Integrate Security in the Early Stages of your Software Development Lifecycle
We use Qualys Cloud Platform to perform automated Web App Scans on internally developed platforms. Once set, and with the scheduled scans …
Overview
What is Qualys Cloud Platform?
The Qualys Cloud Platform (formerly Qualysguard), from San Francisco-based Qualys, is network security and vulnerability management software featuring app scanning and security, network device mapping and detection, vulnerability prioritization schedule and remediation, and other features to provide vulnerability management and…
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- IT Asset Realization (9)8.888%
- Web Scanning (8)8.888%
- Vulnerability Classification (7)8.787%
- Threat Recognition (7)8.383%
Reviewer Pros & Cons
Pricing
N/A
Unavailable
What is Qualys Cloud Platform?
The Qualys Cloud Platform (formerly Qualysguard), from San Francisco-based Qualys, is network security and vulnerability management software featuring app scanning and security, network device mapping and detection, vulnerability prioritization schedule and remediation, and other features to…
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting / Integration Services
Would you like us to let the vendor know that you want pricing?
85 people also want pricing
Alternatives Pricing
What is Microsoft Defender for Endpoint?
Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection…
What is CrowdStrike Falcon?
CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment with no…
Features
Return to navigation
Product Details
- About
- Tech Details
- FAQs
What is Qualys Cloud Platform?
Qualys Cloud Platform Video
Qualys Cloud Platform
Qualys Cloud Platform Technical Details
| Operating Systems | Unspecified |
|---|---|
| Mobile Application | No |
Frequently Asked Questions
The Qualys Cloud Platform (formerly Qualysguard), from San Francisco-based Qualys, is network security and vulnerability management software featuring app scanning and security, network device mapping and detection, vulnerability prioritization schedule and remediation, and other features to provide vulnerability management and network attack surface reduction.
Reviewers rate Automated Alerts and Reporting highest, with a score of 9.
The most common users of Qualys Cloud Platform are from Enterprises (1,001+ employees).
Comparisons
Compare with
Reviews and Ratings
(85)Attribute Ratings
Reviews
(1-25 of 25)Companies can't remove reviews or game the system. Here's why
We use Qualys Cloud Platform to perform automated Web App Scans on internally developed platforms. Once set, and with the scheduled scans features, there's no more heavy lifting: just wait for the notifications either via mail or the ticketing system, download the report in pdf format, and escalate/assign to the right stakeholders.
- Scheduled scans.
- Detailed reports with graphs.
- Notify when there's a [potential] vulnerability
- Modernize the Web GUI.
January 24, 2023
Qualys Review
Qualys is used to scan periodically the environment in order to check if there are some packages (Linux) or Applications (Windows) outdated, generating reports to the Service Owners to let them know what's the current situation regarding their environment to schedule
- OS inventory
- Updated Database
- Vulnerability Addressed
- Reports should be improved
- Knowledge Base (forums)
- documentation
January 23, 2023
Qualys Cloud Platform is a great program.
The performance that we have had with this program has been great since it has been the only program that has offered us a long list of options to scan as well as manage the level of vulnerability in all the applications and websites where our system runs, thanks With the help of Qualys Cloud Platform you can see in detail all the IT services that I use the most.
- One of the main features that I like about this program is the multiple options and powerful functions that I have at my fingertips to strengthen the security of my system.
- Qualys Cloud Platform is a great program that gives the opportunity to all its users to keep track of each of the processes on the web, complying with the mandatory policies and manipulating the least risky applications.
- Thanks to the support of this program, all my commercial projects on the web are entirely safe; Qualys Cloud Platform will take care of avoiding each of the threats on the web.
- This program is really complicated, the multiple functions that are presented to us are not very clear and in some cases, it is a matter of intuition to execute a function, it is not very informative.
- The interface of this program can be a real problem; for our taste, this program looks a bit messy, and the interface does not help or guide you to find the options you need.
January 20, 2023
Qualys strikes again
Qualys Cloud Platform (specifically the Global AssetView module) enabled us to manage, view, and control all devices and endpoints in our organizations and sort them in various ways, push scripts selectively based on group, and generally keep things organized in a way that helped our whole team understand where everything was, and what state it was in, and address concerns immediately if need be.
- Sorting
- Tags
- Patching
- UI
- Response Time
- Inaccurate Updating
January 19, 2023
Qualys Cloud Platform review
We use Qualys Cloud Platform to help us to
identify vulnerabilities, monitor for threats, and respond to security
incidents.
The automation of the scanning and reporting, saves us a lot of time and makes it possible to be aware of the security level of both our internal and external systems and to detect vulnerabilities and prioritize the remediation of them.
