Categories:

#1

Qualys is ranked #1 in the Credit Risk Management Software product directory based on the latest available data collected by SelectHub. Compare the leaders with our In-Depth Report.

Qualys Benefits and Insights

Why use Qualys?

Key differentiators & advantages of Qualys

  • Reduce Cost: Separately acquire and pay for modules based on requirements. 
  • Minimize Risks: Discover asset vulnerabilities with host scans and automatically patch them with no additional user input. 
  • Detailed Reports: Drill deeper into discovered threats with in-depth vulnerability reports and remediation recommendations. Get all the required information and choose the best possible patching option. 
  • Cloud-Based Data Storage: Provides 24/7 access to security and threat data from any device with an active internet connection. 
  • Automated Scans: Offers round-the-clock protection by setting up automated scans via built-in templates. 

Industry Expertise

Designed for all industries, including healthcare, education, energy, manufacturing, retail, technology, telecommunications, transportation and more.

Qualys Reviews

Average customer reviews & user sentiment summary for Qualys:

User satisfaction level icon: great

301 reviews

85%

of users would recommend this product

Synopsis of User Ratings and Reviews

Based on an aggregate of Qualys reviews taken from the sources above, the following pros & cons have been curated by a SelectHub Market Analyst.

Pros

  • Functionality: 90% of users who reviewed this element appreciated the platform’s functions, including asset management, patch management, corporate scanning, patch manager and scan maps.
  • Ease of Use: According to 59% of users who reviewed this aspect, the system’s intuitive UI makes it easy to use and navigate.
  • Reporting: 81% of users who mentioned this feature said they were satisfied with the detailed and accurate vulnerability descriptions in threat reports.
  • Service and Support: According to 67% of users reviewing this element, the technical support team is responsive and resourceful.
  • Deployment: 80% of users who reviewed deployment found it straightforward.
  • Integration: All the users who mentioned this element were satisfied with the choice and quality of integrations.

Cons

  • Speed and Performance: 87% of users who reviewed performance experienced false positives, inaccurate scan results, slow scans and unexpected downtimes.
  • Cost: According to 82% of users mentioning this aspect, the solution’s pricing strategy makes it very expensive.

Researcher's Summary:

Qualys is a cloud-based platform that allows users to pick and choose modules depending on their requirements. Its vulnerability management, patch management and reporting modules are some of the best in the category. In addition, integrations with third-party enterprise software make it an end-to-end solution that can take care of all your risk management needs.

However, adding too many modules together can drive up costs. Its speed and testing accuracy can also suffer at times. Nevertheless, considering its comprehensive kit, simple UI and knowledgeable support team, Qualys stands out amongst its competitors.

