Compare Qualys VM vs. Skybox Security Suite

Qualys VM is ranked 2nd in Vulnerability Management with 8 reviews while Skybox Security Suite is ranked 3rd in Vulnerability Management with 9 reviews. Qualys VM is rated 8.6, while Skybox Security Suite is rated 8.2. The top reviewer of Qualys VM writes "The main purpose was to remove the granularity. It really helped us manage the security of our organization". On the other hand, the top reviewer of Skybox Security Suite writes "Prioritizes vulnerabilities and grants visibility into both traffic and rule sets ". Qualys VM is most compared with Tenable Nessus, Rapid7 InsightVM and Tenable SecurityCenter, whereas Skybox Security Suite is most compared with AlgoSec, Tufin and FireMon. See our Qualys VM vs. Skybox Security Suite report.
Cancel
You must select at least 2 products to compare!
Most Helpful Review
Find out what your peers are saying about Qualys VM vs. Skybox Security Suite and other solutions. Updated: January 2020.
399,540 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
Our developers can run the attacks directly from their environments, desktops.The vulnerability scanning option for analyzing the security loopholes on the websites is the most valuable feature of this solution.The automated approach to these repetitive discovery attempts would take days to do manually and therefore it helps reduce the time needed to do an assessment.Their technical support has been very active. If I have an issue, I can reach out to them and get an answer pretty quick.We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why.One of the features that I feel is groundbreaking, that I would like to see expanded on, is the IAS feature: The Interactive Application Security Testing module that gets loaded onto an application on a server, for more in-depth, granular findings. I think that is really neat. I haven't seen a lot of competitors doing that.The most important feature is that it's a web-based graphical user interface. That is a great addition. Also, the ability to schedule scans is great.

Read more »

The most valuable features are vulnerability detection and the scanning capability to enable identification of vulnerabilities across our network.Technical support is fantastic.There are fewer false positives when using this solution.Tech support is helpful.It is quite easy to implement.It is a simple solution that makes scanning easy. You just give it a scheduled task, and it will do everything for you.The reporting is fine.I find the most valuable features are the continuous monitoring. Even on premises, there is constant monitoring.

Read more »

The solution's simplicity of use is its most valuable feature.Change Manager is most important because of the impact on each other of a network change or a firewall change. We want to understand this and to know, beforehand, what the impact of a change will be. We are a large network so that is a very important tool.Correlates logs and threats and prioritizes; provides network maps;p provides change result context and resulting vulnerability.Security review is the most important feature, because it offers a single pane of glass to analyze multiple firewalls.This type of tool does a great job of reaching into those other devices producing risk recommendations, compliance recommendations, and a single plane of glass to do your queries, so you can find where these rules might exist.The most valuable feature is the compliance, whether it's access compliance or the configuration compliance, to make sure that all of our devices are configured as they're supposed to be, to limit access as much possible, to follow least-access guidelines.Skybox allows organizations to reprioritize the vulnerability they attempt to patch and mitigate, based on the contextual awareness of the network.instead of asking for firewall rules which may or may not be relevant, or could already be there, or could be over-permissioned, Skybox can be used to map out the resources that that application is going to use and provide the exact rules that an application would require to function correctly. If the traffic isn't able to flow for the application, if it's erring out, Skybox can be used to troubleshoot that and say, "All right, where is the traffic being stopped and why, and how do I fix that."

Read more »

Cons
Tools that would allow us to work more efficiently with the mobile environment, with Android and iOS.In terms of what needs improvement, the way the licensing model is currently is not very convenient for us because initially, when we bought it, the licensing model was very flexible, but now it restricts us.It would be nice to have a feature to "retest" only a single vulnerability that the customer reports as patched, and delete it from the next scans since it has already been patched.You can't actually change your password after you've set it unless you go back into the administration account and you change it there. Thus, if you're locked out and don't remember your password, that's a thing.We have had issues during upgrades where their scans worked on some apps better with previous versions. Then, we had to work with their tech support, who were great, to get it fixed for the next version.Integration into other tools is very limited for Acunetix. While we're trying to incorporate a CI/CD process where we're integrating with JIRA and we're integrating with Jenkins and Chef, it becomes problematic. Other tools give you a high integration capability to connect into different solutions that you may already have, like JIRA.It should be easier to recreate something manually, with the manual tool, because Acunetix is an automatic tool. If it finds something, it should be easier to manually replicate it. Sometimes you don't get the raw data from the input and output, so that could be improved.

Read more »

I would like to see this solution more developed and competitive in the Cloud space.It's quite complex on the way it is set up, so it takes a fair bit of time in order to get your head around it in order to deploy it. Once you've deployed it, then you're never confident on the versions of the browsers and the SSL certificates, etc. You have to always go back into Qualys and check.I do not like that all of the data is stored on the cloud.When you want to cover yourself for scalability, you will be charged for the number you place on the scan itself.It is more expensive vs. other products on the market.The only improvement I can think of is on the implementation side. At times it is a bit slow.They have integrated with other third parties, but it is still not viable.When tested on Zero day, there were errors.