The automation of the scanning and reporting, saves us a lot of time and makes it possible to be aware of the security level of both our internal and external systems and to detect vulnerabilities and prioritize the remediation of them.
- automated web application scanning
- automated reporting
- cloud asset management
- remediation guidance
- 2fa options are too limited right now
- adding domains and networks needs a better and easier way
- discovery and scanning setup could be better integrated
- not all modules integrate well with eachother
January 11, 2023
Qualys Cloud Platform for Patch Management is a quick and effective tool to get started
We used the platform as a part of the Patch Management tool for us and our customer environments. It was good and effective tool, to work on the patching activities, with ease of access, smooth functioning. When compared to other tools this was a bit cost effective and also was worth the purchase.
- Ease of use
- Simplified UI
- Simple operations
- Have more integrations for Patching Support
- Better customer support
- Support for Zero Day Vulnerability patching
January 10, 2023
Qualys Cloud Platform is a trusted solution for global security visibility, detection and remediation
We use Qualys cloud platform to monitor our network security, monitor public and privately hosted web applications, and also for asset discovery, threat protection and compliance monitoring. It is a comprehensive security platform that gives us a global single pane of glass view into the security of our network and critical applications.
- web application scanning
- threat protection
- policy compliance
- File integrity monitoring
- Asset discovery
- Threat protection
- Certificate inventory
- PCI compliance
January 10, 2023
A single guard on door with thousand hands.
Score 9 out of 10
Vetted Review
Verified User
Integration was one of our key challenges as we were going through a consolidation of many tools. Bringing everything together and getting visibility in one Qualys dashboard has helped us. To secure our IT infrastructure and manage all risks related to our assets in one place is very easy now. Now we can see everything related to asset on dashboard and take action quickly.
- Infrastructure Security
- Network Security
- Cloud Security
- Asset Management
- Patch Management
- Application Security
- Ghost/Shadow Asset Scanning
January 09, 2023
Automated Threat Protection reaches all corners of our organization to provide an end-to-end security solution for the 21st Century
Qualys Cloud Platform provides our organization with the tools needed to protect our organization, from end-to-end. It bolsters our security stance in a multi-faceted approach, including our IT infrastructure, our data and applications in the cloud, our endpoints, and compliance all over the world. The best feature of Qualys would be it's automated threat protection which gives us alerts & warnings in realtime, leading to actionable insights that keep our business secure.
- Real time threat protection, with alerts & remediation
- Total visibility into the security of our organization via a single-pane
- Easily scalable for additional infrastructure, end users, and policy updates
- Customer support tends to be slower, often leading to the tail end of guaranteed SLA's
- Major downside is that QCP charges you for each scanner, leading to high cost
- False positives can end up wasting more time, rather than saving it
Qualys Policy Compliance helps an organization to create policy, establish controls, write user-defined controls and manage the entire compliance of the organization. It also has an easy-to-use UI and creates a unified dashboard that helps C-level executives with decision-making based on the security posture of the organization. Based on the reports and dashboard, it's easy to take corrective action.
- Controls Management.
- Unified dashboard for security posture.
- Organization security policy effectiveness.
- Ease of configuration.
- Some of the tasks to select sensors can be automated.
- Controls customisation can be improved.
- Technology support can be improved.
March 15, 2022
Qualys Cloud: Holistic approach to Cloud Security
** To use Qualys Cloud to continuously assess the workloads in the multi-cloud environment and make sure they are in line with our security policies
** Application Security and Policy Compliance
** Reduce risk and increase their levels of
compliance in a cost-effective manner
**Detect and prioritise
vulnerabilities and misconfigurations across the IT estate, as well as
supporting automated patching and remediation activities
- Vulnerability management
- Patch management
- Reporting and alerting mechanism
- Addressing false positives
- JIRA Integration
- UI interface could be cumbersome for first time users
December 28, 2021
Qualys cloud: good product to use
In my previous organisation (capgemini), I had implemented and used qualys for vulnerability scanning and management. It is very user friendly tool and it has very organised way to manage the scanning asset and option profile as well as reporting service and remediation steps. Can be easily integrated with splunk to get the logs at centralised location to investigate and monitor the status of patching.
