulnerabilities and remediate those. So such roles, we also have in Qualys that need the access and also on the vulnerabilities.

I can see the time-to-value benefits of Qualys. It's more of a time and resource. Security is always an expense. We don't get active revenue out of it, so it's more of an expense.

So returns in terms of risk reduction. It helps us to identify those potential vulnerabilities on time and help facilitate those. So in those terms, it's a return on investment.

It saved us 20% of time because it is easy to use, and since it is integrated, we don't have to touch anything much.

The pricing is a little expensive on that sense, but it also delivers the value. So, if anybody has the budget for Qualys, then, they should go with Qualys for sure.

I would recommend Qualys VMDR to other users because it is efficient and reliable, and it does what it's supposed to.

Overall, I would rate it an eight out of ten.

Our primary use case of the product is comprehensive vulnerability management and asset inventory across a hybrid environment consisting of both cloud and on-premises deployments. We manage approximately 45,000 endpoints spread across multiple geographical locations.

The platform's most valuable features include its robust vulnerability detection capabilities and automated remediation workflows. These features not only help us identify vulnerabilities promptly but also enable us to prioritize and remediate them efficiently.

While Qualys VMDR is comprehensive, improvements in asset management functionality would be beneficial. Additionally, reducing dependency on multiple agents for data collection across different endpoints could simplify management and resource utilization.

In the next release, enhancements in reporting and analytics would be appreciated. Advanced analytics capabilities for trend analysis and predictive insights could further empower proactive decision-making in cybersecurity management.

I have been using Qualys VMDR for approximately two years now.

The product is stable. I rate the stability a seven.

I rate the product scalability an eight.

The technical support services are good.

The initial setup was relatively straightforward. They provided comprehensive documentation and support during deployment, which helped streamline the process.

I would rate the process a seven or eight.

We implemented the product with the help of in-house resources and support from Qualys.

We evaluated other options such as Tenable and Rapid7.

I rate Qualys VMDR a nine out of ten.

In our DLP operations, we use the tool to address stability issues and implement fixes suggested by it. This helps manage risk levels and decide whether to fix issues or implement workarounds.

I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagging system is good for tagging. We can still use QualysAgent task ID tools even if tags aren't made.

The asset inventory management feature has improved our security posture, which is good. It was introduced recently, and we've just started using it. In terms of management, I believe it's better than what we were using before.

Qualys VMDR is good at handling vulnerability management trends, especially with its policy module. Qualys VMDR offers customizable labels that fit the organization's needs, unlike other tools. This is important for enhancing security and meeting compliance requirements.

There's a need to upgrade or fix the potential vulnerability rate. Around 20,000 potential vulnerabilities were showing in Qualys VMDR, but none of the other tools showed them. When we checked, it wasn't the case. Support explained that even small issues were being counted as vulnerabilities, causing issues in our audit. So, the security features could be improved to identify vulnerabilities accurately.

I have been working with the product for two years.

The stability is generally good, but we did face issues during the pandemic due to connectivity problems with Qualys VMDR servers. There were syncing issues, and agents weren't getting updated. However, we later realized it was our issue because our software needed updating. We had to manually update the proxy settings, which Qualys VMDR should have done. We managed to tackle the challenge with the help of another team.

Support should be faster and more customer-friendly. We often have to review a lot of documentation for issues we're already aware of and follow basic steps repeatedly. Additionally, we must wait for Qualys VMDR personnel to move scans into debug mode, which can be time-consuming. Getting notifications or updates on these processes more quickly would be helpful.

Setting up the tool doesn't take long and doesn't require many people.

We have an annual contract for Qualys VMDR. I believe it's for either two years or five years.

I haven't personally done any integration, so I can't comment on it. However, I believe some integration was happening between Qualys VMDR and ServiceNow. Our asset management tool was also trying to integrate with Qualys VMDR, but I'm unsure about the details or how it works. I rate the overall product an eight out of ten.

I primarily use Qualys VMDR for daily scans, onboarding assets, scanning, reporting, and managing the entire vulnerability management process, including test management.

VMDR has significantly improved our organization by simplifying asset discovery and management. We can easily identify and categorize assets, ensuring comprehensive scanning and reporting.

Qualys Patch Management is excellent for keeping our critical servers and third-party applications updated efficiently.

One area of the product that could be improved is the management of vulnerabilities detected on disabled applications. We currently face challenges with unnecessary alerts for Microsoft Defender, which we do not use. Additionally, enhancing the alerts for agent communication failures would be beneficial.

I have been using Qualys VMDR for approximately three years.

The product has been very reliable in our day-to-day operations.

I would rate the product scalability a ten. It easily scales with our organization's growth, allowing us to add new assets and expand our coverage seamlessly. We are considering expanding our deployment to include 500 assets next year.

The initial setup was straightforward, taking less than a week to configure and generate reports. The deployment process was smooth, and we were able to integrate it effectively into our hybrid environment.

