Acunetix vs Qualys CyberSecurity Asset Management comparison

Invicti and Qualys are both solutions in the Vulnerability Management category. Invicti is ranked #23 with an average rating of 8.3, while Qualys is ranked #10 with an average rating of 9.1. Invicti holds a 1.3% mindshare in VM, compared to Qualys’s 0.7% mindshare. Additionally, 86% of Invicti users are willing to recommend the solution, compared to 100% of Qualys users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Jan 16, 2025

Acunetix and Qualys CyberSecurity Asset Management compete in the cybersecurity software market. Acunetix has an advantage in web-based vulnerability detection with granular reporting, while Qualys excels in comprehensive asset management and external attack surface management.

Features: Acunetix focuses on web vulnerability scanning, offering features like an Interactive Application Security Testing module, scheduling scans, and precise false-positive reduction. Qualys CyberSecurity Asset Management specializes in asset management with dynamic tagging and role-based access control, effective asset discovery, and real-time monitoring for expansive organizational environments.

Room for Improvement: Acunetix could improve its Interactive Application Security Testing module, reduce false positives further, and enhance manual testing and dynamic scan capabilities. Qualys needs better configuration options, CPU usage reduction during scans, and more customization for reports and third-party tool integrations.

Ease of Deployment and Customer Service: Acunetix offers on-premises operations suitable for various environments, though its customer support receives mixed reviews regarding responsiveness. Qualys provides flexible cloud-based and hybrid deployment with a ticketing system for support, which may not suit urgent needs. Both have potential for improving service response times.

Pricing and ROI: Acunetix users concern about recent pricing increases affecting perceived value despite its good ROI by enhancing security. Qualys offers cost-effective bundled solutions but may seem expensive when added to existing subscriptions, offering fair pricing for larger organizations while smaller ones might find it high. Its bundled offerings provide economic value through customer alignment.

To learn more, read our detailed Acunetix vs. Qualys CyberSecurity Asset Management Report (Updated: April 2025).

Buyer's Guide

Acunetix vs. Qualys CyberSecurity Asset Management

April 2025

Download the complete report

Helped 847,862 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Zafran Security

Mindshare comparison

As of April 2025, in the Vulnerability Management category, the mindshare of Zafran Security is 0.4%. The mindshare of Acunetix is 1.3%, down from 1.4% compared to the previous year. The mindshare of Qualys CyberSecurity Asset Management is 0.7%, up from 0.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Vulnerability Management

Featured Reviews

Israel Cavazos Landini

Associate Director IT Security Operations at Novartis

Weekly insights and risk analysis facilitate informed security decisions

I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.

Read full review

AnubhavGoswami

Compliance Manager at Compunnel

Attractive automated reports with boost user productivity and an easy setup

The primary use is mainly related to vulnerability assessment, including both public and internal IP addresses By using this tool, we have reduced the workload and increased the productivity of users. It generates automated reports. This feature is beneficial when sharing reports with clients as…

Read full review

Revathi VeeraRaghavan

Information Security - Manager at Infosys

Provides comprehensive visibility and covers the complete attack surface

For some of the software, there was no life cycle or general information. We wanted them to give details in the database as and when the software comes. I raised a ticket for that, and after that, they updated the details for more than one million software. They should address the false positives generated in EASM. It is fetching assets that have Infosys as the keyword. They should fix that. When we click on the web application, it only shows potential web assets. The application details are not there. Overall, CSAM has matured a lot. These are the few enhancements that need to be done.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Zafran is an excellent tool."

"We are able to see the real risk of a vulnerability on our environment with our security tools."

"Zafran has become an indispensable tool in our cybersecurity arsenal."

"The usability and overall scan results are good."

"We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why."

"The product is really easy to use."

"The vulnerability scanning option for analyzing the security loopholes on the websites is the most valuable feature of this solution."

"It's very user-friendly for the testing teams. It's very easy for them to understand things and to fix vulnerabilities."

"The most valuable feature of the solution is the speed at which it can scan multiple domains in just a few hours."

"Their technical support has been very active. If I have an issue, I can reach out to them and get an answer pretty quick."

