Try our new research platform with insights from 80,000+ expert users

Qualys VMDR vs Snyk comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 29, 2024
 

Categories and Ranking

SentinelOne Singularity Clo...
Sponsored
Ranking in Container Security
3rd
Average Rating
8.6
Reviews Sentiment
8.0
Number of Reviews
102
Ranking in other categories
Vulnerability Management (6th), Cloud and Data Center Security (5th), Cloud Workload Protection Platforms (CWPP) (4th), Cloud Security Posture Management (CSPM) (4th), Cloud-Native Application Protection Platforms (CNAPP) (3rd), Compliance Management (3rd)
Qualys VMDR
Ranking in Container Security
12th
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
92
Ranking in other categories
IT Asset Management (4th), Vulnerability Management (2nd), Configuration Management Databases (3rd), Risk-Based Vulnerability Management (3rd)
Snyk
Ranking in Container Security
7th
Average Rating
8.2
Reviews Sentiment
7.3
Number of Reviews
44
Ranking in other categories
Application Security Tools (4th), Software Composition Analysis (SCA) (3rd), Software Development Analytics (2nd), DevSecOps (1st)
 

Mindshare comparison

As of December 2024, in the Container Security category, the mindshare of SentinelOne Singularity Cloud Security is 2.1%, up from 0.8% compared to the previous year. The mindshare of Qualys VMDR is 2.9%, up from 2.6% compared to the previous year. The mindshare of Snyk is 5.9%, down from 8.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security
 

Featured Reviews

Andrew W - PeerSpot reviewer
Tells us about vulnerabilities as well as their impact and helps to focus on real issues
Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.
Harold Jensen - PeerSpot reviewer
Good visibility but expensive and needs better support
Support: It's often overseas and often following a script, basically asking us to redo what we opened the case with. Multiple APIs: There seems to be a lack of easy onboarding into Qualys. We had to use manual inputs and some API calls to get items in place. Dashboard: It is very rudimentary with very little customization. The Qualys Scripting Language (QSL) works differently in different Qualys modules, so when you get it working in one area you have to modify the syntax in others. User account management: We often have to give users more rights than needed just to give them what they need. Integration with the various Qualys Modules: You can tell the UI is different based on of the different teams that created them. QSL syntax same in all modules Responsiveness of some of the components: They time out, you get a blank screen, etc. Backend updates between the various modules: You update connectors and information takes a few minutes to show in VMDR or Global Asset View Connectors: Connectors have a throttling issue with AWS which causes them to frequently fail unless you manually run them again.
Jayashree Acharyya - PeerSpot reviewer
Used for image scanning and identifying vulnerabilities, but its integration with other services could be improved
The solution has improved or streamlined our process a lot for securing container images. We wanted to make sure we are deploying the secure Docker images. Snyk allowed us to check whether it is following our standard of docker images or not. We use Azure DevOps as our platform, and Snyk's integration with Azure DevOps was okay. However, Snyk's integration with JFrog Artifactory didn't go well. We use JFrog Artifactory to store the artifacts we download. We wanted to integrate Snyk with JFrog Artifactory to scan the binary artifacts we downloaded, but that broke our JFrog Artifactory for some reason. Instead of using it there, we are calling it directly from the pipeline. Snyk's automation features significantly reduced remediation times a couple of times. Sometimes, our developers scan the code from the environment and find some Java vulnerabilities. We fixed those vulnerabilities in the lower environment itself. The solution does not require any maintenance. The accuracy of Snyk's vulnerability detection is pretty good compared to other tools. I rate the solution's vulnerability detection feature an eight out of ten. I would recommend Snyk to other users because it is easy to implement and integrate with Azure DevOps and GitHub. Overall, I rate the solution a seven out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The key strength of Singularity Cloud Security lies in its ability to pinpoint vulnerabilities in our cloud accounts and identify suspicious activity that warrants further investigation."
"For Singularity, the task capability is easy to use and it has a very intuitive dashboard, which streamlines the processes."
"SentinelOne Singularity Cloud Security has significantly improved our risk posture."
"PingSafe provides email alerts and ranks issues based on severity, such as high, critical, etc., that help us prioritize issues."
"Cloud Native Security's most valuable features include cloud misconfiguration detection and remediation, compliance monitoring, a robust authentication security engine, and cloud threat detection and response capabilities."
"The most valuable feature of PingSafe is its integration with most of our technology stack, specifically all of our cloud platforms and ticketing software."
"Singularity Cloud Security's most valuable features are its ease of scalability and comprehensive security measures."
"It is fairly simple. Anybody can use it."
"The features that are most valuable are the identification, scan features, and the identification of vulnerabilities."
"There are many features. Its reliability, ease of installation, ease of use, and the richness of the information provided are the most valuable features."
"Qualys VM's best feature is vulnerability management."
"The platform's most valuable features include its robust vulnerability detection capabilities and automated remediation workflows."
"I find the solution's dashboard interesting...The response time is fine. You can pull up reports without dragging or consuming bandwidth."
"The most valuable feature is the ability to run different capabilities with the same agent. With only one agent, we can have EDR, vulnerability management, compliance and some basic SaaS security capabilities."
"The most valuable features of Qualys VM are its ability to do proper vulnerability assessment. It has a lot of updates for all the vulnerability databases from all over the globe. It's an amazing solution when it comes to the versatility of the features it has. Additionally, the reports are very good. It generates very detailed reports about the vulnerabilities inside the environment"
"It allowed us to divide tasks easily among teammates, significantly improving efficiency."
"Snyk has given us really good results because it is fully automated. We don't have to scan projects every time to find vulnerabilities, as it already stores the dependencies that we are using. It monitors 24/7 to find out if there are any issues that have been reported out on the Internet."
"Static code analysis is one of the best features of the solution."
"The CLI feature is quite useful because it gives us a lot of flexibility in what we want to do. If you use the UI, all the information is there and you can see what Snyk is showing you, but there is nothing else that you can change. However, when you use the CLI, then you can use commands and can get the output or response back from Snyk. You can also take advantage of that output in a different way. For the same reason, we have been using the CLI for the hard gate in the pipeline: Obtain a particular CDSS score for vulnerability. Based on that information, we can then decide if we want to block or allow the build. We have more flexibility if we use the CLI."
"A main feature of Snyk is that when you go with SCA, you do get properly done security composition, also from the licensing and open-source parameters perspective. A lot of companies often use open-source libraries or frameworks in their code, which is a big security concern. Snyk deals with all the things and provides you with a proper report about whether any open-source code or framework that you are using is vulnerable. In that way, Snyk is very good as compared to other tools."
"I think all the standard features are quite useful when it comes to software component scanning, but I also like the new features they're coming out with, such as container scanning, secrets scanning, and static analysis with SAST."
"It has a nice dashboard where I can see all the vulnerabilities and risks that they provided. I can also see the category of any risk, such as medium, high, and low. They provide the input priority-wise. The team can target the highest one first, and then they can go to medium and low ones."
"Snyk allows for scaling across large organizations, accommodating tens of thousands of applications and over 60,000 repositories, making it suitable for wide-scale deployment."
"What is valuable about Snyk is its simplicity."
 

