Try our new research platform with insights from 80,000+ expert users

Qualys VMDR vs XM Cyber comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 6, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Ranking in Vulnerability Management
27th
Average Rating
9.6
Reviews Sentiment
8.1
Number of Reviews
3
Ranking in other categories
Continuous Threat Exposure Management (CTEM) (6th)
Qualys VMDR
Ranking in Vulnerability Management
2nd
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
93
Ranking in other categories
IT Asset Management (5th), Configuration Management Databases (2nd), Container Security (12th), Risk-Based Vulnerability Management (2nd)
XM Cyber
Ranking in Vulnerability Management
30th
Average Rating
8.0
Reviews Sentiment
7.7
Number of Reviews
2
Ranking in other categories
Continuous Controls Monitoring (7th), Cloud Security Posture Management (CSPM) (25th), Continuous Threat Exposure Management (CTEM) (4th)
 

Mindshare comparison

As of April 2025, in the Vulnerability Management category, the mindshare of Zafran Security is 0.4%. The mindshare of Qualys VMDR is 9.0%, down from 13.3% compared to the previous year. The mindshare of XM Cyber is 1.1%, up from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
Harold Jensen - PeerSpot reviewer
Good visibility but expensive and needs better support
Support: It's often overseas and often following a script, basically asking us to redo what we opened the case with. Multiple APIs: There seems to be a lack of easy onboarding into Qualys. We had to use manual inputs and some API calls to get items in place. Dashboard: It is very rudimentary with very little customization. The Qualys Scripting Language (QSL) works differently in different Qualys modules, so when you get it working in one area you have to modify the syntax in others. User account management: We often have to give users more rights than needed just to give them what they need. Integration with the various Qualys Modules: You can tell the UI is different based on of the different teams that created them. QSL syntax same in all modules Responsiveness of some of the components: They time out, you get a blank screen, etc. Backend updates between the various modules: You update connectors and information takes a few minutes to show in VMDR or Global Asset View Connectors: Connectors have a throttling issue with AWS which causes them to frequently fail unless you manually run them again.
HolgerHeimann - PeerSpot reviewer
Reliable with no false-positives and helpful support
There's a lot of improvement possible, however, most of it is in the details. I personally like the concept, as it's pretty straightforward and the product is not trying to overload functionality. It's a clean and straightforward approach. You know what you get. Most of the improvements are detail improvements. They're pretty open to future requests as well, so we send them a lot of suggestions. For example, at the moment, they have something called Battleground. That's a visualization of the network, and it's a visualization of the attack paths that are possible. The program uses so-called scenarios, and we say, "Okay, I'm watching traffic for maybe 24 hours," and then you get a result for that scenario, what happens in that time with what the attack paths are, et cetera. The result of the same scenario yesterday or tomorrow may be different as something might change. In that, one of the things I'm currently missing, which is on the list to be added, is some kind of diff visualization. For example, showing a two-screen split of activity. On the left side of the screen, that's how it was yesterday; on the right side, that's how it is today; and here are the differences. We'd like to see a cheaper price.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran is an excellent tool."
"Zafran has become an indispensable tool in our cybersecurity arsenal."
"We are able to see the real risk of a vulnerability on our environment with our security tools."
"Qualys has a continuous endpoint monitoring feature for agent-based scanning. Once you deploy the solution, it monitors everything that is happening every 30 minutes. Then, if there are any vulnerabilities, they are reported."
"Continuous monitoring is a crucial feature that we use more frequently."
"Performs automated, regular scans in the network."
"The solution shows us classic categories, including high, medium, and low risks. It also shows critical items, and that gives us the advantage of prioritizing things."
"Detects new hosts along with vulnerabilities."
"There are many features. Its reliability, ease of installation, ease of use, and the richness of the information provided are the most valuable features."
"The most valuable features of Qualys VM are its ability to do proper vulnerability assessment. It has a lot of updates for all the vulnerability databases from all over the globe. It's an amazing solution when it comes to the versatility of the features it has. Additionally, the reports are very good. It generates very detailed reports about the vulnerabilities inside the environment"
"The vulnerability management feature is what I used the most. It is a good SaaS product. It is easy to use. It has a nice UI where you can see all the assets and vulnerabilities."
"What I personally like very much, from my experience, is that it is very reliable."
"The platform's most valuable feature is attack simulation."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"The IoT scan is not great."
"There needs to be better documentation."
"What we have found is that the solution is not closely tied with the patch management. It is okay with newer ones, like Windows 10 machines; it gives the correct patch. But for Windows 7 or Windows Server 2008, it does not give us the correct patch so we have to manually identify the patches. This is a major problem."
"The customer support is very bad."
"They're still evolving their platform in terms of reporting capabilities."
"Qualys VMDR could improve in reducing the occurrences of false positive vulnerabilities."
"One area for improvement is the simplification of the process to ignore certain vulnerabilities on specific devices."
"We face issues while scanning multiple assets."
"XM Cyber could identify all areas of vulnerability. They could expand the identification span for different areas."
"We'd like to see a cheaper price."
 

Pricing and Cost Advice

Information not available
"The license is on a yearly basis."
"We have an annual contract for Qualys VMDR. I believe it's for either two years or five years."
"The pricing is very competitive."
"There is a license for the use of this solution. We pay annually instead of monthly to receive a better discount on the price."
"Usually every implementation is different and the quote is in function of number of assets."
"Qualys VM is reasonably priced."
"It is more expensive than other products on the market."
"They have recently changed the pricing model, which is now better than it was before."
"We have to pay standard licensing fees."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
848,716 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
12%
Manufacturing Company
7%
Retailer
6%
Educational Organization
34%
Financial Services Firm
11%
Computer Software Company
10%
Manufacturing Company
6%
Computer Software Company
15%
Financial Services Firm
15%
Manufacturing Company
10%
Retailer
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
I find that the pricing for Zafran aligns well with the comprehensive features it offers. The asset and user-based li...
What needs improvement with Zafran Security?
While Zafran Security is already a powerful tool, there are areas where it could be further improved to provide even ...
What is your primary use case for Zafran Security?
Our primary use case for Zafran involves leveraging it to enhance our vulnerability risk scoring methodology. In toda...
What do you like most about Qualys VMDR?
I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagg...
What is your experience regarding pricing and costs for Qualys VMDR?
Qualys offers better pricing and is feature-packed compared to other tools.
What needs improvement with Qualys VMDR?
They can tweak their UI since the new version seems a bit jumbled up, and the old UI was more user-friendly.
What do you like most about XM Cyber?
The platform's most valuable feature is attack simulation.
What is your experience regarding pricing and costs for XM Cyber?
We have to pay standard licensing fees. There are no additional costs. It is an expensive product. I rate the pricing...
What needs improvement with XM Cyber?
XM Cyber could identify all areas of vulnerability. They could expand the identification span for different areas.
 

Also Known As

No data available
Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security
No data available
 

Overview

 

Sample Customers

Information Not Available
Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx
Hamburg Port Authority, Plymouth Rock Corporation
Find out what your peers are saying about Qualys VMDR vs. XM Cyber and other solutions. Updated: April 2025.
848,716 professionals have used our research since 2012.