Checkmarx One vs Qualys CyberSecurity Asset Management (CSAM) comparison

Checkmarx and Qualys are both solutions in the Vulnerability Management category. Checkmarx is ranked #15 with an average rating of 7.8, while Qualys is ranked #25 with an average rating of 9.5. Additionally, 86% of Checkmarx users are willing to recommend the solution, compared to 100% of Qualys users who would recommend it.

Checkmarx One

Read 69 Checkmarx One reviews

342 Views
304 Comparison Views

86% willing to recommend

Qualys CyberSecurity Asset ...

Read 4 Qualys CyberSecurity Asset Management (CSAM) reviews

85 Views
55 Comparison Views

100% willing to recommend

Checkmarx One

Qualys CyberSecurity Asset ...

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Checkmarx One and Qualys CyberSecurity Asset Management (CSAM) based on real PeerSpot user reviews.

Find out in this report how the two Vulnerability Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Checkmarx One vs. Qualys CyberSecurity Asset Management (CSAM) Report (Updated: August 2024).

Buyer's Guide

Checkmarx One vs. Qualys CyberSecurity Asset Management (CSAM)

August 2024

Download the complete report

Helped 805,335 peers since 2012

Categories and Ranking

Checkmarx One

Ranking in Vulnerability Management

15th

Average Rating

7.6

Number of Reviews

Ranking in other categories

Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Static Code Analysis (2nd), API Security (4th), DevSecOps (2nd), Risk-Based Vulnerability Management (5th)

Qualys CyberSecurity Asset ...

Ranking in Vulnerability Management

25th

Average Rating

9.6

Number of Reviews

Ranking in other categories

Patch Management (17th), Cyber Asset Attack Surface Management (CAASM) (4th), Attack Surface Management (ASM) (11th), Software Supply Chain Security (11th)

Featured Reviews

Prakash Ganesan

Engineer senior at a hospitality company with 10,001+ employees

Sep 10, 2022

A good compliance solution that is best suited to small scale applications, and suffers from stability issues

Our main uses of this solution are to ensure our required compliance policies are met, and that we are applying best practice This solution helps to remediate the compliance requirements we have. The product also increases the quality of the code the developers are able to implement. The main…

Read full review

Sangram Gupta

Cyber Risk Advisory – Consultant at Deloitte

Sep 6, 2024

Helps identify risk factors and saves a lot of time with dynamic tags and asset purge rules

In Qualys CSAM, there is a module called EASM. One improvement that they can make in the EASM module is the scan frequency. After EASM is configured the first time, it allows you to do the complete configuration, but if you want to reconfigure it, it will not ask or provide any option for scan frequency. For that, you need to raise a case with Qualys and talk to the Qualys team. It only allows us to add the domain. There are only certain criteria that we can use to create a new profile inside EASM. I know that EASM is a new module in Qualys, and it is improving day by day, but it currently does not have the same configuration area that CSAM has. In the future, I hope it will be improved so that we are able to handle the configuration of EASM on our own. We do not have to raise any kind of vendor ticket or Qualys support ticket for that. Mainly, the configuration area needs improvement. Currently, we do not have all the rights to do the configuration. For any critical change, we cannot wait for the vendor to resolve the ticket. Just like CSAM, we should be able to do the configuration on our own in EASM.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"It is a stable product."

"The only thing I like is that Checkmarx does not need to compile."

"The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."

"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."

"The value you can get out of the speedy production may be worth the price tag."

"The solution communicates where to fix the issue for the purpose of less iterations."

"The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."

"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."

More Checkmarx One pros

"The most valuable aspect we receive from Qualys is the remediation."

"Tags are very useful for us since we can tag virus applications in infrastructure types such as databases, operating systems, or web platforms."

"The end-of-life and end-of-service software and hardware are some of my favorite features."

"When you implement a dynamic tag using a query, you do not need to manually tag all the servers. It categorizes all the servers that come under that query. The tagging part is automatically done within a few minutes. It reduces the effort."

Cons

"The reports are good, but they still need to be improved considering what the UI offers."

"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."

"I would like the product to include more debugging and developed tools. It needs to also add enhancements on the coding side."

"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."

"The integration could improve by including, for example, DevSecOps."

"This product requires you to create your own rulesets. You have to do a lot of customization."

"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."

"It is an expensive solution."

More Checkmarx One cons

"Qualys CyberSecurity Asset Management could be more cost-effective by offering a lower price point or integrating with existing VMDR features."

"It is automatically exporting the vulnerabilities and the assets. However, it would be useful to have the ability to select or to filter which we would like to export."

