QualysGuard Vulnerability Management v7.6
Strengths: Ease of use and a great ticketing system
Weaknesses: Did not find anything significant to report
Verdict: Well worth the cost. Recommended
QualysGuard Vulnerability Management (VM) provides automated auditing and vulnerability management for small to large enterprises. It is a private cloud-based software-as-a-service.
The easily accessible, web-based design makes it possible to operate the system via a browser from anywhere there is internet access. This functionality includes the operation of the Qualys virtual and hardware appliances used for addressing private network addresses. It includes network discovery, asset mapping, prioritisation, vulnerability assessment, centralised reporting and remediation tracking. Qualys employs a trouble-ticketing feature to help in tracking and remediating vulnerabilities and other problems across the network. The remediation solution includes comprehensive reports on vulnerabilities, including severity levels, time-to-fix estimates, impact on business and trend analysis on security issues.
A robust set of reports provides status insight for business managers, as well as technical managers and staff. Vulnerability reporting includes the use of common references, such as the Common Vulnerabilities and Exposures (CVE) database, to help provide a common language for auditors and other reporting requirements. The intuitive graphical dashboards and menus made deployment and use of the product easy.
Qualys provided access into the QualysGuard VM as well as a hardware appliance for this evaluation. The documentation included a scanner appliance user guide and a three-step quick-start document. The user guide provided decent screenshots of various menus and workflow diagrams.
As a first-time user of the product, we were pleasantly surprised in how easy it was to get the system up and running. While the user manual was close by, we did not need to open it during the setup. Configuration of the QualysGuard VM was equally easy. It literally took less than 20 minutes to set up scans (on-demand and scheduled), various reports, modification of policies (to fit our needs) and classifying asset information. The bright graphic screens helped with navigating around the various sections. A great help feature made it easy to learn how to use functions that were new. The system did a good job of recognising the vulnerabilities that were on/in various systems and applications, including Windows Servers and desktops, as well as various other systems. The most impressive feature was the ticketing system. Not only was it easy to configure, inside the ticket there were step-by-step instructions on how to resolve the issue for various system platforms.
Qualys offers 24/7 phone and email support, including product updates, all at no cost. The company's website provides FAQ and community knowledge-sharing. The company also offers free instructor-led classroom or virtual training that includes hands-on lab exercises. There is also a worthwhile video series focused on the solution.
Pricing for this product is per IP and we find it to be good value for any organisation looking for a vulnerability management system.