No more typing reviews! Try our Samantha, our new voice AI agent.

Amazon Inspector vs Tenable Vulnerability Management comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Vulnerability Management
11th
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
39
Ranking in other categories
Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Amazon Inspector
Ranking in Vulnerability Management
25th
Average Rating
8.2
Reviews Sentiment
6.3
Number of Reviews
9
Ranking in other categories
IT Vendor Risk Management (7th)
Tenable Vulnerability Manag...
Ranking in Vulnerability Management
10th
Average Rating
8.2
Reviews Sentiment
6.9
Number of Reviews
46
Ranking in other categories
Patch Management (14th), Risk-Based Vulnerability Management (5th)
 

Mindshare comparison

As of July 2026, in the Vulnerability Management category, the mindshare of Qualys TotalCloud is 1.1%, up from 1.0% compared to the previous year. The mindshare of Amazon Inspector is 1.1%, down from 2.5% compared to the previous year. The mindshare of Tenable Vulnerability Management is 2.8%, down from 5.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Tenable Vulnerability Management2.8%
Qualys TotalCloud1.1%
Amazon Inspector1.1%
Other95.0%
Vulnerability Management
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Abdalla Kenawy - PeerSpot reviewer
AWS DevOps SRE/Infrastructure Engineer at Capgemini
Automated insights streamline data security assessment
For Amazon Inspector, we have many EC2 or virtual machines deployed inside our AWS environment, and the problem is that the existing package deployed inside this EC2 instance has already outdated packages. As we progress with time, this package needs to be updated for security enhancement, which requires us to uninstall the package, install the new version, and then we should be fine. However, the challenge comes with how to scan all our EC2 instances for security vulnerabilities, which is currently managed by Amazon Inspector. Amazon Inspector can scan EC2 instances or ECR, which is the ECR registry where we can save artifacts Docker images. Amazon Inspector can also scan Docker images uploaded to ECR for Elastic Registry service, and it can scan databases and S3 based on the latest updates. I noticed this from a couple of months ago, and it provides huge benefits for security. Regarding the best features of Amazon Inspector, it gives us a list of all existing outdated packages as part of a deployed package on EC2 instances or specific Python packages that are part of the Docker file and the Docker image itself, which are causing security concerns. Amazon Inspector can list these security concerns and offer guidance on how we can remediate it by updating the package to a specific upper version or something similar.
Chethan Gowda - PeerSpot reviewer
Windows Security Patching Operation III (Cyber Operations) at CBTS
Have maintained accurate vulnerability scans and gained actionable remediation insights across thousands of servers
Tenable Vulnerability Management agents are very lightweight, and the results we get are very accurate. The solutions they provide to us, assuming if one vulnerability exists, there will be a solution. The resolution they give us in wording will be the best solution. The exploit rates and the reports we get provide a lot of information, making it very easy for us to verify.The main benefit of integration with Tenable Vulnerability Management is that there will be no lack of missing vulnerabilities when it comes to the patching environment. That is one of the key aspects of why we have integrated Tenable to our patching tools. It has a vast capacity of pushing the data to our tools due to its capability and compatibility. That is also one of the reasons why we are using Tenable Vulnerability Management.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I found the initial setup user-friendly."
"TotalCloud has been excellent in providing us with immediate access to all the products and features we need, such as CSPM, TruRisk Insights, and compliance reports, including CIS and HIPAA."
"The scalability is good as well. I would rate it ten out of ten."
"Generally, Qualys is very good at detections, whether on cloud or on-prem, and the agent allows deployment on both infrastructures, providing continuous monitoring of your assets, which is a key selling point for us."
"Qualys TotalCloud provides unified vulnerability and threat assessment for IaaS and SaaS and a single prioritized view of risk, which helps reduce my workload by not having to combine multiple sources."
"One of the features I appreciate is the ability to generate daily reports without relying on anyone else."
"Its excellent graphical interface makes the scanning process simple."
"In my opinion, this is the best tool."
"Amazon Inspector is highly stable, rated ten out of ten, and this stability impacts business security and administration positively."
"The scalability of the solution itself is unparalleled."
"The most valuable feature of Amazon Inspector is the categorization of findings, which filters vulnerabilities by instance, container image, container repository, and Lambda function."
"My experience with AWS technical support is very good, I didn't face any specific challenges, and even the documentation of AWS is good for both Microsoft, which is Azure, and AWS."
"The assessment reports provided by Amazon Inspector have helped me in identifying security vulnerabilities in my cloud applications by giving us a nicely designed dashboard that provides all the security information we need to work on remediation."
"The vulnerability discovery is valuable, and they also rank those vulnerabilities for you. So, you could rapidly attack some of the higher, severe vulnerabilities as they pop up, if they do pop up."
"It operates continuously, so as soon as resources are created, it scans them for vulnerabilities."
"The integration of Amazon Inspector with other AWS services has enhanced our security. Security Hub is a major asset because it allows us to centralize data from various AWS services. We can integrate third-party tools as well. It is just a single-click option."
"One of the most valuable features of Tenable.io Vulnerability Management is its exportability, which allows us to conduct risk assessments efficiently."
"The most valuable feature for me is container scanning because I am interested in CICD security."
"The initial setup is pretty straightforward."
"The solution is quite friendly."
"The solution can integrate with third parties and meets standard compliance."
"It is very stable, and it is updated periodically by adding new vulnerabilities."
"The best feature of the solution is the amount of visibility it provides of the vulnerabilities."
"The vulnerability scanning is the most important aspect of the solution for us."
 

