Sign in
Sign in
or
Create a new account
Agent Mode
Categories
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

Qualys VMDR (US Only)

Qualys

Reviews from AWS customer

8 AWS reviews

External reviews

180 reviews
from and

External reviews are not included in the AWS star rating for the product.

    Dung L.

Review Qualys VMDR

  • July 25, 2023
  • Review provided by G2

What do you like best about the product?
Vulnerability Management and Asset Management
What do you dislike about the product?
Some dashboard on Qualys VMDR and api feature
What problems is the product solving and how is that benefiting you?
Help us vulnerability management all of asset on my cloud

    rohit a.

Best tool for VMDR

  • July 24, 2023
  • Review provided by G2

What do you like best about the product?
Their interactive Dashboard for Threat and vulnerability research is awesome.
What do you dislike about the product?
Support Team takes lots of time to respond.
What problems is the product solving and how is that benefiting you?
It's making environment Risk free

    Harold Jensen

Good visibility but expensive and needs better support

  • July 13, 2023
  • Review from a verified AWS customer

What is our primary use case?

We are managing hundreds of AWS and several on-premises accounts using Qualys agents and scanners to provide data inputs for Qualys. We are using several of the Qualys modules, VMDR, Cloud Agents, Connectors along with Global Asset View (GAV).  GAV dynamic tagging is valuable for tracking owners of assets.   

Qualys' main function is to provide us with vulnerability management information for our end users and is a major input to our CMDB.  We rely on a combination of agents and scans to provide us with the system data.   

How has it helped my organization?

We are seeing more of the issues we suspected were there. Qualys is allowing us to get an overall picture of our Risk posture. It has enabled us to identify assets we did not know existed.  

However, Qualys has not enabled us to get a complete picture of our risk posture, due to our own limitations in our deployments and limitations in the Qualys back end, dashboards, UI, connector reliability, and the limitations of the Qualys Scripting Language (QSL).  

Qualys implementation requires dedicated back-end support from various teams which was not clearly explained to us or planned for. 

What is most valuable?

Cloud Agents: lots of control available and very trouble-free. It pulls all systems information, including installed software and open ports. It's very configurable to adjust impact to systems.  

Connectors: Pulls all the cloud information per account and helps to build a CMDB.  Qualys connectors do some control evaluations to help manage these accounts. 

Global Asset View (GAV): With the ability to establish dynamic tagging and perform queries GAV has become a very valuable research tool to our teams. 

What needs improvement?

Support: It's often overseas and often following a script, basically asking us to redo what we opened the case with. 

Multiple APIs: There seems to be a lack of easy onboarding into Qualys. We had to use manual inputs and some API calls to get items in place. 

Dashboard: It is very rudimentary with very little customization. The Qualys Scripting Language (QSL) works differently in different Qualys modules, so when you get it working in one area you have to modify the syntax in others.  

User account management: We often have to give users more rights than needed just to give them what they need. 

Integration with the various Qualys Modules: You can tell the UI is different based on of the different teams that created them. 

QSL syntax same in all modules

Responsiveness of some of the components: They time out, you get a blank screen, etc.

Backend updates between the various modules: You update connectors and information takes a few minutes to show in VMDR or Global Asset View

Connectors: Connectors have a throttling issue with AWS which causes them to frequently fail unless you manually run them again. 

For how long have I used the solution?

I've used the solution for three years.

What do I think about the stability of the solution?

Stability is not the issue. However, the reliably of the different modules is a concern. I have never seen all of Qualys go down. 

What do I think about the scalability of the solution?

The solution is very scalable (with a matching cost, in that, it gets expensive as you grow). 

How are customer service and support?

Our CSM has awesome, however, support is often overseas at conflicting hours.  Support seems to follow scripts and forces us to go through the same scripts. Some solutions required months from Qualys to implement. 

How would you rate customer service and support?

Negative

Which solution did I use previously and why did I switch?

We used Tenable.IO which we found very limited. However, in our other cloud environment, we had to use Teanble.SC with which we were able to use a Lambda function and a few API calls to make it operate very well in the cloud. 

How was the initial setup?

The setup is complex in many ways, from setting up agents and connectors to trying to create dashboards that fit our needs.  

What about the implementation team?

We managed the setup in-house.

What was our ROI?

Management is very concerned about the cost of using Qualys; it keeps going up as we pursue 100% deployment. 

What's my experience with pricing, setup cost, and licensing?

The price is very high and escalates quickly based on the number of appliances you need. 

Which other solutions did I evaluate?

