Try our new research platform with insights from 80,000+ expert users

Qualys CyberSecurity Asset Management vs Tanium comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 16, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Ranking in Vulnerability Management
32nd
Average Rating
9.6
Reviews Sentiment
8.1
Number of Reviews
2
Ranking in other categories
Continuous Threat Exposure Management (CTEM) (4th)
Qualys CyberSecurity Asset ...
Ranking in Vulnerability Management
11th
Average Rating
9.2
Reviews Sentiment
7.6
Number of Reviews
21
Ranking in other categories
Patch Management (8th), Cyber Asset Attack Surface Management (CAASM) (2nd), Attack Surface Management (ASM) (4th), Software Supply Chain Security (7th)
Tanium
Ranking in Vulnerability Management
26th
Average Rating
7.4
Reviews Sentiment
6.5
Number of Reviews
16
Ranking in other categories
Server Monitoring (9th), Endpoint Protection Platform (EPP) (37th), Endpoint Detection and Response (EDR) (27th)
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
Revathi VeeraRaghavan - PeerSpot reviewer
Provides comprehensive visibility and covers the complete attack surface
For some of the software, there was no life cycle or general information. We wanted them to give details in the database as and when the software comes. I raised a ticket for that, and after that, they updated the details for more than one million software. They should address the false positives generated in EASM. It is fetching assets that have Infosys as the keyword. They should fix that. When we click on the web application, it only shows potential web assets. The application details are not there. Overall, CSAM has matured a lot. These are the few enhancements that need to be done.
Mo Vermeiren - PeerSpot reviewer
Is able to make several campaigns work in parallel, but the user interface needs improvement
It's mainly used by the cybersecurity team for Windows patching and deployment of some software solutions I like the fact that you can create patching campaigns depending on the area of your network that you want to address first. I like the ability it has to make several campaigns that work in…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran is an excellent tool."
"Zafran has become an indispensable tool in our cybersecurity arsenal."
"The integration with different third-party tools, such as cloud providers like Azure and AWS, and asset management tools like CMDB systems, is valuable."
"I would rate the Qualys CSAM a ten out of ten for its overall performance."
"I would rate Qualys CSAM a ten out of ten."
"Overall, I would give Qualys CyberSecurity Asset Management a nine out of ten."
"The best feature is asset discovery through their cloud agent or IP-based scanning."
"My favourite feature of Qualys CyberSecurity Asset Management is its ability to target missing software."
"I would rate Qualys CyberSecurity Asset Management ten out of ten."
"Qualys CyberSecurity Asset Management offers valuable features such as continuous vendor support, rapid response times, dedicated vendor partnerships, and advanced technical capabilities for risk identification."
"Threat hunting is a very good feature on Tanium. We have just started using it and have not used it extensively."
"Tanium’s linear-chain architecture is valuable."
"The solution is scalable and helps to understand how infrastructure works. It helps to improve the health of the organization."
"For incident response tasks, all these tasks can get done in minutes with minimal disruption to the end-user."
"The product is granular and can build complex roles compared to other EDR vendors."
"The most valuable features of this solution are the consolidation of all historical data on device endpoints, security drivers, firmware, and Software version gaps."
"Tanium's most valuable feature is its instant discovery aspect."
"I like the fact that you can create patching campaigns depending on the area of your network that you want to address first. I like the ability it has to make several campaigns that work in parallel."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"Further research and development are needed to enhance integration with other cloud agents and products, particularly improving communication with external products and vendors."
"Currently, in the EASM module, the scan frequency is limited to once daily, but allowing end users control over scan scheduling would be advantageous."
"All required features are available in Qualys CSAM. However, it would be helpful if Qualys CSAM started incorporating AI models. An inclusion of threat details for AI and LLM-related risks would be beneficial."
"They should address the false positives generated in EASM. It is fetching assets that have Infosys as the keyword."
"They should address the false positives generated in EASM. It is fetching assets that have Infosys as the keyword. They should fix that."
"The deployment is somewhat complicated and could be made more user-friendly for most users. It is currently not user-friendly for all users. It is good but can be improved. It is a new product, and they are working on it."
"The scanning function could be improved."
"Qualys could improve by enhancing its dynamic tagging and role-based access control features, and by refining its user interface for a more intuitive and efficient user experience."
"The main issues are the network connection because different customers have issues with their networks. It's difficult implementing this type of solution because the network is the main feature in the architecture for these types of solutions. Tanium could improve by creating some network optimization."
"The solution lacks mobility."
"Tanium's limitations should be improved because although it is a great tool, it is limited to only a few classes during a session."
"They could improve the UI."
"Most of the time, agent-relative issues have to be more equipped with self-healing features. At times, the agent is there, but for some reason, it doesn't report a status. It gives certain problems that are obviously agent-based."
"The most painful thing is the interface. It's a bit unclear sometimes."
"The solution needs to improve the reporting and tracking capabilities."
"It is not really additional functions, or the features that are needed, rather the complexity would be reduced based on the number of modules required to put together a comprehensive operational security and risk compliance model."
 