Cons

"The areas in the solution that have room for improvement include the UI/UX design, which should be improved, and they should integrate more artificial intelligence into the product."
"Overall, we are satisfied with it. However, the response part of the Cloud Detection and Response (CDR) module can be improved. It is not yet in place according to requirements; it is not completely available even though the module has been released."
"Two areas for improvement in Qualys TotalCloud are the speed of the public cloud platform and vulnerability detection."
"Qualys TotalCloud's increasing complexity, due to the development and deployment of multiple solutions, is making the GUI difficult to navigate."
"There is a lack of data segregation according to criticality or inventory."
"Qualys' customer service provides quality answers, but the response time is long, even though it is within the SLA."
"In TotalCloud, I would suggest improvements in policy checks to cater to various inventory types like VPCs, subnets, S3 buckets, or IAMs. There is a lack of data segregation according to criticality or inventory."
"TotalCloud could improve its scanning of niche devices like Wi-Fi dongles and USB modems because they are often untested. It covers everything else, like laptops, mobile devices, and Bluetooth IoT devices. They can improve on the small IoT devices because hackers and testers use these."
"There is room for improvement in the scanning capabilities. I'd like to see broader coverage in terms of the vulnerabilities detected."
"One major area for improvement is remediation. My team works on remediating findings over time, likely using available patches. However, easier integration with Amazon's patching services would be very helpful."
"It has automated vulnerability assessment, yet I seek more flexibility in defining custom vulnerability checks tailored to my needs, which is more difficult."
"The false positive rate of Amazon Inspector is a little high, and it is not covering all different applications and scanning."
"It has a limited scope. So, AWS Inspector primarily focuses on the security of the EC2 instance. So, if your architecture includes other AWS services, then you may need to use additional tools for your comprehensive security assessment. So that is one con. Another is, like, we have a dependency on agents."
"One area for improvement in Amazon Inspector is the automation aspect."
"There isn't too much to improve right now. Scanning on demand or as a part of the pipeline versus a post pipeline solution would be good, but it is not a deal breaker by any means."
"The other point is that the reporting features of Inspector need improvement. For example, I am in an organization with millions of CVEs, and getting an overview of all this is challenging."
"I'm not satisfied with the reporting structure."
"The one drawback that we have found is the reports. We are still getting reports from Tenable.sc since the maturity levels on the reports are lacking."
"It's not a user-friendly tool since it has a complicated interface."
"An area of improvement for this solution is being able to customize the dashboard. For example, the dashboard does not allow us to view a previous months vulnerability results alongside current results to make comparisons."
"They've been able to think about everything in terms of where the world is going and the type of assets that you've got. They've everything sorted out in that aspect, but you have to pay for most of the other components that they've got to give you complete visibility across your tech surface. If it already had those capabilities in-built, without having to add them on to take advantage of them, it would be a very compelling value proposition."
"The price could be lower, and the grouping of platforms on the dashboard can be included in the next release of the product."
"There needs to be better dashboard navigation."
"My rating for customer service is three."
 

