Try our new research platform with insights from 80,000+ expert users

Amazon Inspector vs Qualys CyberSecurity Asset Management comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 16, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Ranking in Vulnerability Management
27th
Average Rating
9.6
Reviews Sentiment
8.1
Number of Reviews
2
Ranking in other categories
Continuous Threat Exposure Management (CTEM) (6th)
Amazon Inspector
Ranking in Vulnerability Management
16th
Average Rating
8.2
Reviews Sentiment
7.6
Number of Reviews
7
Ranking in other categories
IT Vendor Risk Management (6th)
Qualys CyberSecurity Asset ...
Ranking in Vulnerability Management
10th
Average Rating
9.2
Reviews Sentiment
7.6
Number of Reviews
21
Ranking in other categories
Patch Management (7th), Cyber Asset Attack Surface Management (CAASM) (2nd), Attack Surface Management (ASM) (4th), Software Supply Chain Security (5th)
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
John D'Arcy - PeerSpot reviewer
Automated vulnerability assessments continuously enhance security
The most valuable features probably are the ability to do automated vulnerability assessments, which it does with Amazon Inspector version two. It operates continuously, so as soon as resources are created, it scans them for vulnerabilities. This allows me to pinpoint potential security vulnerabilities and provide actionable recommendations relatively quickly. Larger enterprises usually use Inspector to gather all the vulnerabilities, the CVEs, across all accounts in an AWS organization. The enterprises I work for typically have many accounts in their organization, such as thousands of accounts where I am at the moment. It is a way to gather the vulnerabilities that are present on EC2 instances, container images, and Lambda functions.
Revathi VeeraRaghavan - PeerSpot reviewer
Provides comprehensive visibility and covers the complete attack surface
For some of the software, there was no life cycle or general information. We wanted them to give details in the database as and when the software comes. I raised a ticket for that, and after that, they updated the details for more than one million software. They should address the false positives generated in EASM. It is fetching assets that have Infosys as the keyword. They should fix that. When we click on the web application, it only shows potential web assets. The application details are not there. Overall, CSAM has matured a lot. These are the few enhancements that need to be done.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran has become an indispensable tool in our cybersecurity arsenal."
"Zafran is an excellent tool."
"The integration of Amazon Inspector with other AWS services has enhanced our security. Security Hub is a major asset because it allows us to centralize data from various AWS services. We can integrate third-party tools as well. It is just a single-click option."
"The scalability of the solution itself is unparalleled."
"The most valuable feature of Amazon Inspector is the categorization of findings, which filters vulnerabilities by instance, container image, container repository, and Lambda function."
"The findings dashboards are neat and easy to understand, offering clear demarcations for different types of findings and detailed insights into specific vulnerabilities and their associated instances. It is not a place where everything is dumped together. It offers an easy-to-understand layout."
"I recommend Amazon Inspector because it allows the automation of processes and requires less manual monitoring."
"Amazon Inspector is highly stable, rated ten out of ten, and this stability impacts business security and administration positively."
"It operates continuously, so as soon as resources are created, it scans them for vulnerabilities."
"The vulnerability discovery is valuable, and they also rank those vulnerabilities for you. So, you could rapidly attack some of the higher, severe vulnerabilities as they pop up, if they do pop up."
"Qualys CyberSecurity Asset Management offers comprehensive features to cover our entire attack surface."
"I would rate Qualys CyberSecurity Asset Management ten out of ten."
"It provides most of the information needed regarding the assets, including the operating system and whether the assets are network devices or servers."
"I recommend Qualys CyberSecurity Asset Management due to its superior asset information collection capabilities, including comprehensive hardware and software inventorying."
"I like the EASM part because it provides visibility into unmanaged assets that are public-facing."
"The integration with different third-party tools, such as cloud providers like Azure and AWS, and asset management tools like CMDB systems, is valuable."
"The most valuable feature is the real-time visibility Qualys CyberSecurity Asset Management provides into all assets across our development and operational environments."
"I would rate the Qualys CSAM a ten out of ten for its overall performance."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"One area for improvement in Amazon Inspector is the automation aspect."
"It has a limited scope. So, AWS Inspector primarily focuses on the security of the EC2 instance. So, if your architecture includes other AWS services, then you may need to use additional tools for your comprehensive security assessment. So that is one con. Another is, like, we have a dependency on agents."
"There are challenges associated with the interdependencies in AWS services, like requiring an Active Directory for other services, resulting in additional charges."
"One major area for improvement is remediation. My team works on remediating findings over time, likely using available patches. However, easier integration with Amazon's patching services would be very helpful."
"There isn't too much to improve right now. Scanning on demand or as a part of the pipeline versus a post pipeline solution would be good, but it is not a deal breaker by any means."
"It has automated vulnerability assessment, yet I seek more flexibility in defining custom vulnerability checks tailored to my needs, which is more difficult."
"The other point is that the reporting features of Inspector need improvement. For example, I am in an organization with millions of CVEs, and getting an overview of all this is challenging."
"There is room for improvement in the scanning capabilities. I'd like to see broader coverage in terms of the vulnerabilities detected."
"The deployment is somewhat complicated and could be made more user-friendly for most users."
"All required features are available in Qualys CSAM. However, it would be helpful if Qualys CSAM started incorporating AI models. An inclusion of threat details for AI and LLM-related risks would be beneficial."
"We have had challenges modifying the agent configuration. Particularly, when we want to change the tenant that the agent is pointing to, we have had difficulties making that reliable and working properly."
"Qualys CSAM is not super responsive, and there can be delays sometimes, especially with the network passive sensor. You might see duplicate objects which eventually disappear but it takes time. If that can be done faster, it will be great."
"The UI needs improvement as it can become overwhelming after prolonged use."
"Qualys could improve by enhancing its dynamic tagging and role-based access control features, and by refining its user interface for a more intuitive and efficient user experience."
"There can be further simplification to reduce the overall noise and provide ESAM-related data."
"From the user experience perspective, we need a simpler interface and reduced complexity in certain features, particularly with the Qualys Query Language."
 