Pricing and Cost Advice

Information not available
"The pricing for Qualys CSAM is nominal."
"The pricing is market-competitive."
"Qualys CyberSecurity Asset Management can be expensive, especially if we already have VMDR."
"Qualys offers excellent value for money."
"It is cost-effective because, in a single tool, we are getting everything. All the solutions come in a single license or price."
"Though the solution is considered expensive, if bundled with other services such as VMDR or cloud agents, its value would significantly increase. It is currently a bit costly, but with bundling, it could become attractive to more customers."
"The pricing is reasonable relative to the features provided, as it collects all module data and operates as a main, centralized inventory, making it a cost-effective solution."
"The cost for Qualys CyberSecurity Asset Management is high."
"The solution offers value for money."
"The solution is expensive but it's a good investment."
"The product's pricing differs from region to region depending on negotiations and the number of endpoints."
"Tanium is a more expensive solution in Latin America than some of the competitors, such as BigFix."
"It is higher than some competitors in the market."
"It's an expensive solution. It would be nice if the cost were lower."
"There is an annual license required to use this solution."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
842,592 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
12%
University
6%
Retailer
6%
Computer Software Company
23%
Financial Services Firm
13%
Government
8%
Retailer
6%
Financial Services Firm
17%
Government
13%
Computer Software Company
10%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
Pricing for Zafran Security is not expensive. We have a contract for five years, and the cost is lower than other too...
What needs improvement with Zafran Security?
I would like to see an integration with Check Point firewalls. It's essential for us and they are currently working o...
What is your primary use case for Zafran Security?
We use Zafran Security for threat prioritization. We establish priority to understand which risks should be patched o...
What is your experience regarding pricing and costs for Qualys CyberSecurity Asset Management?
The Qualys Cybersecurity Asset Management pricing is well-aligned with our usage.
What needs improvement with Qualys CyberSecurity Asset Management?
Qualys is continually developing, adding new features each year. Previously, there was no on-demand scan feature in a...
What is your primary use case for Qualys CyberSecurity Asset Management?
I have been working with Qualys for approximately two and a half years. I have used this module to manage security po...
What do you like most about Tanium?
Tanium’s linear-chain architecture is valuable.
What needs improvement with Tanium?
When working with Tanium, there are some older devices that haven't been patched for a long time, and certain patches...
What is your primary use case for Tanium?
We primarily use Tanium for patching, focusing on vulnerabilities. Our major goal with Tanium is to patch based on vu...
 

Overview

 

Sample Customers

Information Not Available
Information Not Available
JPMorgan Chase, eBay, Amazon, US Bank, MetLife, pwc, Cerner, Delphi, MGM Grand, New York Life
Find out what your peers are saying about Qualys CyberSecurity Asset Management vs. Tanium and other solutions. Updated: March 2025.
842,592 professionals have used our research since 2012.