"It comes equipped with an internal applicator, which automatically identifies and addresses vulnerabilities within the program."

More Acunetix pros

"Qualys CyberSecurity Asset Management offers comprehensive features to cover our entire attack surface."

"There are no stability issues, and I would rate it a ten out of ten."

"The most valuable features of Qualys CSAM include the ability to manage authorized and unauthorized applications efficiently. This feature helps in validating applications and maintaining a secure environment."

"Qualys CSAM helps find all the assets. It categorizes information based on various criteria such as host and tenant version. It provides in-depth visibility into both hardware and software."

"The most valuable feature is the Management sensor, which helps identify gaps in policy agent availability, thereby improving agent utilization."

"I would rate Qualys CSAM a ten out of ten."

"Our favorite features are the tagging and the ability to quickly find assets in the portal."

"The most valuable feature is the real-time visibility Qualys CyberSecurity Asset Management provides into all assets across our development and operational environments."

More Qualys CyberSecurity Asset Management pros

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."

"The vulnerability identification speed should be improved."

"While we do have it integrated with other solutions, it could still offer more integrations."

"The solution's pricing could be better."

"It is difficult to create a proxy connection."

"It would be nice to have a feature to "retest" only a single vulnerability that the customer reports as patched, and delete it from the next scans since it has already been patched."

"The jargon used makes it difficult for project managers to understand the issues, and the technical explanations used make it difficult for developers to understand issues. These things should be simplified much more. That would be very helpful for us when explaining to them what needs to be fixed. The report output needs to be simplified."

"There is room for improvement in website authentication because I've seen other products that can do it much better."

"Tools that would allow us to work more efficiently with the mobile environment, with Android and iOS."

More Acunetix cons

"Further research and development are needed to enhance integration with other cloud agents and products, particularly improving communication with external products and vendors."

"One improvement that they can make in the EASM module is the scan frequency. After EASM is configured the first time, it allows you to do the complete configuration, but if you want to reconfigure it, it will not ask or provide any option for scan frequency. For that, you need to raise a case with Qualys and talk to the Qualys team."

"The Qualys CAPS service requires further exploration and improvement, particularly in its handling of protocols and reactivity with MAC and IP addresses for CAP agents."

"Some areas that would be helpful are more comprehensive tagging and the ability to set up better dynamic rules."

"Currently, in the EASM module, the scan frequency is limited to once daily, but allowing end users control over scan scheduling would be advantageous."

"Based on the company's budget, Qualys offers limited features, which can also be utilized in other environments."

"Qualys could improve by enhancing its dynamic tagging and role-based access control features, and by refining its user interface for a more intuitive and efficient user experience."

"They should address the false positives generated in EASM. It is fetching assets that have Infosys as the keyword. They should fix that."

More Qualys CyberSecurity Asset Management cons

Pricing and Cost Advice

Information not available

"Acunetix was around the same price as all the other vendors we looked at, nothing special."

"The costs aren't very expensive. It costs around $3000 or $4000."

"All things considered, I think it has a good price/value ratio."

"The price is exceptionally high."

"The pricing is a little high, and moreover, it's kind of domain-based."

"I would say that Acunetix is expensive because there are products on the market with similar features that are equally or better-priced."

"The pricing and licensing are reasonable to a point. In order to run multiple scans at a time, we are going to have to purchase a 100 count license, which is an overkill. Though, compared to what we were paying for, the cost seems reasonable."

"When we looked at all other vendors and what they were asking for, to provide a third of what Acunetix was capable of doing, it was an easy decision... But now that it's coming to a cost where it's line with market value, it becomes more of a competition... Acunetix is raising the cost of licensing. It's 3.5 times what we were initially quoted."

More Acunetix pricing and cost advice

"The pricing is reasonable relative to the features provided, as it collects all module data and operates as a main, centralized inventory, making it a cost-effective solution."

"The Qualys Cybersecurity Asset Management pricing is well-aligned with our usage."

"It is cost-effective because, in a single tool, we are getting everything. All the solutions come in a single license or price."

"The pricing is fair. I would love to see the price come down a little bit, but we do get a lot of value out of it. We are squeezing every ounce of value we can out of the tool."

