Best platform for finding/remediating vulnerabilities
October 14, 2019
Best platform for finding/remediating vulnerabilities

Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with Qualys Cloud Platform
It is being used both across the whole organization, as well as at the department level. It is the platform used. It is used mainly for vulnerability scanning endpoints on the network, and then remediating those vulnerabilities. It is also used by some do do reporting and tracking of vulnerabilities. Internally, we mainly use it to scan individual computers, and well as groups of computers within a certain department. With regards to the vulnerabilities, we can determine if patching is needed on the endpoints.
It addresses the business problem of helping to secure networks from intrusions and vulnerabilities. It helps IT see what computers on the network has vulnerabilities, and offers them an opportunity to remediate those vulnerabilities.
It addresses the business problem of helping to secure networks from intrusions and vulnerabilities. It helps IT see what computers on the network has vulnerabilities, and offers them an opportunity to remediate those vulnerabilities.
Pros
- It really does well at vulnerability scanning, which it is well known for. It's accuracy at finding vulnerabilities is top notch, more so than a lot of other vulnerability tools out there. In an organization/company you want this kind of accuracy at finding vulnerabilities in your network/endpoints
- It is very good at managing endpoints on a consistent basis, meaning you can add endpoints to Qualys and have the platform scan/track/protect for vulnerabilities on an ongoing basis, without user intervention
- It does really well at separating out and identifying what levels of criticality each vulnerability should fall into. This way, an organization/company can attack the more critical vulnerabilities first
Cons
- Can be slow at times, namely when scanning endpoints. Scans can take a while, and results may not be immediately known
- For IT personnel that have never used Qualys before, it can take some time to learn the platform, and how to actually use it. Some sort of training or consulting documentation on the product would be beneficial, as it's a more complicated platform
- Automatic password resets for user/admin login to the platform can be frustrating, as this can happen occasionally, without user/admin awareness
- False positives can also be detected, sometimes at a high rate. Need to lessen that as much as possible
- One positive impact is it has helped to increase overall security of the network by proactively monitoring potential vulnerabilities on endpoints.
- Another positive impact it has had was to help to increase efficiencies of the IT support department, by enabling IT support personnel to have a central platform to find/remediate vulnerabilities on user's computers and the network.
We really have not used or evaluated other commercial platforms other the Qualys. This was the only comprehensive platform that was in use in the organization for many years. Prior to a greater adoption by IT personnel in the use of Qualys, IT staff would routinely help to prevent vulnerabilities by making sure systems were up-to-date with the latest patches and updates. Also, malware scanning software was routinely used, to help prevent vulnerabilities/compromises from affecting client machines. All of this was a manual process, which was tedious, but Qualys has really helped to make things more efficient, and has helped to make monitoring/remediating vulnerabilities much easier.
Do you think Qualys TruRisk Platform delivers good value for the price?
Yes
Are you happy with Qualys TruRisk Platform's feature set?
Yes
Did Qualys TruRisk Platform live up to sales and marketing promises?
Yes
Did implementation of Qualys TruRisk Platform go as expected?
I wasn't involved with the implementation phase
Would you buy Qualys TruRisk Platform again?
Yes
Comments
Please log in to join the conversation