The Swiss Army Knife of SecTools
July 31, 2025

The Swiss Army Knife of SecTools

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with Qualys VMDR

The question to ask this is - what DOESN'T Qualys VMDR not do? Here are the widgets I have used: - Vuln scans of devices (server/PC/network) - Patch mgmt - Threat intel feed (with prioritization & use of MITRE) - Asset mgmt - PCI ASV onboard

Pros

  • Seamless reporting across the different widgets (i.e. TruRisk)
  • DEEP-DIVE into an asset's info/vulns
  • Baked-in PCI ASV scans that a Qualys QSA can approve

Cons

  • Add the container feature a little better
  • Less of use API's & more connectors to keep it simple for onboarding data
  • Agent for network devices - akin to what I get for server/desktop
  • Taking the man-hours out & doing it with Qualys VMDR Vuln scans (i.e. CAPAT)
  • Same for patch mgmt
  • TruRisk gives super info on what your attack surface looks like
Most of it is great
You can widgets galore from Qualys VMDR whereas with the others noted it's really vuln scanning.

Do you think Qualys VMDR delivers good value for the price?

Yes

Are you happy with Qualys VMDR's feature set?

Yes

Did Qualys VMDR live up to sales and marketing promises?

Yes

Did implementation of Qualys VMDR go as expected?

Yes

Would you buy Qualys VMDR again?

No

For any company that does not have a bottomless budget & endless resources this is perfect. Which is most companies - you get multiple features OOTB for an incredibly reasonable cost. I look forward to using Qualys VMDR again.

Qualys VMDR Feature Ratings

Vulnerability Management Tools
9.0
IT Asset Realization
9
Authentication
8
Configuration Monitoring
9
Web Scanning
9
Vulnerability Intelligence
10
Threat Intelligence
8.6
Network Analytics
7
Vulnerability Classification
10
Automated Alerts and Reporting
10
Threat Analysis
9
Threat Intelligence Reporting
8
Automated Threat Identification
8
Threat Recognition
8

Using Qualys VMDR

4 - These are all IT - either security/compliance (all functions of Qualys VMDR) or IT INFR (vuln scan reports and/or patching)
1 - I own the service outright & manage it entirely (i.e. initial configuration, connections/integrations, asset discovery, etc).
  • Vuln mgmt - previously there was nothing done
  • Patching - having it done by same app as vuln scans is great
  • TruRisk - gives a 30K-foot view of risk posed by all assets onboarded
  • Threat Intel & MITRE
  • DEV crew gets reports of vulns that exist (they had no clue prior)
  • CTO gets to see the TruRisk reports
  • IT sees whatever assets they are curious about in DETAIL
  • Containers
  • Adding network devices via the appliance (virtual for GCP)
  • Anticipated future integrations
Next to Veeam (which is a tremendous product for backup/DR) this is the best service/software I have used in the past three decades.

Should be called the Swiss Army Knife of security.

Evaluating Qualys VMDR and Competitors

  • Integration with Other Systems
The sheer amount of integrations - especially as companies move towards AWS/GCP/Azure, etc. - makes for very simple admin. It takes (literally) a few minutes to set up one of the connectors to get robust information.
Would not change a thing. I use a "scorecard" to compare/contrast common features across vendors (i.e. feature gets weighted & scored 1-10; I also have 2-3 ITers do their own grading). Qualys VMDR was the clear winner.

Qualys VMDR Implementation

Not really - the integrations via connectors is not heavy lifting. Any complexity has to do with a service that requires more steps (i.e. AWS/GCP)
  • Implemented in-house
Change management was a minor issue with the implementation - Outside of alerting need-to-know staff about the install of agents or integrations, no stress. Agents are HARMLESS & integrations did not result in outage

Qualys VMDR Training

Configuring Qualys VMDR

There should be detailed videos showing step-by-step for ALL configs.
I learn by viewing
No - we have not done any customization to the interface
No - we have not done any custom code

Qualys VMDR Support

Support for the most part has been very good - there were a couple of instances a more junior support engineer could not answer a question. I would ask them to escalate to resolve.
ProsCons
Quick Resolution
Good followup
Knowledgeable team
Problems get solved
Kept well informed
Immediate help available
Quick Initial Response
None
The cost - most SMB's are in the same boat. You get the minimum & then have to live with the headache of not getting a resolution quickly.

Using Qualys VMDR

ProsCons
Like to use
Relatively simple
Technical support not required
Well integrated
Consistent
Convenient
Feel confident using
Difficult to use
  • Asset discovery
  • Vuln reports
  • Patching
Yes, but I don't use it

Qualys VMDR Reliability

Outside some pretty arcane apps or OS this is painless. The problem - and self-inflicted - is that older stuff is not supported.
Always available with the exception on maint windows
Once in a while it would be slow -

Integrating Qualys VMDR

outside of the need to write an API/REST connection integration is easy
Not difficult at all
  • File import/export
  • API (e.g. SOAP or REST)
If you are not an expert with API's consult ChatGPT or other AI to help write them :-)

Relationship with Qualys

There needs to be absolute clarity on what you get with a subscription. And it'd be nice NOT to see features you haven't purchased. CLUTTER.
Nothing outside the usual
MOSTLY good - but as noted having all features purchased on portal only - nothing that is not purchased.

Upgrading Qualys VMDR

Comments

More Reviews of Qualys VMDR

  1. Home
  2. Vulnerability Management Tools
  3. Qualys VMDR Reviews
  4. User Review of Qualys VMDR