- Patch management
- Scanning the assets
- Maintaining option profile
- Reporting service
- Reporting service should be available in excel or csv mode
- Panel for vulnerabilities by category in dashboard
- Integrated with splunk to monitor the status of missing patch
We use the Qualys Cloud Platform for three main strands in our information security. Firstly it gives us excellent visibility of internal and external vulnerabilities across our technology estate. This allows us to identify any potential gaps in software patching, and determine whether any vulnerable end-of-life software is installed on any of our physical or virtual devices. Secondly, we use Qualys for scheduling, analysing and managing PCI scans, a requirement of our PCI DSS certification as a Level 1 service provider. Finally, and more and more crucially as we migrate an increasing number of workloads into the cloud, we use the Qualys CloudView product to report on any potential insecure configuration issues across our AWS & Azure estates. Using a single vendor for these three key pieces of functionality enables us to better manage costs, and leverage our existing customer success relationship. Qualys are excellent both at reactive customer support for security incidents or technical queries, and proactively reaching out to us to make sure we're both making the best use of the functionality included in our existing contract and working with us to see if there's anything they can do to help with our emerging and ongoing security challenges and requirements.
- Internal & external vulnerability management
- Visibility of cloud security configuration issues
- Completion of PCI ASV requirements
- Cheaper entry-level offerings for startups and SMEs
- Static, dynamic and third-party software security scans
- Redesign user interface to be more intuitive and responsive, with a consistent user experience across all components of the platform
May 03, 2021
Qualys WAS has a lot of scope for improvement
We used it for pre-release scans of our products each month. It was used by the Information Security team who would help the Development teams to ensure that products are bug-free before they get released to our customers.
- Scan configurations were quick and easy.
- Offers wide range of settings for more targeted scans
- Informative reports
- Navigation is pretty complex and involves a lot of pages to click through
- Redundantly scans pages in vain with little to no modification in the alphanumeric query parameter values
- Scan duration and coverage
September 12, 2020
Beware of Qualys
We currently use Qualys for threat detection and penetration testing on several of our SaaS solutions. We also install the cloud agent on every workstation. Only the IT and IS departments have access to the admin console. The business problem that it addresses is vulnerability scanning and increases the hardening of our critical systems.
- Penetration Testing
- Threat detection
- Vulnerability scanning
- Difficult to use
- Poor support
- Hard to control threats on workstations
March 04, 2020
Happy Qualys user.
We are using Qualys to monitor all our infrastructure residing in both AWS and Azure infrastructure. We also monitor web URLs. This is used by both IT and operations. We periodically run the scans and get the reports and make sure all the systems are in line with our security policies. As a result of this we are able to correct any violation almost immediately especially around the new resources that are continuously created.
- Ease of use.
- Continuous and comprehensive monitoring.
- Good reporting and alerting mechanism.
- Seemless JIRA Integration.
- Automated intelligence to identify and report common issues for a company.
January 15, 2020
Delivers as intended!
We installed Qualys Policy and Compliance approx. 1 year ago in order to help automate our assets security configuration profile and be alerted when something deviates. This helps keep our yearly attestations in check with minimal manual research. This aids in not only compliance but greatly increases our security posture by alerting when an IT administrator or client support staff install something outside normal approved software.
- Reporting - Qualys PC does a fantastic job in this arena. Reports are easy to customize and decipher.
- Very nice and easy to read dashboard.
- It's unfortunate that Policy and Compliance is an add-on to their Vulnerability scanning platform.
- The GUI could be a little less complicated.
Qualys is our main vulnerability management solution, it is responsible for scanning 200+ assets.
- Really good and up to date vulnerability database
- Good reporting capabilities
- PCI ready
- Price tag
- Have the license based on live IPs, not on entire subnets, so then you pay for the exactly amount of servers you have.
November 06, 2019
A decent vulnerability scan platform
We use Qualys as the main vulnerability scanner. It is used to scan the on-premise devices such as servers, switches, etc.
We have several scanners deployed in different locations in order to cover all sites, and scheduled scans that run on a periodic basis.
Qualys helps us to prioritize the mitigation, it includes not only OS patches, but also 3rd party software.
We have several scanners deployed in different locations in order to cover all sites, and scheduled scans that run on a periodic basis.
Qualys helps us to prioritize the mitigation, it includes not only OS patches, but also 3rd party software.
- Cloud-based management.
- Detailed info about the findings: reason, effect, risk, mitigations, etc.
- Clear UI.
- Additional modules can be added to the same management interface.(single point of management).
- Notices some findings which were not clear why they appear(suspected false positive).
- Working with Qualys support(for example due to the previous point) wasn't the best experience. the response was very slow.
- Qualys limit the daily API requests. In case you need more, it will cost.
October 14, 2019
Best platform for finding/remediating vulnerabilities
It is being used both across the whole organization, as well as at the department level. It is the platform used. It is used mainly for vulnerability scanning endpoints on the network, and then remediating those vulnerabilities. It is also used by some do do reporting and tracking of vulnerabilities. Internally, we mainly use it to scan individual computers, and well as groups of computers within a certain department. With regards to the vulnerabilities, we can determine if patching is needed on the endpoints.
