- API Task scheduling and configuration
- Threat database updates through authenticated scanning of Windows and Unix operating systems
- Reporting capabilities
- The API query can only support limited number of connections in a time period without calling support to request more, I would suggest removing that limitation.
- User setup for multiple groups
- Ease of automation, set it and forget it
- Reporting features were a huge plus
- Took time to learn the UI
- Could be cumbersome for first time users
- Not much online documentation that was useful
At my current organization, Qualysguard is primarily used for discovery of assets and verification of secure configuration/patching by our security team. Our team is also assessing Qualysguard WAS to build into our secure development practices.
At my previous organization, we provided self-service capability for our engineers designing/building our products to perform their own infrastructure scans to identify security configuration flaws as early in the build process as possible. We also used Qualysguard for discovery of assets and verification of secure configuration/patching.
In both organizations, Qualysguard has added a ton of value.
- Discovery of assets on a network.
- Identifying infrastructure security configuration flaws for a number of different OS types.
- Easy UI to navigate.
- Easier way for VM scan custom profile management. A way to determine if there are duplicate scan profiles created to reduce redundancy with multiple administrators.
- This may have been addressed, but my previous organization had a lot of difficulties integrating Qualysguard with RSAM.
- Add trending over time capabilities to dashboard.