We have several …
At my current organization, Qualysguard is primarily used for discovery of assets and verification of secure configuration/patching by our …
Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of Qualys Cloud Platform, and make your voice heard!
Entry-level set up fee?
- No setup fee
- Free Trial
- Free/Freemium Version
- Premium Consulting / Integration Services
Would you like us to let the vendor know that you want pricing?
- Vulnerability management
- Patch management
- Reporting and alerting mechanism
- Addressing false positives
- JIRA Integration
- UI interface could be cumbersome for first time users
- Patch management
- Scanning the assets
- Maintaining option profile
- Reporting service
- Reporting service should be available in excel or csv mode
- Panel for vulnerabilities by category in dashboard
- Integrated with splunk to monitor the status of missing patch
- Internal & external vulnerability management
- Visibility of cloud security configuration issues
- Completion of PCI ASV requirements
- Cheaper entry-level offerings for startups and SMEs
- Static, dynamic and third-party software security scans
- Redesign user interface to be more intuitive and responsive, with a consistent user experience across all components of the platform
- Ease of use.
- Continuous and comprehensive monitoring.
- Good reporting and alerting mechanism.
- Seemless JIRA Integration.
- Automated intelligence to identify and report common issues for a company.
- Really good and up to date vulnerability database
- Good reporting capabilities
- PCI ready
- Price tag
- Have the license based on live IPs, not on entire subnets, so then you pay for the exactly amount of servers you have.
- Cloud-based management.
- Detailed info about the findings: reason, effect, risk, mitigations, etc.
- Clear UI.
- Additional modules can be added to the same management interface.(single point of management).
- Notices some findings which were not clear why they appear(suspected false positive).
- Working with Qualys support(for example due to the previous point) wasn't the best experience. the response was very slow.
- Qualys limit the daily API requests. In case you need more, it will cost.
- It really does well at vulnerability scanning, which it is well known for. It's accuracy at finding vulnerabilities is top notch, more so than a lot of other vulnerability tools out there. In an organization/company you want this kind of accuracy at finding vulnerabilities in your network/endpoints
- It is very good at managing endpoints on a consistent basis, meaning you can add endpoints to Qualys and have the platform scan/track/protect for vulnerabilities on an ongoing basis, without user intervention
- It does really well at separating out and identifying what levels of criticality each vulnerability should fall into. This way, an organization/company can attack the more critical vulnerabilities first
- Can be slow at times, namely when scanning endpoints. Scans can take a while, and results may not be immediately known
- For IT personnel that have never used Qualys before, it can take some time to learn the platform, and how to actually use it. Some sort of training or consulting documentation on the product would be beneficial, as it's a more complicated platform
- Automatic password resets for user/admin login to the platform can be frustrating, as this can happen occasionally, without user/admin awareness
- False positives can also be detected, sometimes at a high rate. Need to lessen that as much as possible
- API Task scheduling and configuration
- Threat database updates through authenticated scanning of Windows and Unix operating systems
- Reporting capabilities
- The API query can only support limited number of connections in a time period without calling support to request more, I would suggest removing that limitation.
- User setup for multiple groups
- Ease of automation, set it and forget it
- Reporting features were a huge plus
- Took time to learn the UI
- Could be cumbersome for first time users
- Not much online documentation that was useful
- Discovery of assets on a network.
- Identifying infrastructure security configuration flaws for a number of different OS types.
- Easy UI to navigate.
- Easier way for VM scan custom profile management. A way to determine if there are duplicate scan profiles created to reduce redundancy with multiple administrators.
- This may have been addressed, but my previous organization had a lot of difficulties integrating Qualysguard with RSAM.
- Add trending over time capabilities to dashboard.