It addresses the business problem of helping to secure networks from intrusions and vulnerabilities. It helps IT see what computers on the network has vulnerabilities, and offers them an opportunity to remediate those vulnerabilities.
It addresses the business problem of helping to secure networks from intrusions and vulnerabilities. It helps IT see what computers on the network has vulnerabilities, and offers them an opportunity to remediate those vulnerabilities.
- It really does well at vulnerability scanning, which it is well known for. It's accuracy at finding vulnerabilities is top notch, more so than a lot of other vulnerability tools out there. In an organization/company you want this kind of accuracy at finding vulnerabilities in your network/endpoints
- It is very good at managing endpoints on a consistent basis, meaning you can add endpoints to Qualys and have the platform scan/track/protect for vulnerabilities on an ongoing basis, without user intervention
- It does really well at separating out and identifying what levels of criticality each vulnerability should fall into. This way, an organization/company can attack the more critical vulnerabilities first
- Can be slow at times, namely when scanning endpoints. Scans can take a while, and results may not be immediately known
- For IT personnel that have never used Qualys before, it can take some time to learn the platform, and how to actually use it. Some sort of training or consulting documentation on the product would be beneficial, as it's a more complicated platform
- Automatic password resets for user/admin login to the platform can be frustrating, as this can happen occasionally, without user/admin awareness
- False positives can also be detected, sometimes at a high rate. Need to lessen that as much as possible
January 21, 2019
I love Qualys PC
I am a Qualys Consultant, so we use Qualys Policy Compliance (PC) as a tool for clients and assist in the purchase and install of Qualys products. For the money I find Qualys to be the most sensible investment a small to medium-sized company can make.
- Attestation is so easy with Qualys. I find this one feature makes the investment worth the cost
- Ease of use. Within an hour of first installing, a person can be running compliance tests without a hitch.
- Great training materials and support. I have never had to take more than twenty minutes to solve a problem either through support or the forums.
- You must learn the terminology which can cause problems but is a minor thing.
August 25, 2017
Qualysguard to improve the quality of your security posture
We used the Qualys API and python to create rolling scheduled scans of every 2 weeks for every network for our organization. We first focused on critical and high vulnerabilities with direction to remediate or remove the system within 30 days. We saw a drastic reduction in number of attacks and compromises for systems across the enterprise.
- API Task scheduling and configuration
- Threat database updates through authenticated scanning of Windows and Unix operating systems
- Reporting capabilities
- The API query can only support limited number of connections in a time period without calling support to request more, I would suggest removing that limitation.
July 29, 2016
The better vulnerability management tool
We used Qualysguard to automate testing of our environment for vulnerabilities. We used several groups to run the testing some with longer and more extensive tests. Mostly this was done in two phases, once before a resource was deployed for use and then several times after over duration to ensure any vulnerabilities were caught.
- User setup for multiple groups
- Ease of automation, set it and forget it
- Reporting features were a huge plus
- Took time to learn the UI
- Could be cumbersome for first time users
- Not much online documentation that was useful
At my current organization, Qualysguard is primarily used for discovery of assets and verification of secure configuration/patching by our security team. Our team is also assessing Qualysguard WAS to build into our secure development practices.
At my previous organization, we provided self-service capability for our engineers designing/building our products to perform their own infrastructure scans to identify security configuration flaws as early in the build process as possible. We also used Qualysguard for discovery of assets and verification of secure configuration/patching.
In both organizations, Qualysguard has added a ton of value.
- Discovery of assets on a network.
- Identifying infrastructure security configuration flaws for a number of different OS types.
- Easy UI to navigate.
- Easier way for VM scan custom profile management. A way to determine if there are duplicate scan profiles created to reduce redundancy with multiple administrators.
- This may have been addressed, but my previous organization had a lot of difficulties integrating Qualysguard with RSAM.
- Add trending over time capabilities to dashboard.
November 12, 2015
Qualys, Vulnurability Management For The Pros
As an enterprise wide vulnerability management solution, Qualys Private Cloud Platform has given us a very keen insight into our security posture both internally and externally. Like most global enterprises, our landscape is very diverse and the ease with which Qualys Private Cloud Platform embraced that landscape has made this a valuable tool indeed. From Windows to UNIX to NAS appliances, we have been able to bring everything into view.
- The first benefit is actually in the vendor. Qualys provides free instructor-led training.
- Ease of use in a diverse environment.
- The Qualys Private Cloud Platform has a complete suite of reporting capabilities so you can use your data quickly.
- The way that devices are catalogued can be tough in a DHCP environment.