"Qualys offers excellent value for money."

"Qualys CyberSecurity Asset Management can be expensive, especially if we already have VMDR."

"The cost for Qualys CyberSecurity Asset Management is high."

"Qualys is competitively priced for its features. Its pricing is suitable for large organizations with more than 4,000 assets, but for smaller organizations with few assets, such as banks, the costs might be high. They should come up with packages that are suitable for small organizations."

More Qualys CyberSecurity Asset Management pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.

See recommendations

847,862 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

14%

Financial Services Firm

12%

Manufacturing Company

University

Computer Software Company

18%

Financial Services Firm

14%

Government

Manufacturing Company

Computer Software Company

22%

Financial Services Firm

14%

Government

Retailer

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?

I find that the pricing for Zafran aligns well with the comprehensive features it offers. The asset and user-based li...

See all answers

What needs improvement with Zafran Security?

While Zafran Security is already a powerful tool, there are areas where it could be further improved to provide even ...

See all answers

What is your primary use case for Zafran Security?

Our primary use case for Zafran involves leveraging it to enhance our vulnerability risk scoring methodology. In toda...

See all answers

What do you like most about Acunetix Vulnerability Scanner?

The tool's most valuable feature is scan configurations. We use it for external physical applications. The scanning t...

See all answers

What is your primary use case for Acunetix Vulnerability Scanner?

I typically use Acunetix ( /products/acunetix-reviews ) to identify vulnerabilities for clients.

See all answers

What advice do you have for others considering Acunetix Vulnerability Scanner?

I would recommend Acunetix to others. Overall, I rate this solution seven out of ten.

See all answers

What is your experience regarding pricing and costs for Qualys CyberSecurity Asset Management?

The pricing is reasonable relative to the features provided, as it collects all module data and operates as a main, c...

See all answers

What needs improvement with Qualys CyberSecurity Asset Management?

The deployment is somewhat complicated and could be made more user-friendly for most users. It is currently not user-...

See all answers

What is your primary use case for Qualys CyberSecurity Asset Management?

We use it to identify all our assets, including those on our premises, cloud, and remote environments. It continuousl...

See all answers

Comparisons

Dazz.io vs Zafran Security

Compared 53% of the time

Vulcan Cyber vs Zafran Security

Compared 22% of the time

ServiceNow Security Operations vs Zafran Security

Compared 16% of the time

Tenable Vulnerability Management vs Zafran Security

Compared 9% of the time

More Zafran Security Competitors

OWASP Zap vs Acunetix

Compared 17% of the time

PortSwigger Burp Suite Professional vs Acunetix

Compared 12% of the time

HCL AppScan vs Acunetix

Compared 9% of the time

Invicti vs Acunetix

Compared 7% of the time

Tenable.io Web Application Scanning vs Acunetix

Compared 6% of the time

More Acunetix Competitors

Amazon Inspector vs Qualys CyberSecurity Asset Management

Compared 15% of the time

Armis vs Qualys CyberSecurity Asset Management

Compared 13% of the time

Microsoft Defender External Attack Surface Management vs Qualys CyberSecurity Asset Management

Compared 11% of the time

CrowdStrike Falcon vs Qualys CyberSecurity Asset Management

Compared 8% of the time

Qualys VMDR vs Qualys CyberSecurity Asset Management

Compared 7% of the time

More Qualys CyberSecurity Asset Management Competitors

Product Reports

Buyer's Guide

Continuous Threat Exposure Management (CTEM)

March 2025

Download Zafran Security product report

Buyer's Guide

Acunetix

April 2025

Download Acunetix product report

Buyer's Guide

Qualys CyberSecurity Asset Management

March 2025

Qualys CyberSecurity Asset Management report

Download Qualys CyberSecurity Asset Management product report

Also Known As

No data available

AcuSensor

No data available

Overview

Zafran Security integrates with existing security tools to identify and mitigate vulnerabilities effectively, proving that most critical vulnerabilities are not exploitable, optimizing threat management.

