Try our new research platform with insights from 80,000+ expert users

Qualys VMDR vs Tenable Vulnerability Management comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Ranking in Vulnerability Management
27th
Average Rating
9.6
Reviews Sentiment
8.1
Number of Reviews
2
Ranking in other categories
Continuous Threat Exposure Management (CTEM) (6th)
Qualys VMDR
Ranking in Vulnerability Management
2nd
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
93
Ranking in other categories
IT Asset Management (5th), Configuration Management Databases (2nd), Container Security (12th), Risk-Based Vulnerability Management (2nd)
Tenable Vulnerability Manag...
Ranking in Vulnerability Management
5th
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
42
Ranking in other categories
Risk-Based Vulnerability Management (3rd)
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
Harold Jensen - PeerSpot reviewer
Good visibility but expensive and needs better support
Support: It's often overseas and often following a script, basically asking us to redo what we opened the case with. Multiple APIs: There seems to be a lack of easy onboarding into Qualys. We had to use manual inputs and some API calls to get items in place. Dashboard: It is very rudimentary with very little customization. The Qualys Scripting Language (QSL) works differently in different Qualys modules, so when you get it working in one area you have to modify the syntax in others. User account management: We often have to give users more rights than needed just to give them what they need. Integration with the various Qualys Modules: You can tell the UI is different based on of the different teams that created them. QSL syntax same in all modules Responsiveness of some of the components: They time out, you get a blank screen, etc. Backend updates between the various modules: You update connectors and information takes a few minutes to show in VMDR or Global Asset View Connectors: Connectors have a throttling issue with AWS which causes them to frequently fail unless you manually run them again.
Mani Bommisetty - PeerSpot reviewer
Streamlines vulnerability management with excellent reporting and potential AI integration
Tenable is user-friendly and excels in reporting. It allows me to easily fetch and schedule reports. The software's discovery feature aids in strengthening our security posture. The single-sensor installation process on various operating systems is smooth, unlike Rapid7, which requires different versions for separate systems. Furthermore, Tenable enables vulnerability management through potential AI integration that consolidates efforts and resolves multiple vulnerabilities simultaneously.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran is an excellent tool."
"Zafran has become an indispensable tool in our cybersecurity arsenal."
"I find the most valuable features are the continuous monitoring. Even on premises, there is constant monitoring."
"The most valuable feature of Qualys Container Security is the detailed information in the reports and the remediation. This is done to make sure there are no vulnerabilities."
"It's a good product. After the scan our internet works well. It scans our security posture."
"It allowed us to divide tasks easily among teammates, significantly improving efficiency."
"They also have threat detection which maps threats. There is a feed that comes from Qualys when a new vulnerability is found. It tells us which machines are infected with that vulnerability."
"The prioritization of vulnerabilities has improved our remediation efforts by around thirty to thirty-five percent."
"The prioritization feature is great. I think it has all of the advanced features that we need."
"The most valuable feature of the solution is the external channel."
"It is very stable, and it is updated periodically by adding new vulnerabilities."
"The solution is very simple to use."
"It's a recommended tool for penetration testers because it's effective for that purpose."
"The initial setup is straightforward so long as your infrastructure, components, and networks are in place."
"The tool has an easy-to-use interface."
"The solution is easy to use and configuration is smooth with no complexities."
"The most valuable feature for me is container scanning because I am interested in CICD security."
"Tenable.io, in particular, is quite a powerful product. It looks at your traditional environment, which is pretty much anything that is on-premises, and it also goes a step ahead and covers your modern assets, which is anything that is currently sitting in the cloud. You get complete visibility of your entire environment and tech operation. The ability to give you visibility across the entire tech surface is one of the biggest advantages that Tenable.io has."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"Endpoint stability and fault resolution could be improved."
"Integration could be better. When you think about scanning, it's not used just with this product alone but with other Qualys products. If you think about the bundle, the product itself is good. But integration with other products and packages has space for improvement. They should also offer a better price for bundles."
"Qualys should improve their customer experience. They need to improve the tech support experience and the turnaround time."
"If AI features were integrated, it could enhance the capabilities significantly."
"I do not like that all of the data is stored on the cloud."
"The reporting needs improvement. It should generate much more stuff like field reports."
"The reporting and the GUI need improvements."
"The only improvement I can think of is on the implementation side. At times it is a bit slow."
"It's not a user-friendly tool since it has a complicated interface."
"They should include better customization of the dashboard, and integration tools."
"t needs additional reporting and intelligence features, as well as enhancements in AI-driven detection, which is still in its early stages."
"The shortcoming of the solution that needs improvement is related to its capability to do vulnerability assessments on applications."
"The price could be lower."
"There needs to be better dashboard navigation."
"They've been able to think about everything in terms of where the world is going and the type of assets that you've got. They've everything sorted out in that aspect, but you have to pay for most of the other components that they've got to give you complete visibility across your tech surface. If it already had those capabilities in-built, without having to add them on to take advantage of them, it would be a very compelling value proposition."
"The solution must provide penetration testing."
 