Key Features

  • Infrastructure Security: Monitor threats in real time, analyze compliance risks and run reports with a powerful data analysis engine. Always maintain a 360-degree view of IT infrastructure security. 
    • Infrastructure Inventory: Survey the organization’s IT architecture to detect and catalog all connected assets automatically. Get a direct feed on the dashboard of product information, hardware/software life cycles, software licenses, running services, and more. Categorize assets according to product families and custom tags. 
    • Vulnerability Management: Accurately monitor all system assets with the Six Sigma scanning functionality. Run security assessment reports, assign remediation tickets and manage application exceptions. The Qualys security configuration assessment (SCA) manages all security-related configuration issues with CIS-certified controls and policies. 
    • Continuous Surveillance: Receive vulnerability alerts in real time with continuous monitoring. Set up custom surveillance profiles and datasets to detect unexpected hosts, expiring SSL certificates, open ports, undesired software and other severe vulnerabilities. 
    • File Integrity Monitoring: Monitor operating systems globally to manage core events, keep tabs on file integrity and capture change incidents. Use preconfigured industry-specific protocols to maintain file integrity and compliance requirements. 
    • System Monitoring: Safeguard the system against vulnerabilities, exploitations and misconfigurations with the multi-vector endpoint detection and response module. Get vital context and insights into security incidents by correlating multiple context vectors. Acquire complete visibility of endpoint processes and threat remediation. 
    • Remediation Response: Automatically correlate asset inventory against a vulnerability disclosure live feed to determine critical threats. Search for specific product information and vulnerabilities with customizable queries. Filter threats according to its real-time threat indicator (RTI). 
  • Cloud Security: Protect both hybrid and public cloud environments with platform-wide security coverage, complete asset visibility and virtual scanner applications. 
    • Asset Management: Secure cloud assets and public workloads with real-time tracking and classification of vulnerability instances. 
    • Prioritize Remediation: Automatically target critical vulnerabilities first with the Threat Protections module’s Live Threat Intelligence Feed. 
    • Compliance: Investigate applications, operating systems and network devices for compliance failure and configuration drift. Streamline the organization’s compliance assessments with preconfigured policies using CIS Benchmarks. Create technology-specific custom controls and run reports for risk managers, auditors and executives. 
    • Account Security: Maintain a holistic view of cloud accounts, assets and services with its Cloud Inventory module. Safeguard against misconfigurations, non-standard deployments and security breaches with the Cloud Security Assessment extension. 
  • Web Application Security: Leverage web application scanning and firewall capabilities to scan and defend against external threats like OWASP Top 10 attacks. Patch and remedy vulnerabilities in real time. 
    • Visibility: Monitor both approved and unapproved web applications with custom labels. Automatically update inventory with applications hosted on local, mobile, IoT or cloud architectures. 
    • Vulnerability Detection: Continuously scan all connected web applications for critical vulnerabilities and misconfigurations. Smart scanning covers all SOAP and REST-based APIs and prepares custom security reports. 
    • Application Testing: Perform test runs of web applications on remote and mobile devices, cloud environments and internal networks. Run complex scans throughout the development and quality analysis stages. Supports processes like DevOps, Agile and Continuous Delivery. 
    • Malware Protection: Use the dashboard to scan, detect and eliminate malware. Run remediation and blacklist infected websites. 
    • Block Web Server Attacks: The Web App Firewall module creates virtual patches and remediation responses on the go. Detect and patch vulnerabilities with security templates and establish custom rules for the firewall. 
  • Endpoint Security: Maintain a continuous inventory of all connected endpoint devices including PCs, laptops, tablets, smartphones and more. Detect suspicious activity and vulnerability in real time with complete visibility of networked endpoints. Eliminate critical misconfigurations and breaches with multi-vector threat contextualization, data visualizations and forensic analysis. 
    • Compliance: Automatically ensure compliance of endpoint devices with IT policies and mandates like PCI, GDPR and HIPAA. 
  • DevOps: Get dedicated support throughout the application development lifecycle with bug and misconfiguration testing, compliance audits and security checks. 
    • Integration: Streamline the development process with popular tools and plugins including Puppet, Bamboo, Jenkins ServiceNow and more. Create appropriate integrations with REST-based APIs. Visit the vendor’s Github repository to access the sample code. 
    • Track Progress: Run reports with data consolidated from integrated applications and internal processes. Run reports directly from the dashboard and compare performance against industry benchmarks and standards. 
    • Container Security: Securely build and develop container-native applications without disrupting integration and deployment pipelines. Scan container images for vulnerabilities and compliance failures. Automatically detect runtime errors and behavioral anomalies in applications deployed on AWS ECR, Fargate and EKS. 
  • Compliance Solutions: Ensure the organization’s practices, assets, endpoint devices and applications are in compliance with industry standards and regulations. Generate reports on compliance data and manage third-party risks like contractors, partners and vendors. 
    • IT Compliance: Oversee compliance of IT assets. Automate the verification process with custom controls and configuration requirements. 
    • PCI Compliance: Comply with Payment Card Industry Data Security Standard (PCI DSS) guidelines. Patch vulnerabilities and submit compliance reports to relevant banks. 
    • Third-Party Risk: Automate third-party risk management with purpose-built notifications, deadlines, workflows, templates and more. 
  • Public Cloud Platforms Integration: The vendor provides security and compliance services for Microsoft Azure, Google Cloud and AWS. 

Limitations

At the time of this review, these are the limitations according to user feedback:

  •  Acquiring independent modules can drive up licensing costs. 
  •  Separate module updates can cause stability issues. 
  •  Susceptible to false positives. 
  •  Technical support response time is high. 
  •  Lacks adequate training materials. 

Suite Support

The vendor offers local language support in English, Mandarin, Japanese, French, Spanish and Hindi. Live chat support is available on the website.

mail_outlineEmail: Not specified.
phonePhone: 650) 801-6161 or (866) 801-6161.
schoolTraining: All subscribers can take part in online training via self-paced courses and video tutorials. Or, request personalized training sessions with an instructor. Complete the training program and take a proficiency test to get a certificate.
local_offerTickets: Visit the vendor’s website to submit a support ticket. The support team usually replies within 48 hours, depending on the ticket’s priority level.
Your review has been submitted
and should be visible within 24 hours.
Your review

Rate the product