Cons

"I would like to see the map feature improve. It's good, but it isn't fully developed. It lets us use custom resources and policies but does not allow us to perform some actions. I would also like more custom integration and runtime security for Kubernetes."
"There is a bit of a learning curve for new users."
"The resolution suggestions could be better, and the compliance features could be more customizable for Indian regulations. Overall, the compliance aspects are good. It gives us a comprehensive list, and its feedback is enough to bring us into compliance with regulations, but it doesn't give us the specific objects."
"While PingSafe offers real-time response, there is room for improvement in alert accuracy."
"Cloud Native Security's reporting could be better. We are unable to see which images are impacted. Several thousand images have been deployed, so if we can see some application-specific information in the dashboard, we can directly send that report to the team that owns the application. We'd also like the option to download the report from the portal instead of waiting for the report to be sent to our email."
"PingSafe is an excellent CSPM tool, but the CWPP features need to improve, and there is a scope for more application security posture management features. There aren't many ASPM solutions on the market, and existing ones are costly. I would like to see PingSafe develop into a single pane of glass for ASPM, CSPM, and CWPP. Another feature I'd like to see is runtime protection."
"We recently adopted a new ticket management solution, so we've asked them to include a connector to integrate that tool with Cloud Native Security directly. We'd also like to see Cloud Native Security add a scan for personally identifying information. We're looking at other tools for this capability, but having that functionality built into Cloud Native Security would be nice. Monitoring PII data is critical to us as an organization."
"Some of the navigation and some aspects of the portal may be a little bit confusing."
"When you want to cover yourself for scalability, you will be charged for the number you place on the scan itself."
"There's a need to upgrade or fix the potential vulnerability rate. Around 20,000 potential vulnerabilities were showing in Qualys VMDR, but none of the other tools showed them. When we checked, it wasn't the case. Support explained that even small issues were being counted as vulnerabilities, causing issues in our audit. So, the security features could be improved to identify vulnerabilities accurately."
"It's quite complex on the way it is set up, so it takes a fair bit of time in order to get your head around it in order to deploy it. Once you've deployed it, then you're never confident on the versions of the browsers and the SSL certificates, etc. You have to always go back into Qualys and check."
"I would like to see this solution simplified to work more easily in a multi-cloud environment."
"The ability to manage user accounts and give rights to the operator to know about abnormalities of applications is something that needs improvement."
"It is more expensive vs. other products on the market."
"The tool needs to improve the adding assets and report generation features. I would like to see the policy scan of offline appliances in the product's future releases."
"The response time of technical support takes a while."
"It can be improved from the reporting perspective and scanning perspective. They can also improve it on the UI front."
"We would like to have upfront knowledge on how easy it should be to just pull in an upgraded dependency, e.g., even introduce full automation for dependencies supposed to have no impact on the business side of things. Therefore, we would like some output when you get the report with the dependencies. We want to get additional information on the expected impact of the business code that is using the dependency with the newer version. This probably won't be easy to add, but it would be helpful."
"There are some new features that we would like to see added, e.g., more visibility into library usage for the code. Something along the lines where it's doing the identification of where vulnerabilities are used, etc. This would cause them to stand out in the market as a much different platform."
"I would like to give further ability to grouping code repositories, in such a way that you could group them by the teams that own them, then produce alerting to those teams. The way that we are seeing it right now, the alerting only goes to a couple of places. I wish we could configure the code to go to different places."
"The feature for automatic fixing of security breaches could be improved."
"Offering API access in the lower or free open-source tiers would be better. That would help our customers. If you don't have an enterprise plan, it becomes challenging to integrate with the rest of the systems. Our customers would like to have some open-source integrations in the next release."
"We have to integrate with their database, which means we need to send our entire code to them to scan, and they send us the report. A company working in the financial domain usually won't like to share its code or any information outside its network with any third-party provider."
"Snyk has several limitations, including issues with Gradle, NPM, and Xcode, and trouble with AutoPR."
 

