Best platform for finding/remediating vulnerabilities
Anonymous | TrustRadius Reviewer
October 14, 2019

Best platform for finding/remediating vulnerabilities

Score 9 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with Qualys Cloud Platform (formerly Qualysguard)

It is being used both across the whole organization, as well as at the department level. It is the platform used. It is used mainly for vulnerability scanning endpoints on the network, and then remediating those vulnerabilities. It is also used by some do do reporting and tracking of vulnerabilities. Internally, we mainly use it to scan individual computers, and well as groups of computers within a certain department. With regards to the vulnerabilities, we can determine if patching is needed on the endpoints.

It addresses the business problem of helping to secure networks from intrusions and vulnerabilities. It helps IT see what computers on the network has vulnerabilities, and offers them an opportunity to remediate those vulnerabilities.
  • It really does well at vulnerability scanning, which it is well known for. It's accuracy at finding vulnerabilities is top notch, more so than a lot of other vulnerability tools out there. In an organization/company you want this kind of accuracy at finding vulnerabilities in your network/endpoints
  • It is very good at managing endpoints on a consistent basis, meaning you can add endpoints to Qualys and have the platform scan/track/protect for vulnerabilities on an ongoing basis, without user intervention
  • It does really well at separating out and identifying what levels of criticality each vulnerability should fall into. This way, an organization/company can attack the more critical vulnerabilities first
  • Can be slow at times, namely when scanning endpoints. Scans can take a while, and results may not be immediately known
  • For IT personnel that have never used Qualys before, it can take some time to learn the platform, and how to actually use it. Some sort of training or consulting documentation on the product would be beneficial, as it's a more complicated platform
  • Automatic password resets for user/admin login to the platform can be frustrating, as this can happen occasionally, without user/admin awareness
  • False positives can also be detected, sometimes at a high rate. Need to lessen that as much as possible
  • One positive impact is it has helped to increase overall security of the network by proactively monitoring potential vulnerabilities on endpoints.
  • Another positive impact it has had was to help to increase efficiencies of the IT support department, by enabling IT support personnel to have a central platform to find/remediate vulnerabilities on user's computers and the network.
We really have not used or evaluated other commercial platforms other the Qualys. This was the only comprehensive platform that was in use in the organization for many years. Prior to a greater adoption by IT personnel in the use of Qualys, IT staff would routinely help to prevent vulnerabilities by making sure systems were up-to-date with the latest patches and updates. Also, malware scanning software was routinely used, to help prevent vulnerabilities/compromises from affecting client machines. All of this was a manual process, which was tedious, but Qualys has really helped to make things more efficient, and has helped to make monitoring/remediating vulnerabilities much easier.
We really have not needed to use many of the support options for Qualys, as our set standards/routines for using the platform have worked well over the years, and there really haven't been a lot of problems with the platform. Qualys does offer good support documentation, that is very detailed and thorough. For other support channels, they have their own website, with links to phone/email/web support, that is also all available all day every day, 365 days of the year. They also have a good Community portal, which users of the software can ask questions or provide answers that will help other users of the platform.

Do you think Qualys Cloud Platform (formerly Qualysguard) delivers good value for the price?


Are you happy with Qualys Cloud Platform (formerly Qualysguard)'s feature set?


Did Qualys Cloud Platform (formerly Qualysguard) live up to sales and marketing promises?


Did implementation of Qualys Cloud Platform (formerly Qualysguard) go as expected?

I wasn't involved with the implementation phase

Would you buy Qualys Cloud Platform (formerly Qualysguard) again?


It is well suited for environments that are looking for a solution that is top notch for vulnerability scanning, and is the most accurate at doing so. It would also fit environments that have a lot of endpoints to scan or like to have scanning done on an automatic basis.

It is less appropriate in environments that want to use a platform right away, without getting training in how to use it, or reading documentation on the product.