Qualys CyberSecurity Asset Management vs Tanium comparison

Qualys and Tanium are both solutions in the Vulnerability Management category. Qualys is ranked #11 with an average rating of 9.2, while Tanium is ranked #26 with an average rating of 7.1. Additionally, 100% of Qualys users are willing to recommend the solution, compared to 73% of Tanium users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Jan 16, 2025

Tanium and Qualys CyberSecurity Asset Management are solutions competing in cybersecurity asset management. Tanium seems to have a slight advantage with its rapid threat detection and response capabilities, while Qualys is preferred for its extensive vulnerability management features.

Features: Tanium offers real-time data analysis, patch management, and instant discovery features, making it effective for quick threat response. Qualys provides dynamic asset tagging, asset purge rule, and detailed vulnerability assessments, ensuring strong security compliance and management.

Room for Improvement: Tanium can improve in areas such as ease of use, scalability challenges, and simplifying its comprehensive features for smaller teams. Qualys could enhance user-friendliness, integrate more seamlessly with other tools, and offer more flexible reporting options.

Ease of Deployment and Customer Service: Tanium offers a versatile deployment model suitable for diverse environments, with personalized customer support. Qualys provides a robust cloud-based architecture and allows ease of deployment with responsive support.

Pricing and ROI: Tanium typically involves higher initial costs but promises favorable long-term ROI. Qualys offers competitive pricing, making it attractive for budget-conscious organizations, with a compelling ROI due to its reliable vulnerability management focus.

To learn more, read our detailed Qualys CyberSecurity Asset Management vs. Tanium Report (Updated: March 2025).

Buyer's Guide

Qualys CyberSecurity Asset Management vs. Tanium

March 2025

Download the complete report

Helped 842,592 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Zafran Security

Featured Reviews

Israel Cavazos Landini

Associate Director IT Security Operations at Novartis

Weekly insights and risk analysis facilitate informed security decisions

I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.

Read full review

Revathi VeeraRaghavan

Information Security - Manager at Infosys

Provides comprehensive visibility and covers the complete attack surface

For some of the software, there was no life cycle or general information. We wanted them to give details in the database as and when the software comes. I raised a ticket for that, and after that, they updated the details for more than one million software. They should address the false positives generated in EASM. It is fetching assets that have Infosys as the keyword. They should fix that. When we click on the web application, it only shows potential web assets. The application details are not there. Overall, CSAM has matured a lot. These are the few enhancements that need to be done.

Read full review

Mo Vermeiren

Cybersecurity Business & Technology Consultant at Capgemini

Is able to make several campaigns work in parallel, but the user interface needs improvement

It's mainly used by the cybersecurity team for Windows patching and deployment of some software solutions I like the fact that you can create patching campaigns depending on the area of your network that you want to address first. I like the ability it has to make several campaigns that work in…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Zafran is an excellent tool."

"Zafran has become an indispensable tool in our cybersecurity arsenal."

"The integration with different third-party tools, such as cloud providers like Azure and AWS, and asset management tools like CMDB systems, is valuable."

"I would rate the Qualys CSAM a ten out of ten for its overall performance."

"I would rate Qualys CSAM a ten out of ten."

"Overall, I would give Qualys CyberSecurity Asset Management a nine out of ten."

"The best feature is asset discovery through their cloud agent or IP-based scanning."

"My favourite feature of Qualys CyberSecurity Asset Management is its ability to target missing software."

"I would rate Qualys CyberSecurity Asset Management ten out of ten."

"Qualys CyberSecurity Asset Management offers valuable features such as continuous vendor support, rapid response times, dedicated vendor partnerships, and advanced technical capabilities for risk identification."

More Qualys CyberSecurity Asset Management pros

"Threat hunting is a very good feature on Tanium. We have just started using it and have not used it extensively."

"Tanium’s linear-chain architecture is valuable."

"The solution is scalable and helps to understand how infrastructure works. It helps to improve the health of the organization."

"For incident response tasks, all these tasks can get done in minutes with minimal disruption to the end-user."

"The product is granular and can build complex roles compared to other EDR vendors."

"The most valuable features of this solution are the consolidation of all historical data on device endpoints, security drivers, firmware, and Software version gaps."

"Tanium's most valuable feature is its instant discovery aspect."

"I like the fact that you can create patching campaigns depending on the area of your network that you want to address first. I like the ability it has to make several campaigns that work in parallel."

More Tanium pros

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."

"Further research and development are needed to enhance integration with other cloud agents and products, particularly improving communication with external products and vendors."

"Currently, in the EASM module, the scan frequency is limited to once daily, but allowing end users control over scan scheduling would be advantageous."

"All required features are available in Qualys CSAM. However, it would be helpful if Qualys CSAM started incorporating AI models. An inclusion of threat details for AI and LLM-related risks would be beneficial."

"They should address the false positives generated in EASM. It is fetching assets that have Infosys as the keyword."

"They should address the false positives generated in EASM. It is fetching assets that have Infosys as the keyword. They should fix that."