"One improvement that they can make in the EASM module is the scan frequency. After EASM is configured the first time, it allows you to do the complete configuration, but if you want to reconfigure it, it will not ask or provide any option for scan frequency. For that, you need to raise a case with Qualys and talk to the Qualys team."

"Currently, whenever the agent is running, it consumes over ten percent of my CPU, indicating that CPU consumption is another area Qualys needs to address."

Pricing and Cost Advice

"If you want more, you have to pay more. You have to pay for additional modules or functionalities."

"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."

"The solution's price is high and you pay based on the number of users."

"For around 250 users or committers, the cost is approximately $500,000."

"It is the right price for quality delivery."

"The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."

"Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."

"The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."

More Checkmarx One pricing and cost advice

"It is cost-effective because, in a single tool, we are getting everything. All the solutions come in a single license or price."

"Qualys CyberSecurity Asset Management can be expensive, especially if we already have VMDR."

"The cost for Qualys CyberSecurity Asset Management is high."

See which vendors are best for you

Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.

See recommendations

805,335 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

21%

Computer Software Company

16%

Manufacturing Company

10%

Government

Computer Software Company

32%

Government

12%

Manufacturing Company

Comms Service Provider

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?

I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.

See all answers

What do you like most about Checkmarx?

Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.

See all answers

What is your experience regarding pricing and costs for Checkmarx?

The tool's pricing is fine.

See all answers

What is your experience regarding pricing and costs for Qualys CyberSecurity Asset Management (CSAM)?

The pricing is fair. We don't have any objection to the current pricing model.

See all answers

What needs improvement with Qualys CyberSecurity Asset Management (CSAM)?

It is automatically exporting the vulnerabilities and the assets. However, it would be useful to have the ability to select or filter which we would like to export. As of now, anything and everythi...

See all answers

What is your primary use case for Qualys CyberSecurity Asset Management (CSAM)?

This is the main product that we are using for managing assets, including hardware assets and software assets.

See all answers

Comparisons

SonarQube vs Checkmarx One

Compared 51% of the time

Veracode vs Checkmarx One

Compared 13% of the time

Fortify on Demand vs Checkmarx One

Compared 7% of the time

Coverity vs Checkmarx One

Compared 4% of the time

Snyk vs Checkmarx One

Compared 4% of the time

More Checkmarx One Competitors

Armis vs Qualys CyberSecurity Asset Management (CSAM)

Compared 31% of the time

Microsoft Defender External Attack Surface Management vs Qualys CyberSecurity Asset Management (CSAM)

Compared 26% of the time

Amazon Inspector vs Qualys CyberSecurity Asset Management (CSAM)

Compared 17% of the time

Morphisec vs Qualys CyberSecurity Asset Management (CSAM)

Compared 14% of the time

Tanium vs Qualys CyberSecurity Asset Management (CSAM)

Compared 13% of the time

More Qualys CyberSecurity Asset Management (CSAM) Competitors

Product Reports

Buyer's Guide

Checkmarx One

September 2024

Download Checkmarx One product report

Buyer's Guide

Armis vs. Qualys CyberSecurity Asset Management (CSAM)

August 2024

Qualys CyberSecurity Asset Management (CSAM) report

Download Qualys CyberSecurity Asset Management (CSAM) product report

Learn More

Checkmarx

Qualys

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
API security
Dynamic Application Security Testing (DAST)
Container security
IaC security
Correlation, prioritization, and risk management
Codebashing secure code training
AI security
Tech partnerships extending AppSec into runtime analysis
Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Qualys CyberSecurity Asset Management (CSAM) provides industry-leading coverage of the internal and external attack surface (EASM), along with comprehensive cyber risk assessment, natively-integrated with Qualys Vulnerability Management, Detection, and Response (VMDR).

CSAM solidifies attack surface coverage and turbocharges vulnerability management with:

Comprehensive discovery of IT, IoT/OT, and rogue assets, internet-facing assets from mergers and subsidiaries, and business context from third-party connectors
Risk factors such as EoL/EoS software, missing security controls, unsanctioned ports, and expired SSL certs to show the TruRisk of every asset
Bi-directional CMDB sync to push cyber risk context to IT’s source of truth and pull business context into your security program

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC

Buyer's Guide

Checkmarx One vs. Qualys CyberSecurity Asset Management (CSAM)

August 2024

Free Report: Checkmarx One vs. Qualys CyberSecurity Asset Management (CSAM)

Find out what your peers are saying about Checkmarx One vs. Qualys CyberSecurity Asset Management (CSAM) and other solutions. Updated: August 2024.

DOWNLOAD NOW

805,335 professionals have used our research since 2012.

See our Checkmarx One vs. Qualys CyberSecurity Asset Management (CSAM) report.

See our list of best Vulnerability Management vendors.

We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.