Zafran Security introduces an innovative operating model for managing security threats and vulnerabilities. By leveraging the threat exposure management platform, it pinpoints and prioritizes exploitable vulnerabilities, reducing risk through immediate remediation. This platform enhances your hybrid cloud security by normalizing vulnerability signals and integrating specific IT context data, such as CVE runtime presence and internet asset reachability, into its analysis. No longer reliant on patch windows, Zafran Security allows you to manage risks actively.

What are the key features of Zafran Security?

Threat Exposure Management: Utilizes existing tools to prioritize vulnerabilities and manage threats.
Integrative Analysis: Combines security data with IT context for precise vulnerability management.
Real-time Risk Reduction: Enables immediate risk management without waiting for patches.
Hybrid Cloud Compatibility: Functions across diverse cloud environments for comprehensive security.

What benefits can users expect from Zafran Security?

Improved Security: Enhances protection by efficiently identifying and mitigating risks.
Cost Efficiency: Reduces unnecessary patching expenses by confirming non-exploitable vulnerabilities.
Time Savings: Frees developers to focus on root causes by handling immediate threats.
Comprehensive Insight: Offers a holistic view of security threats and vulnerabilities.

In industries where security is paramount, such as finance and healthcare, Zafran Security provides invaluable protection by ensuring that only exploitable vulnerabilities are addressed. It allows entities to maintain robust security measures while allocating resources efficiently, fitting seamlessly into existing security strategies.

Zafran Security

Acunetix Web Vulnerability Scanner is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross site scripting, and other exploitable vulnerabilities.

Invicti

Qualys CyberSecurity Asset Management provides advanced real-time asset visibility, dynamic tagging, and External Attack Surface Management. It streamlines asset discovery and management using cloud agents and IP-based scanning, enhancing risk management and software lifecycle tracking.

Qualys CyberSecurity Asset Management offers a comprehensive solution for managing asset inventories and tracking software lifecycle states. It facilitates network visibility and supports zero-day vulnerability solutions, enhancing security posture through efficient monitoring. Users benefit from its cloud-based interface, which provides in-depth asset configurations and insights. Key features include automated vulnerability scanning and unauthorized software management, reducing manual efforts. The platform also emphasizes the importance of timely remediation and ongoing risk mitigation across multiple environments. Despite its strengths, users note the need for enhanced integration with additional CMDBs beyond ServiceNow, as well as cost efficiency improvements. Requests also include better report customization, more scan control, and a simplified UI.

What are the key features of Qualys CyberSecurity Asset Management?

Real-time Visibility: Offers continuous insight into asset status and condition.
Dynamic Tagging: Allows for flexible organization and assessment of assets.
External Attack Surface Management: Identifies potential threats from external sources.
Automated Vulnerability Scanning: Reduces manual scanning efforts and identifies vulnerabilities instantly.
Unauthorized Software Management: Detects and manages software not approved for use.
Asset Purge Rule: Automates the removal of obsolete assets from the inventory.

What benefits should users look for in reviews?

Enhanced Security Posture: Gains stronger defense through effective asset monitoring.
Efficient Risk Management: Identifies threats quickly, enabling timely resolutions.
Improved Compliance: Assists in meeting industry standards and regulations.
Reduced Manual Effort: Automates repetitive tasks, saving time and resources.
Comprehensive Insight: Provides detailed data for informed decision making.

In industries like finance, healthcare, and manufacturing, Qualys CyberSecurity Asset Management enhances asset control by offering visibility into hardware and software configurations. It aids in maintaining security compliance and identifying unauthorized software, crucial for sectors with strict regulatory requirements.

Qualys

Sample Customers

Information Not Available

Joomla!, Digicure, Team Random, Credit Suisse, Samsung, Air New Zealand

Information Not Available

Buyer's Guide

Acunetix vs. Qualys CyberSecurity Asset Management

April 2025

Free Report: Acunetix vs. Qualys CyberSecurity Asset Management

Find out what your peers are saying about Acunetix vs. Qualys CyberSecurity Asset Management and other solutions. Updated: April 2025.

DOWNLOAD NOW

847,862 professionals have used our research since 2012.

See our Acunetix vs. Qualys CyberSecurity Asset Management report.

See our list of best Vulnerability Management vendors.

We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.