Pricing and Cost Advice

Information not available
"Qualys VM is quite expensive. It's a subscription-based license, and it's yearly. Right now, it's open for me, and I don't have any limitations or caps on the licenses. They are seeing if the product is viable for 4500 users. I can add as much as I want, and at the end of the subscription, they'll let me know how many licenses were actually used and bill me accordingly. On a scale from one to five, I would give their pricing a three. It's still expensive."
"When you want to cover yourself for scalability, you will be charged for the number you place on the scan itself."
"The product is more expensive than that of any other vendor."
"There is a license for the use of this solution. We pay annually instead of monthly to receive a better discount on the price."
"Qualys VM is reasonably priced."
"Qualys Virtual Scanner Appliance isn't expensive right now. But the price for their product bundles could be better."
"It is a high cost product. Compared to the other solutions, it is around 15 to 20% higher in cost."
"In Nigerian Naira, we spend about roughly four to five million to use this solution and this is expensive compared to solutions like Nessus."
"The product costs us around $137,000 annually for 4000 to 5000 assets."
"There are additional features that can be licensed for an additional cost."
"Tenable.io Vulnerability Management's pricing solution model isn't great."
"I would rate the pricing a five out of ten. It is in the middle."
"The cost is determined by the number of endpoints, which is approximately one dollar per endpoint."
"Compared to other VM solutions, Tenable.io Vulnerability Management is expensive."
"Tenable.io is not known for being a cheap product."
"A yearly payment has to be made toward the solution's licensing costs."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
844,944 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
11%
University
6%
Manufacturing Company
6%
Educational Organization
36%
Financial Services Firm
11%
Computer Software Company
10%
Manufacturing Company
5%
Educational Organization
30%
Computer Software Company
11%
Financial Services Firm
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
Pricing for Zafran Security is not expensive. We have a contract for five years, and the cost is lower than other too...
What needs improvement with Zafran Security?
I would like to see an integration with Check Point firewalls. It's essential for us and they are currently working o...
What is your primary use case for Zafran Security?
We use Zafran Security for threat prioritization. We establish priority to understand which risks should be patched o...
What do you like most about Qualys VMDR?
I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagg...
What is your experience regarding pricing and costs for Qualys VMDR?
Qualys offers better pricing and is feature-packed compared to other tools.
What needs improvement with Qualys VMDR?
They can tweak their UI since the new version seems a bit jumbled up, and the old UI was more user-friendly.
What's the difference between Tenable Nessus and Tenable.io Vulnerability Management?
Tenable Nessus is a vulnerability assessment solution that is both easy to deploy and easy to manage. The design of ...
What needs improvement with Tenable.io Vulnerability Management?
I would suggest HP WebInspect as a better option than Tenable.io. My current client doesn't have access to it. Howeve...
 

Also Known As

No data available
Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security
Tenable.io
 

Overview

 

Sample Customers

Information Not Available
Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx
Global Payments AU/NZ
Find out what your peers are saying about Qualys VMDR vs. Tenable Vulnerability Management and other solutions. Updated: February 2025.
844,944 professionals have used our research since 2012.