We evaluated Tenable.SC and Rapid7.

What other advice do I have?

If you're going to deploy Qualys it is key to have someone dedicated to supporting the back end, making sure all the components are working as expected.  This is not a fire-and-forget solution. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)

    Computer Software

It is a good product to do VA Scanning for my organisation

  • July 12, 2023
  • Review provided by G2

What do you like best about the product?
Its Web UI and to do VA Scanning and also its Administration is very easy.
What do you dislike about the product?
Nothing to dislike for Qualys VMDR as it is very easy to use.
What problems is the product solving and how is that benefiting you?
You can get Vulnerability in your software quickly and close that loopholes.

    LUKEMONYUSSUF

With an interesting dashboard, the solution offers stability and scalability

  • June 26, 2023
  • Review from a verified AWS customer

What is our primary use case?

Using the solution, I go through the reports and advise my organization on what needs to be done and how to go about it.


What is most valuable?

I find the solution's dashboard interesting since we get a proper view to streamline our findings and assist in prioritizing the schedule for patching or any other related incidents we believe have already been worked on.

What needs improvement?

Presently, I am more of the technical part. I am allowed to just go through the details of the report, which has been very interesting. It is a struggle to be able to pull our report and to be able to do onboarding using automated tools. So basically, the aforementioned aspect of the report needs improvement.

Presently, whatever I'm working on has been quite fantastic to the best of my knowledge.

For how long have I used the solution?

I have been using Qualys VMDR. I have been using it on my own site as a client. I am just a consultant. I work with Qualys VMDR due to my understanding of the product so that I can help my clients check one or two things that can help improve the digital infrastructure part.

What do I think about the stability of the solution?

The stability of the tool is okay. Most of the time, you need to do the updates online to be able to get off from any vulnerability. As long as you are online since it's on the cloud, it's just as software of which the update has been handled on the cloud as well.

The response time is fine. You can pull up reports without dragging or consuming bandwidth.

What do I think about the scalability of the solution?

The scalability of the tool is okay. Scalability-wise, I rate the solution an eight out of ten. I have not been able to have the solution function at a large scale. Hence, I will be able to categorically say that everything is fantastic.

How are customer service and support?

Presently on my own part, I've not been able to experience the support, but I can search the technical algorithm of which I've not yet got any reports.

How was the initial setup?

The initial setup phase has been quite interesting because of our experience when we had to use the agents on most of the endpoints, which means it was okay for us.

The solution is deployed on the cloud.

What other advice do I have?

I would tell those planning to use it that it is definitely not about the technology. However, at the same time, if you have the technology, make sure you have the right person with the ability to assist you in addressing the advantages of the product.

I rate the overall product an eight out of ten.

    reviewer2201862

Efficient automation feature and provides us with a comprehensive security solution

  • June 12, 2023
  • Review from a verified AWS customer

What is our primary use case?

Qualys VMDR is a vulnerability management and detection response tool. It belongs to the first generation of vulnerability assessment tools. It enables us to manually identify vulnerable keys and fix them. It is built as a cutting-edge continuous platform where we can detect and protect. With this product, we can respond to specific vulnerabilities, going beyond just using artificial intelligence features. We have implemented VMDR across our cloud, physical interfaces, endpoints, and log servers. It's a good digital product for our organization.

How has it helped my organization?

It has improved our organization in many ways. We needed to have a security solution that focuses on different types of things. We discussed budgeting for the cloud and the need for an alternative to taking care of malware. Additionally, we have to consider various attacks. Therefore, Qualys VMDR is a great tool that helps us improve.

What is most valuable?

The most valuable feature is automation.

What needs improvement?

Qualys VMDR is basically susceptible to false positives, and false negatives. We receive a lot of false positives in there. VMDR can be considered a complex solution, especially for enterprises with limited resources or organizations. It requires extensive knowledge as an engineer. So, when using this tool, you need to utilize other tools to remediate the false security issues.

So maybe it should also have the ability to automatically identify and address false positives. In additional features, an automated process for remediating false positives. We might be looking for new types of signatures that can help us identify and address specific issues.

For how long have I used the solution?

I have been using Qualys VMDR for one last year.

What do I think about the stability of the solution?

I would rate the stability an eight out of ten.

What do I think about the scalability of the solution?

I would rate the scalability an eight out of ten.

How was the initial setup?

It took us one month to set up.

What was our ROI?

I have seen an ROI.

What's my experience with pricing, setup cost, and licensing?

The price is very reasonable, so you can definitely go with all the endpoints it offers.

What other advice do I have?

