Try our new research platform with insights from 80,000+ expert users

Qualys VMDR vs Tenable Vulnerability Management comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Ranking in Vulnerability Management
27th
Average Rating
9.6
Reviews Sentiment
8.1
Number of Reviews
2
Ranking in other categories
Continuous Threat Exposure Management (CTEM) (6th)
Qualys VMDR
Ranking in Vulnerability Management
2nd
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
93
Ranking in other categories
IT Asset Management (5th), Configuration Management Databases (2nd), Container Security (12th), Risk-Based Vulnerability Management (2nd)
Tenable Vulnerability Manag...
Ranking in Vulnerability Management
5th
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
42
Ranking in other categories
Risk-Based Vulnerability Management (3rd)
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
Harold Jensen - PeerSpot reviewer
Good visibility but expensive and needs better support
Support: It's often overseas and often following a script, basically asking us to redo what we opened the case with. Multiple APIs: There seems to be a lack of easy onboarding into Qualys. We had to use manual inputs and some API calls to get items in place. Dashboard: It is very rudimentary with very little customization. The Qualys Scripting Language (QSL) works differently in different Qualys modules, so when you get it working in one area you have to modify the syntax in others. User account management: We often have to give users more rights than needed just to give them what they need. Integration with the various Qualys Modules: You can tell the UI is different based on of the different teams that created them. QSL syntax same in all modules Responsiveness of some of the components: They time out, you get a blank screen, etc. Backend updates between the various modules: You update connectors and information takes a few minutes to show in VMDR or Global Asset View Connectors: Connectors have a throttling issue with AWS which causes them to frequently fail unless you manually run them again.
Mani Bommisetty - PeerSpot reviewer
Streamlines vulnerability management with excellent reporting and potential AI integration
Tenable is user-friendly and excels in reporting. It allows me to easily fetch and schedule reports. The software's discovery feature aids in strengthening our security posture. The single-sensor installation process on various operating systems is smooth, unlike Rapid7, which requires different versions for separate systems. Furthermore, Tenable enables vulnerability management through potential AI integration that consolidates efforts and resolves multiple vulnerabilities simultaneously.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran has become an indispensable tool in our cybersecurity arsenal."
"Zafran is an excellent tool."
"It's really beneficial for scanning and interacting with the agent."
"The most valuable feature is the vulnerability assessment."
"Intuitive and easy to use."
"It is a stable solution."
"The most valuable feature is that this solution is very lightweight."
"The most valuable features of Qualys VMDR include patch management and the use of virtual scanners to scan appliances and devices, especially those provided by vendors where we cannot manage them ourselves."
"It's very configurable to adjust impact to systems."
"There are many features. Its reliability, ease of installation, ease of use, and the richness of the information provided are the most valuable features."
"It is very stable, and it is updated periodically by adding new vulnerabilities."
"The solution is very simple to use."
"The stability is commendable, and I would rate Tenable ten out of ten."
"Tenable.io, in particular, is quite a powerful product. It looks at your traditional environment, which is pretty much anything that is on-premises, and it also goes a step ahead and covers your modern assets, which is anything that is currently sitting in the cloud. You get complete visibility of your entire environment and tech operation. The ability to give you visibility across the entire tech surface is one of the biggest advantages that Tenable.io has."
"It is pretty stable. I would rate it nine or maybe ten."
"The initial setup is mostly straightforward."
"The vulnerability scanning is the most important aspect of the solution for us."
"It is a stable solution. Stability-wise, I rate the solution a ten out of ten."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"The IoT scan is not great."
"Improve the API speed."
"Certain integration factors between different options could be improved."
"Integration could be better. When you think about scanning, it's not used just with this product alone but with other Qualys products. If you think about the bundle, the product itself is good. But integration with other products and packages has space for improvement. They should also offer a better price for bundles."
"What we have found is that the solution is not closely tied with the patch management. It is okay with newer ones, like Windows 10 machines; it gives the correct patch. But for Windows 7 or Windows Server 2008, it does not give us the correct patch so we have to manually identify the patches. This is a major problem."
"The reporting section needs improvement as running reports can take several hours."
"Qualys Container Security can improve the interface. It could be easier to navigate and be enriched."
"I do not like that all of the data is stored on the cloud."
"The solution is a bit slow."
"The price could be lower."
"There needs to be better dashboard navigation."
"It's not a user-friendly tool since it has a complicated interface."
"The stability has room for improvement."
"The reporting was never great in Tenable Vulnerability Management, so, in my company, we imported all the data into Ivanti RiskSense to start using it for reporting."
"The UI has room for improvement."
"The solution must be promoted more in the market."
 

Pricing and Cost Advice

Information not available
"Qualys VM is better suited for medium to large companies because the price can be too much for smaller customers."
"The license is on a yearly basis."
"The pricing is very competitive."
"It is different for every company, but for us, it's every three years."
"Qualys VM is reasonably priced."
"In Nigerian Naira, we spend about roughly four to five million to use this solution and this is expensive compared to solutions like Nessus."
"The pricing and licensing for Qualys could be improved."
"There is a license for the use of this solution. We pay annually instead of monthly to receive a better discount on the price."
"There are additional features that can be licensed for an additional cost."
"Tenable.io Vulnerability Management's pricing solution model isn't great."
"The solution is not too expensive."
"A yearly payment has to be made toward the solution's licensing costs."
"The tool is reasonably priced."
"Tenable.io is not known for being a cheap product."
"The product costs us around $137,000 annually for 4000 to 5000 assets."
"The total cost we pay for this solution is over 45K. This is for a large education organization."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
12%
Manufacturing Company
6%
Retailer
6%
Educational Organization
36%
Financial Services Firm
10%
Computer Software Company
10%
Manufacturing Company
5%
Educational Organization
29%
Computer Software Company
11%
Financial Services Firm
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
Pricing for Zafran Security is not expensive. We have a contract for five years, and the cost is lower than other too...
What needs improvement with Zafran Security?
I would like to see an integration with Check Point firewalls. It's essential for us and they are currently working o...
What is your primary use case for Zafran Security?
We use Zafran Security for threat prioritization. We establish priority to understand which risks should be patched o...
What do you like most about Qualys VMDR?
I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagg...
What is your experience regarding pricing and costs for Qualys VMDR?
Qualys offers better pricing and is feature-packed compared to other tools.
What needs improvement with Qualys VMDR?
They can tweak their UI since the new version seems a bit jumbled up, and the old UI was more user-friendly.
What's the difference between Tenable Nessus and Tenable.io Vulnerability Management?
Tenable Nessus is a vulnerability assessment solution that is both easy to deploy and easy to manage. The design of ...
What needs improvement with Tenable.io Vulnerability Management?
I would suggest HP WebInspect as a better option than Tenable.io. My current client doesn't have access to it. Howeve...
 

Also Known As

No data available
Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security
Tenable.io
 

Overview

 

Sample Customers

Information Not Available
Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx
Global Payments AU/NZ
Find out what your peers are saying about Qualys VMDR vs. Tenable Vulnerability Management and other solutions. Updated: February 2025.
845,040 professionals have used our research since 2012.