Within three months of deployment, we began seeing improvements in vulnerability management. This helped us significantly reduce vulnerabilities and streamline our patch management processes, providing a notable return on investment.

The solution is reasonably priced for the value it provides. Our contract renewal was approximately 2.5 million ZAR for three years, including managed services.

Before selecting Qualys VMDR, we evaluated other options but ultimately chose Qualys due to its comprehensive features and effective proof of concept.

We integrate Qualys VMDR with our infrastructure, conducting weekly scans and generating reports based on the findings. This provides daily views of vulnerabilities, and we use Qualys' patch management to deploy patches promptly, starting with the most severe vulnerabilities, thus reducing our threat exposure. Conducting a thorough proof of concept is essential to evaluate its effectiveness in your environment and to see how it integrates with your existing systems and handles your specific security needs.

I rate it a ten out of ten.

We use the product for enterprise network infrastructure scanning.

The product has multiple valuable areas. The process of defining and discovering scans is organized efficiently. It has an effective tagging system and authentication mechanism compared to other tools. Its integration with AD helps us a lot. Additionally, I like the report generation feature.

Qualys could improve the inbuilt dashboards. They could be advanced compared to competitors like Rapid7 and Tenable. They should include a faster reverse integration process. They could enhance its integration with ServiceNow CMDB to ensure that mapping IP addresses, domains, and net bias names is consistent and accurate.

We have been using Qualys VMDR for nearly two and a half years.

I rate the product's stability a nine out of ten. I have rarely seen any stability issues with Qualys.

I rate the product's scalability an eight out of ten. We only recommend some people use Qualys in our organization. It is a limited audience. It is used by the vulnerability management team and a few critical resources from different parts of the cybersecurity department. We have 50 users in total. They should provide role-based access for managers, reviewers, and scanners.

The initial setup process is simple as I have prior experience working on two full-time projects with it. I find it simple as I have enough background knowledge of it.

The product is more expensive than that of any other vendor.

I did work on Tenable's POC and some other vendors. It has some limitations in detecting different types of vulnerabilities or false positives. Qualys is on the higher side when compared to the other tools.

I rate the product an eight out of ten.

Our use cases are primarily on-premises vulnerability management and remediation, external attack surface management and vulnerability scanning.

The benefits I've seen are twofold. The biggest benefit is from a security operations perspective, where we are able to drive our security posture upwards by remediating any discovered vulnerabilities. We can also automate the remediation process. The other big benefit is executive reporting because it's very easy to produce trends over time to report on risk.

The most valuable features are vulnerability detection, patching capabilities, and remediation. Cloud security posture management is also very valuable. I find these features valuable because getting a unified view of your cloud security posture across different environments is not always easy. For example, you might have most of your resources sitting in Azure, but you might have a couple of workloads in AWS. Naturally, there are different tools that report on that, so it's invaluable to have those pulled into a single dashboard so you can drive your remediation from a single platform.

If anything, I would like to see the user interface modernized a bit more. Also, there are a lot of various modules, and if they could be consolidated into fewer options, it would make the buying experience easier.

I've been working with Qualys VMDR for the last three years or so.

We haven’t faced any issues, the solution is very stable.

Because the management sits in the cloud, you don't have to worry about management appliances or anything like that on-premise, so the solution is very scalable. You can split your assets into asset groups and delegate management to different teams. Around 1,000 users are using Qualys in my organization across 60 locations.

We've had very few technical issues, and the customer support team has quickly resolved issues we've had.

In the first step, Qualys provisions your cloud-based management instance. From there, you get a small, lightweight agent deployed by deployment technology like Microsoft Intune, in our case, SCCM, or any deployment technology.

We worked with BCX Namibia and the Qualys team in South Africa while deploying the solution. It took two weeks to deploy the solution. The solution is not difficult to maintain because the management component is cloud-based and is taken care of by Qualys. Any agent upgrades that might be necessary are very seamless.

We have seen an ROI using Qualys. Most breaches nowadays are because of a vulnerability that is exploited. By virtue of being able to identify and remediate these vulnerabilities, I believe we are significantly driving our cybersecurity risk downwards.

The pricing is very competitive, especially because Qualys is integrated and does vulnerability management and remediation patching in one solution, so there's no need for a separate patching solution. You can also get very granular with the amount of IP addresses you can cover. You can go from as few as 16 IP addresses to many more. And the Qualys team is also willing to work with organizations to make the solution make commercial sense. The prices are fixed. We have a yearly subscription model based on the number of IP addresses we’re scanning.

We evaluated vulnerability management in Microsoft Defender, but we found the reporting and functionality lacking compared to Qualys. And then the Microsoft licensing costs were also a bit of a dealbreaker.

If you're considering implementing Qualys in your organization, work with a strong pre-sales partner. Evaluate the product, make sure it does what you need, make sure you buy the features that you need, and make sure to use the training and onboarding material that Qualys has made available on its website so you can leverage the solution's full capability from the start. I rate Qualys VMDR a nine out of ten.