Try our new research platform with insights from 80,000+ expert users

Qualys CyberSecurity Asset Management vs Tanium comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 16, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Ranking in Vulnerability Management
27th
Average Rating
9.6
Reviews Sentiment
8.1
Number of Reviews
2
Ranking in other categories
Continuous Threat Exposure Management (CTEM) (6th)
Qualys CyberSecurity Asset ...
Ranking in Vulnerability Management
10th
Average Rating
9.2
Reviews Sentiment
7.6
Number of Reviews
21
Ranking in other categories
Patch Management (7th), Cyber Asset Attack Surface Management (CAASM) (2nd), Attack Surface Management (ASM) (4th), Software Supply Chain Security (5th)
Tanium
Ranking in Vulnerability Management
22nd
Average Rating
7.4
Reviews Sentiment
6.5
Number of Reviews
16
Ranking in other categories
Server Monitoring (10th), Endpoint Protection Platform (EPP) (37th), Endpoint Detection and Response (EDR) (26th)
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
Revathi VeeraRaghavan - PeerSpot reviewer
Provides comprehensive visibility and covers the complete attack surface
For some of the software, there was no life cycle or general information. We wanted them to give details in the database as and when the software comes. I raised a ticket for that, and after that, they updated the details for more than one million software. They should address the false positives generated in EASM. It is fetching assets that have Infosys as the keyword. They should fix that. When we click on the web application, it only shows potential web assets. The application details are not there. Overall, CSAM has matured a lot. These are the few enhancements that need to be done.
Mo Vermeiren - PeerSpot reviewer
Is able to make several campaigns work in parallel, but the user interface needs improvement
It's mainly used by the cybersecurity team for Windows patching and deployment of some software solutions I like the fact that you can create patching campaigns depending on the area of your network that you want to address first. I like the ability it has to make several campaigns that work in…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran has become an indispensable tool in our cybersecurity arsenal."
"Zafran is an excellent tool."
"The most valuable aspect we receive from Qualys is the remediation."
"Overall, I would give Qualys CyberSecurity Asset Management a nine out of ten."
"Qualys CyberSecurity Asset Management has helped to improve the organization's security posture significantly."
"The end-of-life and end-of-service software and hardware are some of my favorite features."
"Authorized and unauthorized software visibility is the best feature for me."
"Qualys CyberSecurity Asset Management offers comprehensive features to cover our entire attack surface."
"I would rate Qualys CyberSecurity Asset Management ten out of ten."
"We have had zero attacks since we enabled all the features in Qualys CSAM."
"I'm not so familiar with the tool but I like the interaction of the console to the picture. Patching is the primary model I have been focusing on for the last couple of weeks. So I have created a proof of concept environment and have been checking the available features."
"Threat hunting is a very good feature on Tanium. We have just started using it and have not used it extensively."
"When I push a quick update, it's done right away, and I can rescan immediately to confirm completion within minutes."
"Tanium has made the process of detecting threats more proactive with its detection. So, the process is easier and more efficient."
"The product is granular and can build complex roles compared to other EDR vendors."
"The interrogation piece was the most valuable feature because it was very detailed."
"For incident response tasks, all these tasks can get done in minutes with minimal disruption to the end-user."
"Tanium’s linear-chain architecture is valuable."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"The scanning function could be improved."
"The Qualys CAPS service requires further exploration and improvement, particularly in its handling of protocols and reactivity with MAC and IP addresses for CAP agents."
"The main aspect that needs improvement is the user interface, which should be more intuitive."
"Qualys CSAM is not super responsive, and there can be delays sometimes, especially with the network passive sensor. You might see duplicate objects which eventually disappear but it takes time. If that can be done faster, it will be great."
"They should address the false positives generated in EASM. It is fetching assets that have Infosys as the keyword."
"Some areas that would be helpful are more comprehensive tagging and the ability to set up better dynamic rules."
"The only minor issue is occasionally being redirected to multiple teams, causing slight delays."
"In our reporting, we faced a challenge syncing with cloud devices."
"We had some issues with the solution's OS upgrade."
"Most of the time, agent-relative issues have to be more equipped with self-healing features. At times, the agent is there, but for some reason, it doesn't report a status. It gives certain problems that are obviously agent-based."
"The reporting could be improved."
"I would like to have more integrations and custom plugins to input. Integration is always a big deal in a lot of different environments."
"The solution can give a lot of false positives."
"Tanium’s scalability could be improved."
"When working with Tanium, there are some older devices that haven't been patched for a long time, and certain patches are not included in Tanium. I have to search outside to download patches, create bundles, and then perform the task."
"Any movement into a SaaS solution has challenges since the processes and data flows are not well defined. Hence, you need to build it at the same time."
 