Pricing and Cost Advice

"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"The cost is high, but it meets our organizational needs."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
"Qualys TotalCloud is expensive."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"The lowest cost would be around $10 for a few small accounts, however, for thousands of accounts, it could be around $5000 to $6000 dollars per month."
"It's priced according to market standards for its services."
"The pricing is very transparent and clear."
"It is scaled as you go. There are probably a certain number of scans per month, and there are tiers. If you're under a certain tier, it is free. The second level is pennies, and then all the way up to like a million. So, it has a tiered pricing program. They're pretty good with your initial scanning, and there is room to scale based on being affordable, but it is fairly cheap. There are no additional costs. They pretty much think about it as a pay-per-scan type model."
"The total cost we pay for this solution is over 45K. This is for a large education organization."
"I would rate the pricing a five out of ten. It is in the middle."
"Tenable.io Vulnerability Management's pricing solution model isn't great."
"The product costs us around $137,000 annually for 4000 to 5000 assets."
"Compared to other VM solutions, Tenable.io Vulnerability Management is expensive."
"The cost is determined by the number of endpoints, which is approximately one dollar per endpoint."
"The tool is reasonably priced."
"Yearly payments are to be made toward the licensing cost of the product. It is neither a cheap nor an expensive product."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
904,054 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
16%
Financial Services Firm
13%
Construction Company
8%
Comms Service Provider
7%
Financial Services Firm
14%
Computer Software Company
8%
Government
7%
Comms Service Provider
6%
Financial Services Firm
15%
Manufacturing Company
10%
Computer Software Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise5
Large Enterprise29
By reviewers
Company SizeCount
Small Business2
Midsize Enterprise2
Large Enterprise6
By reviewers
Company SizeCount
Small Business20
Midsize Enterprise3
Large Enterprise22
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What is your experience regarding pricing and costs for Amazon Inspector?
I am not honestly sure about the pricing side of Amazon Inspector, but that is taken care of by a separate team. I be...
What needs improvement with Amazon Inspector?
They might launch support for third-party environments in the next version regarding the best features in Amazon Insp...
What is your primary use case for Amazon Inspector?
I mostly use Amazon Inspector for vulnerability scanning on AWS native applications. For hybrid applications, we have...
What's the difference between Tenable Nessus and Tenable.io Vulnerability Management?
Tenable Nessus is a vulnerability assessment solution that is both easy to deploy and easy to manage. The design of ...
What needs improvement with Tenable.io Vulnerability Management?
In my opinion, I would like to see additional functions and improvements. Something related to AI would be a good add...
What advice do you have for others considering Tenable.io Vulnerability Management?
I have purchased a license directly from Tenable, so I am working directly with Tenable and not through partners. My ...
 

Also Known As

Qualys TotalCloud with FlexScan
No data available
Tenable.io
 

Overview

 

Sample Customers

Information Not Available
betterment, caplinked, flatiron, university of nutri dame
Global Payments AU/NZ
Find out what your peers are saying about Amazon Inspector vs. Tenable Vulnerability Management and other solutions. Updated: June 2026.
904,054 professionals have used our research since 2012.