Qualys Cloud Platform Reviews

31 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 8.3 out of 100

Do you work for this company? Learn how we help vendors

Overall Rating

Reviewer's Company Size

Last Updated

By Topic




Job Type


Reviews (1-7 of 7)

Companies can't remove reviews or game the system. Here's why.
March 04, 2020
Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
We are using Qualys to monitor all our infrastructure residing in both AWS and Azure infrastructure. We also monitor web URLs. This is used by both IT and operations. We periodically run the scans and get the reports and make sure all the systems are in line with our security policies. As a result of this we are able to correct any violation almost immediately especially around the new resources that are continuously created.
  • Ease of use.
  • Continuous and comprehensive monitoring.
  • Good reporting and alerting mechanism.
  • Seemless JIRA Integration.
  • Automated intelligence to identify and report common issues for a company.
Qualys really covers most of the operational security needs of my team and support for multiple clouds is making it easy for us to go with any cloud. We are able to see the value immediately and correct any potential violations right away. However we are also looking for a system that can proactively identify common mistakes whenever new resources are spun up that can violate our security policies rather flag it later.
We feel Qualys provides required perimeter security for our infrastructure which is hosted on multiple clouds. Together with a comprehensive scanning and continuous monitoring, Qualys is cloud agnostic which gives us flexibility to use it across multiple clouds. We also like the daily reporting and its integration with other productivity tools.
Read this authenticated review
October 14, 2019
Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
It is being used both across the whole organization, as well as at the department level. It is the platform used. It is used mainly for vulnerability scanning endpoints on the network, and then remediating those vulnerabilities. It is also used by some do do reporting and tracking of vulnerabilities. Internally, we mainly use it to scan individual computers, and well as groups of computers within a certain department. With regards to the vulnerabilities, we can determine if patching is needed on the endpoints.

It addresses the business problem of helping to secure networks from intrusions and vulnerabilities. It helps IT see what computers on the network has vulnerabilities, and offers them an opportunity to remediate those vulnerabilities.
  • It really does well at vulnerability scanning, which it is well known for. It's accuracy at finding vulnerabilities is top notch, more so than a lot of other vulnerability tools out there. In an organization/company you want this kind of accuracy at finding vulnerabilities in your network/endpoints
  • It is very good at managing endpoints on a consistent basis, meaning you can add endpoints to Qualys and have the platform scan/track/protect for vulnerabilities on an ongoing basis, without user intervention
  • It does really well at separating out and identifying what levels of criticality each vulnerability should fall into. This way, an organization/company can attack the more critical vulnerabilities first
  • Can be slow at times, namely when scanning endpoints. Scans can take a while, and results may not be immediately known
  • For IT personnel that have never used Qualys before, it can take some time to learn the platform, and how to actually use it. Some sort of training or consulting documentation on the product would be beneficial, as it's a more complicated platform
  • Automatic password resets for user/admin login to the platform can be frustrating, as this can happen occasionally, without user/admin awareness
  • False positives can also be detected, sometimes at a high rate. Need to lessen that as much as possible
It is well suited for environments that are looking for a solution that is top notch for vulnerability scanning, and is the most accurate at doing so. It would also fit environments that have a lot of endpoints to scan or like to have scanning done on an automatic basis.

