QualysGuard is a popular SaaS (software as a service) vulnerability management offering. It's web-based UI offers network discovery and mapping, asset prioritization, vulnerability assessment reporting and remediation tracking according to business risk. Internal scans are handled by Qualys appliances which communicate back to the cloud-based system.
For downloads and more information,
visit the QualysGuard homepage.
Of the six vulnerability scanners I've used (Qualys, Nessus, Retina, NCircle, Nexpose, CCSVM) This is by far the worst.
Overly complex configuration, unreliable reporting, low quality customer support, expensive compared to the competition and overall poorly designed. Anyone who is using this tool today should look into the many alternatives.
We formerly used Nexpose and switched to Qualys 2 years ago (I am writing this 11/2016).
Our head count went from 4 to 1 and turnover of employees was also massively improved. Nexpose is an expert's tool with a steep learning curve and an unfortunate tendency to tip hosts over during the initial configuration. Qualys' design philosophy is to take the potentially destructive 'weapons' out of the hands of users, providing a service that produces a nearly perfect confirmed vulnerability rate. Its shocking how few false positives we've seen. In spite of this, there is quite a lot of flexibility offered for expert users, but out of the box, it's ready to go with confirmed urgent and critical vulnerabilities.
Qualys also offers agent-based scanning which we use for volatile instances that are terminated after only a few hours.
The API is outstanding. Support is excellent, cost is high.
curent version of the application is 7.11.74-2 and it just keeps getting beter as it time goes by. I work at a large Global Company in over 300 locations World wide. We scan over 500,000 IPs in more than 100 countries. This tool works great! With the other features, And Dedicated Support staff it saves us time and money.
Its an awesome tools. The only thing one has to do is to configure it properly , rest it can twist the scope to pull out he vulnerabilities.Infact its other modules besides VM are quite versatile too.
Along with your rating, you can use the comment form to post a review,
tutorial, tips and tricks, or anything else others will find useful.
If you develop this software (or work for the company), please don't rate it. You may leave a clarifying comment as long as you state your affiliation and don't specify a star rating (just leave it as “No rating”).