Qualys VMDR vs. Tenable Vulnerability Management

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Qualys VMDR
Score 8.8 out of 10
N/A
Qualys VMDR 2.0 with TruRisk gives enterprises visibility and insight into cyber risk exposure with the goal of making it easy to prioritize vulnerabilities, assets, or groups of assets based on business risk. Security teams can take action to mitigate risk, helping the business measure its true risk, and track risk reduction over time.N/A
Tenable Vulnerability Management
Score 9.5 out of 10
N/A
Vulnerability management specialist Tenable offers their cloud application and container security platform Tenable Web App Scanning (formerly Tenable.io), a vulnerability management tool that emphasizes visibility of web applications, automatic scanning, and a unified view of cloud infrastructure and possible inconsistencies indicating a vulnerability.N/A
Pricing
Qualys VMDRTenable Vulnerability Management
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Qualys VMDRTenable Vulnerability Management
Free Trial
NoNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
Qualys VMDRTenable Vulnerability Management
Considered Both Products
Qualys VMDR
Chose Qualys VMDR
Breadth of services, Overall cost and Strong services expertise
Chose Qualys VMDR
Qualys is quite user friendly and gives more easy information related to asset and risk an asset possess. Plus high quality of support as well as ease of use. Qualys is single suite for multiple task for your organization like VMDR rather than using multiple tools for different …
Chose Qualys VMDR
It is a very similar tool but Qualys VMDR is much better when it comes to reporting and solutions provided. Asset management is really good in Qualys VMDR. Qualys VMDR support is really quick , you can get a TPM if you run into any issues. Qualys VMDR has wide variety of …
Chose Qualys VMDR
Qualys VMDR was selected against competitors because of the depth of insight the platform provides. When stacked against other competitors, platforms like Syxsense couldn't produce the same level on insight and reporting like how Qualys VMDR does. Qualys VMDR also does a great …
Chose Qualys VMDR
You can widgets galore from Qualys VMDR whereas with the others noted it's really vuln scanning.
Tenable Vulnerability Management
Chose Tenable Vulnerability Management
I think Tenable and Qualys have a lot of similarities, I continue to go back to Tenable because of my familiarity and comfort level with it. I've also used a company called SecurityMetrics which has vulnerability scanning included but it is not as comprehensive as Tenable.
Chose Tenable Vulnerability Management
Tenable.io was a clear winner in regards to features and capability when compared to OpenVAS, Qualys, and Nexpose. OpenVAS is a fork of an older version of Nessus Scanner(from Tenable) and has been updated over the years to a great free alternative. It takes a lot more manual …
Chose Tenable Vulnerability Management
Skipping since I don't have too much familiarity with similar products.
Chose Tenable Vulnerability Management
Tenable.io has a comparable set of features, with excellent support and a competitive price. After less than desirable experiences with another company, we moved to Tenable and haven't looked back since.
Chose Tenable Vulnerability Management
Rapid7 is actually very comparable to Tenable.io in terms of automated scans, automated reporting, internal and external scanners, and remediation of external scans. But for less than the cost of a Rapid7 solution that comes with internal scans only, I received more hosts …
Features
Qualys VMDRTenable Vulnerability Management
Threat Intelligence
Comparison of Threat Intelligence features of Product A and Product B
Qualys VMDR
8.7
Ratings
9% above category average
Tenable Vulnerability Management
8.4
Ratings
6% above category average
Network Analytics8.60 Ratings10.00 Ratings
Threat Recognition8.50 Ratings10.00 Ratings
Vulnerability Classification9.30 Ratings10.00 Ratings
Automated Alerts and Reporting9.30 Ratings4.00 Ratings
Threat Analysis8.60 Ratings10.00 Ratings
Threat Intelligence Reporting8.50 Ratings5.00 Ratings
Automated Threat Identification8.50 Ratings10.00 Ratings
Vulnerability Management Tools
Comparison of Vulnerability Management Tools features of Product A and Product B
Qualys VMDR
8.8
Ratings
8% above category average
Tenable Vulnerability Management
8.8
Ratings
8% above category average
IT Asset Realization8.60 Ratings8.00 Ratings
Authentication8.30 Ratings10.00 Ratings
Configuration Monitoring9.10 Ratings8.00 Ratings
Web Scanning8.60 Ratings8.00 Ratings
Vulnerability Intelligence9.30 Ratings10.00 Ratings
Best Alternatives
Qualys VMDRTenable Vulnerability Management
Small Businesses
Action1
Action1
Score 9.5 out of 10
Action1
Action1
Score 9.5 out of 10
Medium-sized Companies
Action1
Action1
Score 9.5 out of 10
Action1
Action1
Score 9.5 out of 10
Enterprises
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.0 out of 10
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.0 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
Qualys VMDRTenable Vulnerability Management
Likelihood to Recommend
8.7
(0 ratings)
10.0
(0 ratings)
Likelihood to Renew
-
(0 ratings)
9.0
(0 ratings)
Usability
-
(0 ratings)
8.0
(0 ratings)
Support Rating
10.0
(0 ratings)
8.8
(0 ratings)
User Testimonials
Qualys VMDRTenable Vulnerability Management
Likelihood to Recommend
Qualys VMDR supports both remote scanning and as well as agent based scanning. With a complex infrastructure with over 2 million devices and 100s getting added and removed on daily basis makes the operations challenging. Qualys VMDR has a great feature to do discovery scan to detect active devices on the network and perform vulnerability scans on those assets. Authentication is also easy to setup and use.