It is less appropriate in environments that want to use a platform right away, without getting training in how to use it, or reading documentation on the product.
We really have not needed to use many of the support options for Qualys, as our set standards/routines for using the platform have worked well over the years, and there really haven't been a lot of problems with the platform. Qualys does offer good support documentation, that is very detailed and thorough. For other support channels, they have their own website, with links to phone/email/web support, that is also all available all day every day, 365 days of the year. They also have a good Community portal, which users of the software can ask questions or provide answers that will help other users of the platform.
Read this authenticated review
December 09, 2019
Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
Qualys is our main vulnerability management solution, it is responsible for scanning 200+ assets.
  • Really good and up to date vulnerability database
  • Good reporting capabilities
  • PCI ready
  • Price tag
  • Have the license based on live IPs, not on entire subnets, so then you pay for the exactly amount of servers you have.
Qualys is a great vulnerability management solution that can scale from small companies to large companies.
Never had issues with their support. Even when I had the free version of Qualys (community edition), they helped me!
Read this authenticated review
November 06, 2019
Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
We use Qualys as the main vulnerability scanner. It is used to scan the on-premise devices such as servers, switches, etc.
We have several scanners deployed in different locations in order to cover all sites, and scheduled scans that run on a periodic basis.
Qualys helps us to prioritize the mitigation, it includes not only OS patches, but also 3rd party software.
  • Cloud-based management.
  • Detailed info about the findings: reason, effect, risk, mitigations, etc.
  • Clear UI.
  • Additional modules can be added to the same management interface.(single point of management).
  • Notices some findings which were not clear why they appear(suspected false positive).
  • Working with Qualys support(for example due to the previous point) wasn't the best experience. the response was very slow.
  • Qualys limit the daily API requests. In case you need more, it will cost.
Installation: Qualys is a cloud-based service (cloud management), in case you require an offline solution, Qualys is not the solution for you.
You can scan all types of devices: servers, endpoints, network equipment, FW, and much more, including Cloud workloads (they have a dedicated appliance for IaaS).
For endpoints, it's better to use their Agent in order to avoid running the scans over the network. this has an additional cost.
For Compliance needs, Qualys is good enough.
I had a bad experience with Qualys' support, slow response, and cumbersome troubleshooting process.
In one case I had to escalate to 3rd level support, which also took a lot of time.
Read this authenticated review
August 25, 2017
Alex Waitkus, CISSP-ISSAP, OSCP | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
We used the Qualys API and python to create rolling scheduled scans of every 2 weeks for every network for our organization. We first focused on critical and high vulnerabilities with direction to remediate or remove the system within 30 days. We saw a drastic reduction in number of attacks and compromises for systems across the enterprise.
  • API Task scheduling and configuration
  • Threat database updates through authenticated scanning of Windows and Unix operating systems
  • Reporting capabilities
  • The API query can only support limited number of connections in a time period without calling support to request more, I would suggest removing that limitation.
Qualysguard is well suited for all IT vulnerability scanning. Because of its noise (which is configurable) it is not recommended for ICS environments without customization.
Read Alex Waitkus, CISSP-ISSAP, OSCP's full review
July 29, 2016
Alan Matson, CCNA:S, MCP | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
We used Qualysguard to automate testing of our environment for vulnerabilities. We used several groups to run the testing some with longer and more extensive tests. Mostly this was done in two phases, once before a resource was deployed for use and then several times after over duration to ensure any vulnerabilities were caught.
  • User setup for multiple groups
  • Ease of automation, set it and forget it
  • Reporting features were a huge plus
  • Took time to learn the UI
  • Could be cumbersome for first time users
  • Not much online documentation that was useful
Of many of the other vulnerability testing suites I used, this offered the most robust features and, once you learned the UI, was a go-to tool. The reporting was very nice for not only us technical but for reports for management as well that were easy to understand and prioritize fixes.
Read Alan Matson, CCNA:S, MCP's full review
January 22, 2016
Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source

At my current organization, Qualysguard is primarily used for discovery of assets and verification of secure configuration/patching by our security team. Our team is also assessing Qualysguard WAS to build into our secure development practices.

At my previous organization, we provided self-service capability for our engineers designing/building our products to perform their own infrastructure scans to identify security configuration flaws as early in the build process as possible. We also used Qualysguard for discovery of assets and verification of secure configuration/patching.

In both organizations, Qualysguard has added a ton of value.

  • Discovery of assets on a network.
  • Identifying infrastructure security configuration flaws for a number of different OS types.
  • Easy UI to navigate.
  • Easier way for VM scan custom profile management. A way to determine if there are duplicate scan profiles created to reduce redundancy with multiple administrators.
  • This may have been addressed, but my previous organization had a lot of difficulties integrating Qualysguard with RSAM.
  • Add trending over time capabilities to dashboard.
I've seen Qualysguard work really well for discovery, however you need to have good knowledge of your organization's network topology to ensure Qualys is able to access. In some cases you may end up requiring multiple appliances due to capacity or access contraints. Qualysguard is also very good for verifying patching, server hardening configurations, and other compliance requirements.
Read this authenticated review

Qualys Cloud Platform Scorecard Summary

What is Qualys Cloud Platform?

The Qualys Cloud Platform (formerly Qualysguard), from San Francisco-based Qualys, is network security and vulnerability management software featuring app scanning and security, network device mapping and detection, vulnerability prioritization schedule and remediation, and other features to provide vulnerability management and network attack surface reduction.

Qualys Cloud Platform Technical Details

Operating Systems: Unspecified
Mobile Application:No