We performed a comparison between Qualys VMDR and Wiz based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Qualys VMDR is praised for its user-friendly interface, prioritization system, and customizable dashboard. It effectively addresses vulnerabilities and offers valuable scanning capabilities. Wiz stands out for its risk prioritization and Security Graph features. The solution boasts user-friendly dashboards and agentless scanning of cloud environments. Reviewers said Qualys VMDR could improve by offering more customization options and integrating more seamlessly with other systems. The interface could be clearer, and Qualys could enhance scanning capabilities for IoT and industrial control systems. Wiz could benefit from better logging support, better EKS and Kubernetes compatibility, and an improved remediation workflow.
Service and Support: Qualys VMDR's customer service is mostly considered accessible and responsive. However, some reviewers reported slow response times and expressed a desire for more skilled support personnel. Wiz has been largely praised for their exceptional customer service and support.
Ease of Deployment: Qualys VMDR is considered uncomplicated and efficient, requiring only a short amount of time. A few users encountered challenges with integration and ensuring data privacy. Wiz's setup was described as straightforward, requiring only a short amount of time.
Pricing: The cost of Qualys VMDR varies depending on the organization's business requirements. Some find it affordable, but others consider it costly compared to alternatives. Some users find Wiz expensive, while others think the price is reasonable given its capabilities.
ROI: Qualys VMDR is highly efficient in identifying vulnerabilities and reducing risks. Wiz delivers instant advantages, enhanced productivity, and a considerable return on investment for companies.
Comparison Results: Users say Qualys VMDR outperforms Wiz in several aspects. Users appreciate Qualys VMDR's intuitive and user-friendly interface, as well as its effective prioritization mechanism. They also value the technical support provided by Qualys VMDR, and consider it stable and reliable. Qualys VMDR is quick and simple to set up, requiring only 5 to 10 minutes to deploy a new asset. In contrast, Wiz's setup process is lengthier, taking up to two hours and potentially needing assistance from the Wiz team.
"There's real-time threat detection. It can show threats and find issues based on their severity and helps us with real-time monitoring."
"Support has been very helpful and provides regular feedback and help whenever needed. They've been very useful."
"It's positively affected the communication between cloud security, application developers, and AppSec teams."
"Cloud Native Security offers attack path analysis."
"The agentless vulnerability scanning is great."
"The offensive security feature is valuable because it publicly detects the offensive and vulnerable things present in our domain or applications. It checks any applications with public access. Some of the applications give public access to certain files or are present over a particular domain. It detects and lets us know with evidence. That is quite good. It is protecting our infrastructure quite well."
"It is pretty easy to integrate with this platform. When properly integrated, it monitors end-to-end."
"Cloud Native Security helps us discover vulnerabilities in a cloud environment like open ports that allow people to attack our environment. If someone unintentionally opens a port, we are exposed. Cloud Native Security alerts us so we can remediate the problem. We can also automate it so that Cloud Native Security will fix it."
"Technical support is great and we've never really had a problem."
"Monitors workstations and servers for vulnerabilities and creates reports."
"Detects new hosts along with vulnerabilities."
"The biggest benefit is from a security operations perspective, where we are able to drive our security posture upwards by remediating any discovered vulnerabilities."
"The prioritization feature is great. I think it has all of the advanced features that we need."
"Qualys VM's best feature is vulnerability management."
"I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagging system is good for tagging. We can still use QualysAgent task ID tools even if tags aren't made."
"What I like about Qualys VM is the dashboard presentation. It's very good."
"The security baseline and vulnerability assessments is the valuable feature."
"The solution is very user-friendly."
"I like Wiz's reporting, and it's easy to do queries. For example, it's pretty simple to find out how many servers we have and the applications installed on each. I like Wiz's security graph because you can use it to see the whole organization even if you have multiple accounts."
"Our most important features are those around entitlement, external exposure, vulnerabilities, and container security."
"The vulnerability management modules and the discovery and inventory are the most valuable features. Before using Wiz, it was a very manual process for both. After implementing it, we're able to get all of the analytics into a single platform that gives us visibility across all the systems in our cloud. We're able to correspond and understand what the vulnerability landscape looks like a lot faster."
"The automation roles are essential because we ultimately want to do less work and automate more. The dashboards are easy to read and visually pleasing. You can understand things quickly, which makes it easy for our other teams. The network and infrastructure teams don't know as much about security as we do, so it helps to have a tool that's accessible and nice to look at."