Read full review
Tenable.io is a cost effective Internal and External scanner. The Internal scanner came with a .ova, so it was very simple and quick to deploy it into our ESXi environment. It has a cloud-based dashboard for management and the internal scanner is configured to auto-update from Tenable.io. The license came with 4 External PCI scans (with remediation) a year.
Read full review
Pros
  • Qualys VMDR automates the remediation process for risks without code.
  • Scans and detects all of our assets whether they are IT or IOT
  • Analyzes our environment for misconfigurations and measures risk against industry benchmarks
Read full review
  • Wide range of capabilities that can be customized to fit each user's environment and needs
  • Provides high-quality data and insights into detected vulnerabilities
  • Great customer support
Read full review
Cons
  • Qualys VMDR can definitely improve on its reporting of assets as we have caught devices not captured in the Qualys VMDR scans.
  • We would like to see an improvement on the dashboard interface as it is faulty sometimes.
  • Qualys VMDR should focus on more competitive pricing as it is very expensive.
Read full review
  • Configuration is not always intuitive, but the comprehensive training and documentation comes to the rescue.
  • The mix of classic and beta UIs currently is confusing and we find the classic UI is actually better.
Read full review
Likelihood to Renew
Next to Veeam (which is a tremendous product for backup/DR) this is the best service/software I have used in the past three decades. Should be called the Swiss Army Knife of security.
Read full review
We like to renew tenable each year we have had it so far.
Read full review
Usability
infrastructure to identify vulnerabilities
Read full review
Overall it is good, it took a little while to understand it and figure things out but once you have a good grasp on it then, it is very good.
Read full review
Reliability and Availability
Always available with the exception on maint windows
Read full review
No answers on this topic
Performance
Once in a while it would be slow -
Read full review
No answers on this topic
Support Rating
This is iron but I am giving it 5 star and I can give more If I can do because they are best in support. So once you own this product they will assign a dedicated support for you and when you are under the weather with anything just connect them with anything call, ping or ticket they will come like Genie.
Read full review
Support is usually really great at walking you through any steps you need to take when you get stuck on something. There are a few false positives and errors that have come up over the years that required their help to get through. Unfortunately, the steps required to diagnose some problems are more tedious than I think should be necessary. (IE: SQL instances can throw errors that clog up your logs because one plugin affects it in a certain way. The process to diagnose this is to watch timestamps of plugins in a log while monitoring the SQL logs at the same time and using your best guess as to what is causing it.)
Read full review
Implementation Rating
Not really - the integrations via connectors is not heavy lifting. Any complexity has to do with a service that requires more steps (i.e. AWS/GCP)
Read full review
No answers on this topic
Alternatives Considered
Qualys VMDR was selected against competitors because of the depth of insight the platform provides. When stacked against other competitors, platforms like Syxsense couldn't produce the same level on insight and reporting like how Qualys VMDR does. Qualys VMDR also does a great job at gathering information about the latest security definitions and using those to analyze our environment to alert of any vulnerabilities. Something that Syxsense couldn't.
Read full review
I think Tenable and Qualys have a lot of similarities, I continue to go back to Tenable because of my familiarity and comfort level with it. I've also used a company called SecurityMetrics which has vulnerability scanning included but it is not as comprehensive as Tenable.
Read full review
Scalability
Outside some pretty arcane apps or OS this is painless. The problem - and self-inflicted - is that older stuff is not supported.
Read full review
No answers on this topic
Return on Investment
  • Cut down on manual efforts to investigate or remediate vulnerabilities, which can be a big driver of ROI
  • Avoidance of potential incidents with upfront risk mitigation
  • Patching efficiency gains
Read full review
  • We're able to mitigate over 90% of our vulnerability risk without too much effort. It helps find where automated patching fails and we can plan a fix from the findings.
  • A side effect of our scanning reveals new devices on our network that aren't cleared to be.
Read full review
ScreenShots