The QualysGuard Vulnerability Management (VM) solution provides automated auditing and vulnerability management for small to large enterprises. The solution is a private cloud-based software-as-a-service. The easily accessible, web-based design makes it possible to operate the system via a browser from anywhere there is internet access. This functionality includes the operation of the Qualys virtual and hardware appliances used for addressing private network addresses. The tool includes network discovery, asset mapping, prioritization, vulnerability assessment, centralized reporting and remediation tracking. Qualys employs a trouble-ticketing feature to help in tracking and remediating vulnerabilities and other problems across the network. The remediation solution includes comprehensive reports on vulnerabilities, including severity levels, time-to-fix estimates, impact on business, and trend analysis on security issues. A robust set of reports provides status insight for business managers, as well as technical managers and staff. Vulnerability reporting includes the use of common references, such as the Common Vulnerabilities and Exposures (CVE) database, to help provide a common language for auditors and other reporting requirements. The intuitive graphical dashboards and menus made deployment and use of the product easy to get up and running.
Qualys provided access into the QualysGuard VM as well as a hardware appliance for this evaluation. The documentation included a 102-page Scanner Appliance User Guide and a three-step quick-start document. The user guide provided nice screen shots of various menus and workflow diagrams. As a first-time user of the product, we were pleasantly surprised in how easy it was to get the system up and running. While the user manual was close by, we did not need to open it during the setup. Configuration of the QualysGuard VM was equally easy. It literally took less than 20 minutes to set up scans (on-demand and scheduled), various reports, modification of policies (to fit our needs) and classifying asset information. The bright graphic screens helped with navigating around the various sections. A great "help" feature made it easy to learn how to use functions that were new. The system did a good job of recognizing the vulnerabilities that were on/in various systems and applications, including Windows Servers and desktops, as well as various other systems. The most impressive feature was the ticketing system. Not only was it easy to configure, inside the ticket there were step-by-step instructions on how to resolve the issue for various system platforms.
Qualys offers 24/7 phone and email support, including product updates, all at no cost. The company's website provides FAQ and community knowledge-sharing. The company also offers free instructor-led classroom or virtual training that includes hands-on lab exercises. There is also a worthwhile video series focused on the solution. This product is a good value for any organization looking for a vulnerability management system.