Bewertet am 8.1.2019
Qualys the best vulnerability scanner
Héctor joel B.
Kommentare: Based on the experience I have with Qualys, it is very impressive to capture the vulnerabilities, this compiles a complete report of the risks that your infrastructure has, in addition the patches have very precise information that allows you to carry out the remediation very effectively. The analyzes are detailed and very complete, it works very well to carry out the compliance stages of PCI, CIS, etc... Providing a great guarantee that periodically your organization has an armored infrastructure.
Vorteile: In the firts instance we could see its operation inside a beast and we were amazed, its different configurations to make scans allows to obtain much more complete results than other programs. Qualys as a pentesting tool allows you to analyze those areas of greatest risk within your organization to remedy them. The ability to perform scans for a particular plugin is one of the features that other software should envy to Qualys. Your reports have a very detailed information that allows you to quickly identify vulnerabilities.
Nachteile: I have no negative comments, it has worked very well in the company and with our allies.
Bewertet am 28.1.2019
Nice tool for Vulnerability Management.
Kommentare: Overall We are happy, Web interface is very interactive and training are awesome.
Vorteile: Easy to implement, enabling sensors are not much techie.
Nachteile: Sometime handling false positive detection are really a tough task.
Bewertet am 5.3.2019
Useful Vulnerabilty Management option
Vorteile: Detailed explanations and possible resolutions for vulnerabilities that are detected by the Cloud Agents.
Nachteile: I have used other solutions as well on the same machines and they seem to detect quite a few different vulnerabilities, it seems neither give a rather complete list, so it's a good idea to use multiple solutions from different vendors with a different focus to get a clear insight in the ones that are classified as higher risks.
Bewertet am 6.2.2019
Kommentare: They need to make the product better .. Focus ion ease of use. Get a focus group going.
Vorteile: Agent deployment is simple. The software offers much if configured right. I dislike the add on services model.
False positives. If a later software update rectifies an older vulnerability then there is no need to show asset is vulnerable.
Vuln that shows up in Asset View is different in Vuln View.. Why?
Salesperson quit after the sale which sucked. Replacement helped but was not focused on us.
Bewertet am 21.11.2018
Vorteile: Works well and is a trusted source. Their scanning engine gives you some level organization independence (not entirely).
Nachteile: It is expensive, and you have to open up your organization to their IP's or put an in-house relay server.
Bewertet am 21.7.2018
Lots of promises, great marketing. Real quality rather low. Decided to find something better.
Kommentare: That was my first contact with vulnerability management. Perhaps it's a good software for start or for small companies. I was able to recognize my needs and it helped a lot to find a professional solution.
Vorteile: Lots of features, agent available, flexible pricing. Software as a service, so you don't need any infrastructure.
Nachteile: Useless unprofessional support, unable to solve any of my issues. They were closing unresolved issues. Lot of false positives. Support couldn't solve them, I got promises that it will be fixed in next release. Awful and unreliable reporting (errors on dashboards etc.). Very expensive. They're not using real cloud but couple of concentrators in different regions. Not useful for global customers. They promise they don't have access to customer data, but they request that to solve problems.
Bewertet am 24.8.2018
Incompetent badly supported rubbish.
Vorteile: Nothing - I hate it.
Their ridiculous false positives - apparently it's a critical incompliance that certain options aren't set in the gdm config file /etc/gdm.conf.
Fair enough - if gdm was installed. A simple check that the file exists first would eliminate this and (of our 80+ compliance errors) most others. Complaining about mount options on non-existent filesystems, or that /etc/gshadow didn't match a regex - or did, I'm not sure from the report. The file has mode 0000 (so no permissions set at all).
The fix was to chown root:root /etc/gshadow* Trust these amateurs at your own risk. If they are as incompetent as this, what are they missing?