"With Wiz, we get timely alerts for leaked data or any vulnerabilities already existing in our environment."
"The product supports out-of-the-box reporting with context about the asset and allows us to perform complex custom queries on UI."
"Their search feature could be better."
"For vulnerabilities, they are showing CVE ID. The naming convention should be better so that it indicates the container where a vulnerability is present. Currently, they are only showing CVE ID, but the same CVE ID might be present in multiple containers. We would like to have the container name so that we can easily fix the issue."
"I used to work on AWS. At times, I would generate a normal bug in my system, and then I would check PingSafe. The alert used to come after about three and a half hours. It used to take that long to generate the alert about the vulnerability in my system. If a hacker attacks a system and PingSafe takes three to four hours to generate an alert, it will not be beneficial for the company. It would be helpful if we get the alert in five to ten minutes."
"We can customize security policies but lack auditing capabilities."
"There should be more documentation about the product."
"PingSafe is an excellent CSPM tool, but the CWPP features need to improve, and there is a scope for more application security posture management features. There aren't many ASPM solutions on the market, and existing ones are costly. I would like to see PingSafe develop into a single pane of glass for ASPM, CSPM, and CWPP. Another feature I'd like to see is runtime protection."
"PingSafe can improve by eliminating 100 percent of the false positives."
"There's room for improvement in the graphic explorer."
"This solution could be improved by extending the agent capabilities to different operating systems including Mac and Linux. We would also like the capability to easily check for vulnerability in assets in the IOTs."
"Qualys could improve the inbuilt dashboards."
"Qualys VM should improve its methodology."
"There's a need to upgrade or fix the potential vulnerability rate. Around 20,000 potential vulnerabilities were showing in Qualys VMDR, but none of the other tools showed them. When we checked, it wasn't the case. Support explained that even small issues were being counted as vulnerabilities, causing issues in our audit. So, the security features could be improved to identify vulnerabilities accurately."
"The reporting in this solution can be improved."
"Qualys VM could improve by having more skilled support personnel."
"We are moving away from Qualys to Defender ATP because I find that Defender ATP is much better at prioritizing the vulnerabilities that I should be looking at."
"It would be nice to have an all-in-one solution that was automated and could handle the scanning and reports as well as the patching and updating."
"The remediation workflow within the Wiz could be improved."
"One significant issue is that the searches are case-sensitive, so finding a misconfigured resource can become very challenging."
"The only thing that needs to be improved is the number of scans per day."
"We're looking at some of the data compliance stuff that they've got Jon offer. I know they're looking at container security, which we gonna be looking at next."
"Wiz's reporting capabilities could be refined a bit. They are making headway on that, but more executive-style dashboards would be nice. They just implemented a community aspect where you can share documents and feedback. This was something users had been requesting for a while. They are listening to customer feedback and making changes."
"We wish there were a way, beyond providing visibility and automated remediation, to wait on a given remediation, due to a critical aspect, such as the cost associated with a particular upgrade... We would like to see preventive controls that can be applied through Wiz to protect against vulnerabilities that we're not going to be able to remediate immediately."
"The only small pain point has been around some of the logging integrations. Some of the complexities of the script integrations aren't supported with some of the more automated infrastructure components. So, it's not as universal. For example, they have great support for cloud formation and other services, but if you're using another type of management utility or governance language for your infrastructure-as-code automation components, it becomes a little bit trickier to navigate that."
"We would like to see improvements to executive-level reporting and data reporting in general, which we understand is being rolled out to the platform."
More SentinelOne Singularity Cloud Security Pricing and Cost Advice →
Qualys VMDR is ranked 11th in Container Security with 77 reviews while Wiz is ranked 2nd in Container Security with 12 reviews. Qualys VMDR is rated 8.2, while Wiz is rated 9.2. The top reviewer of Qualys VMDR writes "Good visibility but expensive and needs better support". On the other hand, the top reviewer of Wiz writes "Multiple features help us prioritize remediation, and agentless implementation reduces overhead". Qualys VMDR is most compared with Tenable Nessus, Tenable Security Center, Rapid7 InsightVM, Microsoft Defender Vulnerability Management and Pentera, whereas Wiz is most compared with Prisma Cloud by Palo Alto Networks, Orca Security, Microsoft Defender for Cloud, AWS Security Hub and Tenable Cloud Security. See our Qualys VMDR vs. Wiz report.
See our list of best Container Security vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