Pricing and Cost Advice

"PingSafe is affordable."
"PingSafe is cost-effective for the amount of infrastructure we have. It's reasonable for what they offer compared to our previous solution. It's at least 25 percent to 30 percent less."
"PingSafe's primary advantage is its ability to consolidate multiple tools into a single user interface, but, beyond this convenience, it may not offer significant additional benefits to justify its price."
"SentinelOne is relatively cheap. If ten is the most expensive, I would rate it a seven."
"It's not expensive. The product is in its initial growth stages and appears more competitive compared to others. It comes in different variants, and I believe the enterprise version costs around $55 per user per year. I would rate it a five, somewhere fairly moderate."
"The pricing is somewhat high compared to other market tools."
"PingSafe is less expensive than other options."
"Its pricing was a little less than other providers."
"An annual license for a single scanner costs around $3,000."
"We have an annual contract for Qualys VMDR. I believe it's for either two years or five years."
"The pricing is very competitive."
"The tool's pricing is expensive and I would rate the pricing a seven out of ten."
"The solution is expensive."
"The product is more expensive than that of any other vendor."
"When you want to cover yourself for scalability, you will be charged for the number you place on the scan itself."
"Qualys VM is quite expensive. It's a subscription-based license, and it's yearly. Right now, it's open for me, and I don't have any limitations or caps on the licenses. They are seeing if the product is viable for 4500 users. I can add as much as I want, and at the end of the subscription, they'll let me know how many licenses were actually used and bill me accordingly. On a scale from one to five, I would give their pricing a three. It's still expensive."
"Their licensing model is fairly robust and scalable for our needs. I believe we have reached a reasonable agreement on the licensing to enable hundreds of developers to participate in this product offering. The solution is very tailored towards developers and its licensing model works well for us."
"With Snyk, you get what you pay for. It is not a cheap solution, but you get a comprehensiveness and level of coverage that is very good. The dollars in the security budget only go so far. If I can maximize my value and be able to have some funds left over for other initiatives, I want to do that. That is what drives me to continue to say, "What's out there in the market? Snyk's expensive, but it's good. Is there something as good, but more affordable?" Ultimately, I find we could go cheaper, but we would lose the completeness of vision or scope. I am not willing to do that because Snyk does provide a pretty important benefit for us."
"Snyk is an expensive solution."
"It's inexpensive and easy to license. It comes in standard package sizing, which is straightforward. This information is publicly found on their website."
"You can get a good deal with Snyk for pricing. It's a little expensive, but it is worth it."
"It's good value. That's the primary thing. It's not cheap-cheap, but it's good value."
"Pricing-wise, it is not expensive as compared to other tools. If you have a couple of licenses, you can scan a certain number of projects. It just needs to be attached to them."
"It is pretty expensive. It is not a cheap product."
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
824,106 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
19%
Financial Services Firm
15%
Manufacturing Company
9%
Government
5%
Educational Organization
36%
Computer Software Company
11%
Financial Services Firm
10%
Manufacturing Company
6%
Financial Services Firm
16%
Computer Software Company
15%
Manufacturing Company
9%
Insurance Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about PingSafe?
The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...
What is your experience regarding pricing and costs for PingSafe?
The pricing is somewhat high compared to other market tools. This cost can be particularly prohibitive for small busi...
What needs improvement with PingSafe?
To enhance the notification system's efficiency, resolved issues should be promptly removed from the portal. Currentl...
What is your primary use case for Qualys VM?
Qualys VM is used for vulnerability scans for the internet and applications using application exchange. There are man...
What do you like most about Qualys VMDR?
I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagg...
What is your experience regarding pricing and costs for Qualys VMDR?
For smaller enterprises, the pricing is on the pricier side. However, for larger enterprises, it's considered okay. I...
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to...
What do you like most about Snyk?
The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilit...
What needs improvement with Snyk?
Snyk has several limitations, including issues with Gradle, NPM, and Xcode, and trouble with AutoPR. It lacks the abi...
 

Also Known As

PingSafe
Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security, Qualys Virtual Scanner Appliance
No data available
 

Overview

 

Sample Customers

Information Not Available
Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx
StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
Find out what your peers are saying about Qualys VMDR vs. Snyk and other solutions. Updated: December 2024.
824,106 professionals have used our research since 2012.