Just consider the licenses we have within VMware. They could replicate some of these features, which are used for premium customers. So, it might be useful to include those features in the subscription plans.

Overall, I would rate the solution a nine out of ten.

    Manoj Kumar M.

Qualys VMDR - Optimize Security and Simplify Vulnerability Management

  • June 03, 2023
  • Review provided by G2

What do you like best about the product?
Qualys VMDR grants users entry to a holistic vulnerability management solution that operates on a risk-centric approach. Through the prioritization of vulnerabilities, misconfigurations, and assets according to their level of risk, security teams can efficiently distribute resources and promptly tackle the most vital potential threats. This approach significantly enhances the mitigation of security risks associated with vulnerabilities.
What do you dislike about the product?
False positives and false negatives can be a concern with Qualys VMDR. The platform's complex nature may pose challenges for organizations with limited resources or less mature security programs, as it demands a heightened level of asset exposure. It is important to consider these factors when evaluating Qualys VMDR's suitability for specific enterprise environments.
What problems is the product solving and how is that benefiting you?
One of the standout features of Qualys VMDR is its seamless integration with popular ITSM solutions such as ServiceNow and Jira. This integration empowers organizations to automate the entire vulnerability management process, resulting in improved efficiency and streamlined workflows. By automating and integrating these essential tasks, Qualys VMDR greatly enhances overall operational efficiency and ensures a comprehensive end-to-end approach to vulnerability management.

    Jerome TOUTEE

Comprehensive and stable solution, but its technical support service needs improvement

  • May 08, 2023
  • Review provided by PeerSpot

What is our primary use case?

We use the solution for vulnerability management. It helps us identify potentially vulnerable assets. Thus, we can prioritize patching based on a risk score.

What is most valuable?

The solution is easy to use and has many essential features. I found the concept of tags the most valuable feature. It allows us to build assets from different views. We can categorize systems with tags, either automatically or manually.

What needs improvement?

The solution's cloud agent is available only for limited operating systems such as Windows and Linux. They should make it accessible for more systems like FreeBSD. Also, it would be helpful if they made it available for Cisco or Juniper routers. Additionally, its price and support could be better as well.

For how long have I used the solution?

We have been using the solution for six years.

What do I think about the stability of the solution?

The solution is stable. However, it takes time to generate reports.

What do I think about the scalability of the solution?

We have ten solution users in our organization.

How are customer service and support?

The solution's technical support team replies with generic answers. The quality of the response could be better.

How would you rate customer service and support?

Neutral

How was the initial setup?

The solution's initial setup process was straightforward. We just followed the documentation.

What's my experience with pricing, setup cost, and licensing?

The solution is costly.

What other advice do I have?

I recommend the solution to others and rate it as a eight.

    PranjalGargava

Helps with vulnerability scanning and understanding of cyber security controls

  • May 05, 2023
  • Review provided by PeerSpot

What is our primary use case?

We use the solution for vulnerability and policy scan.

How has it helped my organization?

The product has helped us understand cybersecurity controls.

What is most valuable?

I am impressed with the VMDR feature.

What needs improvement?

The tool needs to improve the adding assets and report generation features. I would like to see the policy scan of offline appliances in the product's future releases.

For how long have I used the solution?

I have been using the product for three years.

What do I think about the stability of the solution?

I would rate the product's stability a nine out of ten.

What do I think about the scalability of the solution?

I would rate the tool's scalability an eight out of ten. My company has 10 IT specialists using the product.

How are customer service and support?

The product's support is not very helpful. They suggest things that we already know.

How would you rate customer service and support?

Neutral

How was the initial setup?

I would rate the product's setup an eight out of ten. The tool's deployment took one to two days to complete.

What about the implementation team?

We deployed the solution in-house.

What's my experience with pricing, setup cost, and licensing?

The tool's pricing is expensive and I would rate the pricing a seven out of ten.

What other advice do I have?

I would rate the product an eight out of ten. You need to complete the training before using the product.

    Hospital & Health Care

Promising but immature product

  • April 13, 2023
  • Review provided by G2

What do you like best about the product?
VMDR will show you many of the issues in your organazation from various sources. Dynamic Tags are a great feature if you add the Global Asset View Module
What do you dislike about the product?
Garbage in Garbage Out- Connectors and agents seem unreliable; Authenticated Scanning is difficult to implement, and this is after a year. So your data can be off until you fix your inputs, repeatedly
What problems is the product solving and how is that benefiting you?
VMDR allowed us to show our management our vulnerability posture in an easy to understand format

showing 31 - 40