Qualys Reviews & Pricing

Key Features

• Infrastructure Security: Monitor threats in real time, analyze compliance risks and run reports with a powerful data analysis engine. Always maintain a 360-degree view of IT infrastructure security. 
  • Infrastructure Inventory: Survey the organization’s IT architecture to detect and catalog all connected assets automatically. Get a direct feed on the dashboard of product information, hardware/software life cycles, software licenses, running services, and more. Categorize assets according to product families and custom tags. 
  • Vulnerability Management: Accurately monitor all system assets with the Six Sigma scanning functionality. Run security assessment reports, assign remediation tickets and manage application exceptions. The Qualys security configuration assessment (SCA) manages all security-related configuration issues with CIS-certified controls and policies. 
  • Continuous Surveillance: Receive vulnerability alerts in real time with continuous monitoring. Set up custom surveillance profiles and datasets to detect unexpected hosts, expiring SSL certificates, open ports, undesired software and other severe vulnerabilities. 
  • File Integrity Monitoring: Monitor operating systems globally to manage core events, keep tabs on file integrity and capture change incidents. Use preconfigured industry-specific protocols to maintain file integrity and compliance requirements. 
  • System Monitoring: Safeguard the system against vulnerabilities, exploitations and misconfigurations with the multi-vector endpoint detection and response module. Get vital context and insights into security incidents by correlating multiple context vectors. Acquire complete visibility of endpoint processes and threat remediation. 
  • Remediation Response: Automatically correlate asset inventory against a vulnerability disclosure live feed to determine critical threats. Search for specific product information and vulnerabilities with customizable queries. Filter threats according to its real-time threat indicator (RTI). 
• Cloud Security: Protect both hybrid and public cloud environments with platform-wide security coverage, complete asset visibility and virtual scanner applications. 
  • Asset Management: Secure cloud assets and public workloads with real-time tracking and classification of vulnerability instances. 
  • Prioritize Remediation: Automatically target critical vulnerabilities first with the Threat Protections module’s Live Threat Intelligence Feed. 
  • Compliance: Investigate applications, operating systems and network devices for compliance failure and configuration drift. Streamline the organization’s compliance assessments with preconfigured policies using CIS Benchmarks. Create technology-specific custom controls and run reports for risk managers, auditors and executives. 
  • Account Security: Maintain a holistic view of cloud accounts, assets and services with its Cloud Inventory module. Safeguard against misconfigurations, non-standard deployments and security breaches with the Cloud Security Assessment extension. 
• Web Application Security: Leverage web application scanning and firewall capabilities to scan and defend against external threats like OWASP Top 10 attacks. Patch and remedy vulnerabilities in real time. 
  • Visibility: Monitor both approved and unapproved web applications with custom labels. Automatically update inventory with applications hosted on local, mobile, IoT or cloud architectures. 
  • Vulnerability Detection: Continuously scan all connected web applications for critical vulnerabilities and misconfigurations. Smart scanning covers all SOAP and REST-based APIs and prepares custom security reports. 
  • Application Testing: Perform test runs of web applications on remote and mobile devices, cloud environments and internal networks. Run complex scans throughout the development and quality analysis stages. Supports processes like DevOps, Agile and Continuous Delivery. 
  • Malware Protection: Use the dashboard to scan, detect and eliminate malware. Run remediation and blacklist infected websites. 
  • Block Web Server Attacks: The Web App Firewall module creates virtual patches and remediation responses on the go. Detect and patch vulnerabilities with security templates and establish custom rules for the firewall. 
• Endpoint Security: Maintain a continuous inventory of all connected endpoint devices including PCs, laptops, tablets, smartphones and more. Detect suspicious activity and vulnerability in real time with complete visibility of networked endpoints. Eliminate critical misconfigurations and breaches with multi-vector threat contextualization, data visualizations and forensic analysis. 
  • Compliance: Automatically ensure compliance of endpoint devices with IT policies and mandates like PCI, GDPR and HIPAA. 
• DevOps: Get dedicated support throughout the application development lifecycle with bug and misconfiguration testing, compliance audits and security checks. 
  • Integration: Streamline the development process with popular tools and plugins including Puppet, Bamboo, Jenkins ServiceNow and more. Create appropriate integrations with REST-based APIs. Visit the vendor’s Github repository to access the sample code. 
  • Track Progress: Run reports with data consolidated from integrated applications and internal processes. Run reports directly from the dashboard and compare performance against industry benchmarks and standards. 
  • Container Security: Securely build and develop container-native applications without disrupting integration and deployment pipelines. Scan container images for vulnerabilities and compliance failures. Automatically detect runtime errors and behavioral anomalies in applications deployed on AWS ECR, Fargate and EKS. 
• Compliance Solutions: Ensure the organization’s practices, assets, endpoint devices and applications are in compliance with industry standards and regulations. Generate reports on compliance data and manage third-party risks like contractors, partners and vendors. 
  • IT Compliance: Oversee compliance of IT assets. Automate the verification process with custom controls and configuration requirements. 
  • PCI Compliance: Comply with Payment Card Industry Data Security Standard (PCI DSS) guidelines. Patch vulnerabilities and submit compliance reports to relevant banks. 
  • Third-Party Risk: Automate third-party risk management with purpose-built notifications, deadlines, workflows, templates and more. 
• Public Cloud Platforms Integration: The vendor provides security and compliance services for Microsoft Azure, Google Cloud and AWS. 

Limitations

•  Acquiring independent modules can drive up licensing costs. 
•  Separate module updates can cause stability issues. 
•  Susceptible to false positives. 
•  Technical support response time is high. 
•  Lacks adequate training materials. 

Suite Support