"The deployment is somewhat complicated and could be made more user-friendly for most users. It is currently not user-friendly for all users. It is good but can be improved. It is a new product, and they are working on it."

"The scanning function could be improved."

"Qualys could improve by enhancing its dynamic tagging and role-based access control features, and by refining its user interface for a more intuitive and efficient user experience."

More Qualys CyberSecurity Asset Management cons

"The main issues are the network connection because different customers have issues with their networks. It's difficult implementing this type of solution because the network is the main feature in the architecture for these types of solutions. Tanium could improve by creating some network optimization."

"The solution lacks mobility."

"Tanium's limitations should be improved because although it is a great tool, it is limited to only a few classes during a session."

"They could improve the UI."

"Most of the time, agent-relative issues have to be more equipped with self-healing features. At times, the agent is there, but for some reason, it doesn't report a status. It gives certain problems that are obviously agent-based."

"The most painful thing is the interface. It's a bit unclear sometimes."

"The solution needs to improve the reporting and tracking capabilities."

"It is not really additional functions, or the features that are needed, rather the complexity would be reduced based on the number of modules required to put together a comprehensive operational security and risk compliance model."

More Tanium cons

Pricing and Cost Advice

Information not available

"The pricing for Qualys CSAM is nominal."

"The pricing is market-competitive."

"Qualys CyberSecurity Asset Management can be expensive, especially if we already have VMDR."

"Qualys offers excellent value for money."

"It is cost-effective because, in a single tool, we are getting everything. All the solutions come in a single license or price."

"Though the solution is considered expensive, if bundled with other services such as VMDR or cloud agents, its value would significantly increase. It is currently a bit costly, but with bundling, it could become attractive to more customers."

"The pricing is reasonable relative to the features provided, as it collects all module data and operates as a main, centralized inventory, making it a cost-effective solution."

"The cost for Qualys CyberSecurity Asset Management is high."

More Qualys CyberSecurity Asset Management pricing and cost advice

"The solution offers value for money."

"The solution is expensive but it's a good investment."

"The product's pricing differs from region to region depending on negotiations and the number of endpoints."

"Tanium is a more expensive solution in Latin America than some of the competitors, such as BigFix."

"It is higher than some competitors in the market."

"It's an expensive solution. It would be nice if the cost were lower."

"There is an annual license required to use this solution."

See which vendors are best for you

Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.

See recommendations

842,592 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

14%

Financial Services Firm

12%

University

Retailer

Computer Software Company

23%

Financial Services Firm

13%

Government

Retailer

Financial Services Firm

17%

Government

13%

Computer Software Company

10%

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?

Pricing for Zafran Security is not expensive. We have a contract for five years, and the cost is lower than other too...

See all answers

What needs improvement with Zafran Security?

I would like to see an integration with Check Point firewalls. It's essential for us and they are currently working o...

See all answers

What is your primary use case for Zafran Security?

We use Zafran Security for threat prioritization. We establish priority to understand which risks should be patched o...

See all answers

What is your experience regarding pricing and costs for Qualys CyberSecurity Asset Management?

The Qualys Cybersecurity Asset Management pricing is well-aligned with our usage.

See all answers

What needs improvement with Qualys CyberSecurity Asset Management?

Qualys is continually developing, adding new features each year. Previously, there was no on-demand scan feature in a...

See all answers

What is your primary use case for Qualys CyberSecurity Asset Management?

I have been working with Qualys for approximately two and a half years. I have used this module to manage security po...

See all answers

What do you like most about Tanium?

Tanium’s linear-chain architecture is valuable.

See all answers

What needs improvement with Tanium?

When working with Tanium, there are some older devices that haven't been patched for a long time, and certain patches...

See all answers

What is your primary use case for Tanium?

We primarily use Tanium for patching, focusing on vulnerabilities. Our major goal with Tanium is to patch based on vu...

See all answers

Comparisons

Dazz.io vs Zafran Security

Compared 52% of the time

Vulcan Cyber vs Zafran Security

Compared 21% of the time

ServiceNow Security Operations vs Zafran Security

Compared 19% of the time

Tenable Vulnerability Management vs Zafran Security

Compared 8% of the time

More Zafran Security Competitors

Amazon Inspector vs Qualys CyberSecurity Asset Management

Compared 15% of the time

Armis vs Qualys CyberSecurity Asset Management

Compared 13% of the time

Microsoft Defender External Attack Surface Management vs Qualys CyberSecurity Asset Management

Compared 12% of the time

CrowdStrike Falcon vs Qualys CyberSecurity Asset Management

Compared 8% of the time

CyCognito vs Qualys CyberSecurity Asset Management

Compared 5% of the time

More Qualys CyberSecurity Asset Management Competitors

CrowdStrike Falcon vs Tanium

Compared 16% of the time

Microsoft Defender for Endpoint vs Tanium

Compared 9% of the time

Microsoft Configuration Manager vs Tanium

Compared 9% of the time

ServiceNow Discovery vs Tanium

Compared 6% of the time

BigFix vs Tanium

Compared 6% of the time

More Tanium Competitors

Product Reports

Buyer's Guide

Vulnerability Management

March 2025

Download Zafran Security product report

Buyer's Guide

Qualys CyberSecurity Asset Management

March 2025

Qualys CyberSecurity Asset Management report

Download Qualys CyberSecurity Asset Management product report

Buyer's Guide

Tanium

March 2025

Download Tanium product report

Overview

Zafran Security integrates with existing security tools to identify and mitigate vulnerabilities effectively, proving that most critical vulnerabilities are not exploitable, optimizing threat management.