Pricing and Cost Advice

Information not available
"It is scaled as you go. There are probably a certain number of scans per month, and there are tiers. If you're under a certain tier, it is free. The second level is pennies, and then all the way up to like a million. So, it has a tiered pricing program. They're pretty good with your initial scanning, and there is room to scale based on being affordable, but it is fairly cheap. There are no additional costs. They pretty much think about it as a pay-per-scan type model."
"It's priced according to market standards for its services."
"The lowest cost would be around $10 for a few small accounts, however, for thousands of accounts, it could be around $5000 to $6000 dollars per month."
"The pricing is very transparent and clear."
"The pricing for Qualys Cybersecurity Asset Management is reasonable, with an annual subscription costing around $1,000 per year or a monthly subscription starting at approximately $72 per month, depending on the specific package and features included."
"Though the solution is considered expensive, if bundled with other services such as VMDR or cloud agents, its value would significantly increase. It is currently a bit costly, but with bundling, it could become attractive to more customers."
"The cost for Qualys CyberSecurity Asset Management is high."
"Qualys CyberSecurity Asset Management can be expensive, especially if we already have VMDR."
"Qualys offers excellent value for money."
"The pricing for Qualys CSAM is nominal."
"The pricing is fair. I would love to see the price come down a little bit, but we do get a lot of value out of it. We are squeezing every ounce of value we can out of the tool."
"The pricing is market-competitive."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
844,944 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
11%
University
6%
Retailer
6%
Computer Software Company
14%
Financial Services Firm
12%
Government
7%
Manufacturing Company
6%
Computer Software Company
23%
Financial Services Firm
13%
Government
9%
Retailer
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
Pricing for Zafran Security is not expensive. We have a contract for five years, and the cost is lower than other too...
What needs improvement with Zafran Security?
I would like to see an integration with Check Point firewalls. It's essential for us and they are currently working o...
What is your primary use case for Zafran Security?
We use Zafran Security for threat prioritization. We establish priority to understand which risks should be patched o...
What do you like most about Amazon Inspector?
The integration of Amazon Inspector with other AWS services has enhanced our security. Security Hub is a major asset...
What is your experience regarding pricing and costs for Amazon Inspector?
I manage pricing and purchase reserved instances, yet face challenges due to dependencies and lack of options for res...
What needs improvement with Amazon Inspector?
There are challenges associated with the interdependencies in AWS services, like requiring an Active Directory for ot...
What is your experience regarding pricing and costs for Qualys CyberSecurity Asset Management?
The Qualys Cybersecurity Asset Management pricing is well-aligned with our usage.
What needs improvement with Qualys CyberSecurity Asset Management?
Qualys is continually developing, adding new features each year. Previously, there was no on-demand scan feature in a...
What is your primary use case for Qualys CyberSecurity Asset Management?
I have been working with Qualys for approximately two and a half years. I have used this module to manage security po...
 

Overview

 

Sample Customers

Information Not Available
betterment, caplinked, flatiron, university of nutri dame
Information Not Available
Find out what your peers are saying about Amazon Inspector vs. Qualys CyberSecurity Asset Management and other solutions. Updated: March 2025.
844,944 professionals have used our research since 2012.