Pricing and Cost Advice

Information not available
"The cost for Qualys CyberSecurity Asset Management is high."
"The pricing is reasonable relative to the features provided, as it collects all module data and operates as a main, centralized inventory, making it a cost-effective solution."
"The pricing for Qualys CSAM is nominal."
"Qualys is competitively priced for its features. Its pricing is suitable for large organizations with more than 4,000 assets, but for smaller organizations with few assets, such as banks, the costs might be high. They should come up with packages that are suitable for small organizations."
"The Qualys Cybersecurity Asset Management pricing is well-aligned with our usage."
"The pricing is fair. I would love to see the price come down a little bit, but we do get a lot of value out of it. We are squeezing every ounce of value we can out of the tool."
"Qualys offers excellent value for money."
"The pricing for Qualys Cybersecurity Asset Management is reasonable, with an annual subscription costing around $1,000 per year or a monthly subscription starting at approximately $72 per month, depending on the specific package and features included."
"It's an expensive solution. It would be nice if the cost were lower."
"There is an annual license required to use this solution."
"It is higher than some competitors in the market."
"The solution offers value for money."
"Tanium is a more expensive solution in Latin America than some of the competitors, such as BigFix."
"The solution is expensive but it's a good investment."
"The product's pricing differs from region to region depending on negotiations and the number of endpoints."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
12%
Manufacturing Company
6%
Retailer
6%
Computer Software Company
22%
Financial Services Firm
14%
Government
9%
Retailer
6%
Financial Services Firm
17%
Government
13%
Computer Software Company
10%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
Pricing for Zafran Security is not expensive. We have a contract for five years, and the cost is lower than other too...
What needs improvement with Zafran Security?
I would like to see an integration with Check Point firewalls. It's essential for us and they are currently working o...
What is your primary use case for Zafran Security?
We use Zafran Security for threat prioritization. We establish priority to understand which risks should be patched o...
What is your experience regarding pricing and costs for Qualys CyberSecurity Asset Management?
The pricing is reasonable relative to the features provided, as it collects all module data and operates as a main, c...
What needs improvement with Qualys CyberSecurity Asset Management?
Qualys is continually developing, adding new features each year. Previously, there was no on-demand scan feature in a...
What is your primary use case for Qualys CyberSecurity Asset Management?
I have been working with Qualys for approximately two and a half years. I have used this module to manage security po...
What do you like most about Tanium?
Tanium’s linear-chain architecture is valuable.
What needs improvement with Tanium?
When working with Tanium, there are some older devices that haven't been patched for a long time, and certain patches...
What is your primary use case for Tanium?
We primarily use Tanium for patching, focusing on vulnerabilities. Our major goal with Tanium is to patch based on vu...
 

Overview

 

Sample Customers

Information Not Available
Information Not Available
JPMorgan Chase, eBay, Amazon, US Bank, MetLife, pwc, Cerner, Delphi, MGM Grand, New York Life
Find out what your peers are saying about Qualys CyberSecurity Asset Management vs. Tanium and other solutions. Updated: March 2025.
845,040 professionals have used our research since 2012.