Try our new research platform with insights from 80,000+ expert users

Qualys VMDR vs Tenable Vulnerability Management comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Ranking in Vulnerability Management
27th
Average Rating
9.6
Reviews Sentiment
8.1
Number of Reviews
2
Ranking in other categories
Continuous Threat Exposure Management (CTEM) (6th)
Qualys VMDR
Ranking in Vulnerability Management
2nd
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
93
Ranking in other categories
IT Asset Management (5th), Configuration Management Databases (2nd), Container Security (12th), Risk-Based Vulnerability Management (2nd)
Tenable Vulnerability Manag...
Ranking in Vulnerability Management
5th
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
42
Ranking in other categories
Risk-Based Vulnerability Management (3rd)
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
Harold Jensen - PeerSpot reviewer
Good visibility but expensive and needs better support
Support: It's often overseas and often following a script, basically asking us to redo what we opened the case with. Multiple APIs: There seems to be a lack of easy onboarding into Qualys. We had to use manual inputs and some API calls to get items in place. Dashboard: It is very rudimentary with very little customization. The Qualys Scripting Language (QSL) works differently in different Qualys modules, so when you get it working in one area you have to modify the syntax in others. User account management: We often have to give users more rights than needed just to give them what they need. Integration with the various Qualys Modules: You can tell the UI is different based on of the different teams that created them. QSL syntax same in all modules Responsiveness of some of the components: They time out, you get a blank screen, etc. Backend updates between the various modules: You update connectors and information takes a few minutes to show in VMDR or Global Asset View Connectors: Connectors have a throttling issue with AWS which causes them to frequently fail unless you manually run them again.
Mani Bommisetty - PeerSpot reviewer
Streamlines vulnerability management with excellent reporting and potential AI integration
Tenable is user-friendly and excels in reporting. It allows me to easily fetch and schedule reports. The software's discovery feature aids in strengthening our security posture. The single-sensor installation process on various operating systems is smooth, unlike Rapid7, which requires different versions for separate systems. Furthermore, Tenable enables vulnerability management through potential AI integration that consolidates efforts and resolves multiple vulnerabilities simultaneously.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran is an excellent tool."
"Zafran has become an indispensable tool in our cybersecurity arsenal."
"The most valuable feature of Qualys Container Security is the detailed information in the reports and the remediation. This is done to make sure there are no vulnerabilities."
"Tech support is helpful."
"It's also highly customizable, allowing us to tailor it to our needs."
"It gives a very good overview of the inventory assessment process, and it can be accessed across our company because it's a global tool."
"It allowed us to divide tasks easily among teammates, significantly improving efficiency."
"The reporting is fine."
"It's a good product. After the scan our internet works well. It scans our security posture."
"The prioritization of vulnerabilities has improved our remediation efforts by around thirty to thirty-five percent."
"You can customize each point in new scans."
"The initial setup is very straightforward."
"It helps us create remediation projects and assign the console’s responsibility to specific engineers."
"The solution is easy to use and configuration is smooth with no complexities."
"The solution provides seamlessness, a perfect UI, and identity management for office operations. We are most vulnerable to users. Therefore, it is crucial to implement the right solution to ensure proper user access and resource management."
"A new user can easily understand the workflow, even if they are creating users for other divisions and the user is a beginner."
"Tenable is user-friendly and excels in reporting."
"There is no burden of updating or upgrading this solution."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"There needs to be better documentation."
"They have integrated with other third parties, but it is still not viable."
"Qualys VMDR is basically susceptible to false positives, and false negatives."
"We are moving away from Qualys to Defender ATP because I find that Defender ATP is much better at prioritizing the vulnerabilities that I should be looking at."
"It's too early for me to say if there is any room for improvement since we're in the first couple of months of using this solution."
"I would like to have CSPM, a continuous scan-like cloud added to the solution."
"The IoT scan is not great."
"Qualys VM should improve its methodology."
"They should include better customization of the dashboard, and integration tools."
"The solution must be promoted more in the market."
"The shortcoming of the solution that needs improvement is related to its capability to do vulnerability assessments on applications."
"I would rate it four out of ten. For startups, freelancers, or companies between startup and midsize, Tenable is recommended. However, for midsize or enterprise-level companies, I would not prefer it."
"Technical support from Tenable is rated six out of ten. It needs improvement in response time and addressing feature requests promptly."
"The user interface could be improved by being able to change the user interface to fit your position or your job. The graphs are set in stone and you can only print reports."
"The product is a bit expensive."
"I would like the solution to cover the whole cycle of mitigation since it's an area where the solution currently lacks."
 

Pricing and Cost Advice

Information not available
"It is different for every company, but for us, it's every three years."
"The pricing is very competitive."
"It's very expensive, especially if you want to use multiple modules of Qualys."
"When you want to cover yourself for scalability, you will be charged for the number you place on the scan itself."
"There are no additional fees in addition to the standard licensing fees."
"The product is more expensive than that of any other vendor."
"Qualys VM is better suited for medium to large companies because the price can be too much for smaller customers."
"The license is on a yearly basis."
"The solution is not too expensive."
"There are additional features that can be licensed for an additional cost."
"Tenable.io Vulnerability Management's pricing solution model isn't great."
"A yearly payment has to be made toward the solution's licensing costs."
"I would rate the pricing a five out of ten. It is in the middle."
"On a scale of one to ten, where one is low, and ten is high price, I rate the pricing an eight. So, it is a pretty expensive solution."
"The cost is determined by the number of endpoints, which is approximately one dollar per endpoint."
"Tenable charges around $40 per device."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
844,944 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
11%
University
6%
Retailer
6%
Educational Organization
36%
Financial Services Firm
11%
Computer Software Company
10%
Manufacturing Company
5%
Educational Organization
30%
Computer Software Company
11%
Financial Services Firm
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
Pricing for Zafran Security is not expensive. We have a contract for five years, and the cost is lower than other too...
What needs improvement with Zafran Security?
I would like to see an integration with Check Point firewalls. It's essential for us and they are currently working o...
What is your primary use case for Zafran Security?
We use Zafran Security for threat prioritization. We establish priority to understand which risks should be patched o...
What do you like most about Qualys VMDR?
I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagg...
What is your experience regarding pricing and costs for Qualys VMDR?
Qualys offers better pricing and is feature-packed compared to other tools.
What needs improvement with Qualys VMDR?
They can tweak their UI since the new version seems a bit jumbled up, and the old UI was more user-friendly.
What's the difference between Tenable Nessus and Tenable.io Vulnerability Management?
Tenable Nessus is a vulnerability assessment solution that is both easy to deploy and easy to manage. The design of ...
What needs improvement with Tenable.io Vulnerability Management?
I would suggest HP WebInspect as a better option than Tenable.io. My current client doesn't have access to it. Howeve...
 

Also Known As

No data available
Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security
Tenable.io
 

Overview

 

Sample Customers

Information Not Available
Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx
Global Payments AU/NZ
Find out what your peers are saying about Qualys VMDR vs. Tenable Vulnerability Management and other solutions. Updated: February 2025.
844,944 professionals have used our research since 2012.