Zafran Security introduces an innovative operating model for managing security threats and vulnerabilities. By leveraging the threat exposure management platform, it pinpoints and prioritizes exploitable vulnerabilities, reducing risk through immediate remediation. This platform enhances your hybrid cloud security by normalizing vulnerability signals and integrating specific IT context data, such as CVE runtime presence and internet asset reachability, into its analysis. No longer reliant on patch windows, Zafran Security allows you to manage risks actively.

What are the key features of Zafran Security?

Threat Exposure Management: Utilizes existing tools to prioritize vulnerabilities and manage threats.
Integrative Analysis: Combines security data with IT context for precise vulnerability management.
Real-time Risk Reduction: Enables immediate risk management without waiting for patches.
Hybrid Cloud Compatibility: Functions across diverse cloud environments for comprehensive security.

What benefits can users expect from Zafran Security?

Improved Security: Enhances protection by efficiently identifying and mitigating risks.
Cost Efficiency: Reduces unnecessary patching expenses by confirming non-exploitable vulnerabilities.
Time Savings: Frees developers to focus on root causes by handling immediate threats.
Comprehensive Insight: Offers a holistic view of security threats and vulnerabilities.

In industries where security is paramount, such as finance and healthcare, Zafran Security provides invaluable protection by ensuring that only exploitable vulnerabilities are addressed. It allows entities to maintain robust security measures while allocating resources efficiently, fitting seamlessly into existing security strategies.

Zafran Security

Qualys CyberSecurity Asset Management provides advanced real-time asset visibility, dynamic tagging, and External Attack Surface Management. It streamlines asset discovery and management using cloud agents and IP-based scanning, enhancing risk management and software lifecycle tracking.

Qualys CyberSecurity Asset Management offers a comprehensive solution for managing asset inventories and tracking software lifecycle states. It facilitates network visibility and supports zero-day vulnerability solutions, enhancing security posture through efficient monitoring. Users benefit from its cloud-based interface, which provides in-depth asset configurations and insights. Key features include automated vulnerability scanning and unauthorized software management, reducing manual efforts. The platform also emphasizes the importance of timely remediation and ongoing risk mitigation across multiple environments. Despite its strengths, users note the need for enhanced integration with additional CMDBs beyond ServiceNow, as well as cost efficiency improvements. Requests also include better report customization, more scan control, and a simplified UI.

What are the key features of Qualys CyberSecurity Asset Management?

Real-time Visibility: Offers continuous insight into asset status and condition.
Dynamic Tagging: Allows for flexible organization and assessment of assets.
External Attack Surface Management: Identifies potential threats from external sources.
Automated Vulnerability Scanning: Reduces manual scanning efforts and identifies vulnerabilities instantly.
Unauthorized Software Management: Detects and manages software not approved for use.
Asset Purge Rule: Automates the removal of obsolete assets from the inventory.

What benefits should users look for in reviews?

Enhanced Security Posture: Gains stronger defense through effective asset monitoring.
Efficient Risk Management: Identifies threats quickly, enabling timely resolutions.
Improved Compliance: Assists in meeting industry standards and regulations.
Reduced Manual Effort: Automates repetitive tasks, saving time and resources.
Comprehensive Insight: Provides detailed data for informed decision making.

In industries like finance, healthcare, and manufacturing, Qualys CyberSecurity Asset Management enhances asset control by offering visibility into hardware and software configurations. It aids in maintaining security compliance and identifying unauthorized software, crucial for sectors with strict regulatory requirements.

Qualys

Tanium Endpoint Platform reduces security risk, improves agility & increases efficiency, a fundamentally new approach to endpoint security's threat detection, indicent response, vulnerability assessment and configuration compliance & with management's software distribution, asset utilization, asset inventory and patch management.

Tanium

Sample Customers

Information Not Available

JPMorgan Chase, eBay, Amazon, US Bank, MetLife, pwc, Cerner, Delphi, MGM Grand, New York Life

Buyer's Guide

Qualys CyberSecurity Asset Management vs. Tanium

March 2025

Free Report: Qualys CyberSecurity Asset Management vs. Tanium

Find out what your peers are saying about Qualys CyberSecurity Asset Management vs. Tanium and other solutions. Updated: March 2025.

DOWNLOAD NOW

842,592 professionals have used our research since 2012.

See our Qualys CyberSecurity Asset Management vs. Tanium report.

See our list of best Vulnerability Management vendors.

We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.