Read more »

The solution needs to add more automation and orchestration capabilities. Those features would make the solution much stronger.The vendor's support is terrible.Reporting. A lot of the reports, out of the box, are limited to a certain number of either configuration violations or access rule violations. So when you first set up a new firewall to be monitored by Skybox, you don't get a real full report. You have to really tweak it to get everything.I've had issues with licensing where, when they were expiring and I asked for the updated licenses, I would the wrong ones. I think their process needs to be straightened out a little bit - I don't know if they fixed it already, it has been awhile. It wasn't as straightforward as it could have been.The only place where Skybox has room for improvement, and they're working on releasing this, it's just a slow-go, is the UI. The user interface has historically been via a locally installed thick client. They are moving to a web-based console and it's slowly coming out.If anything could be improved it would be staying on top of the collector scripts, but I understand that's a very tough challenge.

Read more »

Pricing and Cost Advice
The costs aren't very expensive. It costs around $3000 or $4000.All things considered, I think it has a good price/value ratio.The pricing and licensing are reasonable to a point. In order to run multiple scans at a time, we are going to have to purchase a 100 count license, which is an overkill. Though, compared to what we were paying for, the cost seems reasonable.When we looked at all other vendors and what they were asking for, to provide a third of what Acunetix was capable of doing, it was an easy decision... But now that it's coming to a cost where it's line with market value, it becomes more of a competition... Acunetix is raising the cost of licensing. It's 3.5 times what we were initially quoted.Acunetix was around the same price as all the other vendors we looked at, nothing special.

Read more »

When you want to cover yourself for scalability, you will be charged for the number you place on the scan itself.It is more expensive than other products on the market.

Read more »

Pricing is on the higher side. In terms of licensing, you should buy the complete suite rather than buying only the Change Manager. I think Change Manager with Vulnerability Control is something that would be interesting to look at.The pricing has increased exorbitantly in the last few years, so now it is questionable. Now, it makes me want to review other products.With licensing, the number of network nodes becomes very expensive to the point where you have to rationalize if the tools are warranted anymore.Fully understand the total cost of ownership. They have gone to a new model where you have to replace the hardware every X amount of years at a very substantial cost and fully understand your intended number of nodes. To operate a firewall, you have to pay two licenses, a firewall node and a network node. If you are a reasonable-sized organization, this gets expensive very quickly.I've seen the pricing of every solution on the market. When you compare apples to apples, where Skybox becomes exceedingly expensive is if you look at it compared to something like FireMon that only does a fraction of what Skybox does. But if you include everything that Skybox does, it becomes way more expensive than the competition, but you're also not comparing apples to apples. If you look at FireMon, and you look at like just the firewall assurance piece, they are fairly comparable and, actually, Skybox comes in a little bit cheaper in some cases, depending on which product you're looking at.The product's pricing is excellent value. In terms of licensing, make sure you understand your network components, all your hops through your network, thoroughly, before you decide on the total cost. If you want to do point-to-point flow analysis and such, you need to have the configuration of all the devices in between point A and point B. A lot of people don't realize all their network components until they start using this product.The pricing is high, and the licensing model needs more flexibility.

Read more »

report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
399,540 professionals have used our research since 2012.
Top Comparisons
Compared 41% of the time.
Compared 15% of the time.
Compared 7% of the time.
Compared 28% of the time.
Compared 22% of the time.
Compared 14% of the time.
Also Known As
AcuSensorQualysGuard VM
Learn
Acunetix
Qualys
Skybox Security
Overview

Acunetix Web Vulnerability Scanner is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross site scripting, and other exploitable vulnerabilities.

Qualys Vulnerability Management (VM) is a cloud-based service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest Internet threats and how to protect them. It helps you to continuously identify threats and monitor unexpected changes in your network before they turn into breaches.

The Skybox Security Suite platform combines firewall and network device data with vulnerability and threat intelligence, prioritizing security issues in the context of your unique environment. Powerful attack vector analytics reduce response times and risks, bringing firewall, vulnerability and threat management processes for complex networks under control.

Firewall Assurance brings all firewalls into one normalized view, continuously monitoring policy compliance, optimizing firewall rulesets and finding attack vectors that others miss. Skybox covers the most comprehensive list of firewall vendors, complex rulesets, even virtual and cloud-based firewalls. With proven scalability in 1,500+ firewall deployments, Firewall Assurance keeps rules optimized and ensures changes don’t introduce new risk. 

Gain total visibility of the vulnerabilities in your attack surface without waiting for a scan. Leverage Skybox Research Lab's vulnerability and threat intelligence, and automatically correlate it to your unique environment. With network modeling and advanced simulations, pinpoint exposed vulnerabilities and other attack vectors. And use context to prioritize vulnerabilities in terms of actual risk and respond to threats with accuracy and efficiency.

For more information or to view a demo, visit www.skyboxsecurity.com.

Offer
Learn more about Acunetix Vulnerability Scanner
Learn more about Qualys VM
Learn more about Skybox Security Suite
Sample Customers
Joomla!, Digicure, Team Random, Credit Suisse, Samsung, Air New ZealandAgrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebExADP, Blue Cross Blue Shield, BT, USAID, Delta Dental, EDF Energy, EMC, HSBC, Johnson & Johnson
Top Industries
REVIEWERS
Financial Services Firm29%
Comms Service Provider14%
Non Tech Company14%
Media Company14%
VISITORS READING REVIEWS
Software R&D Company17%
Comms Service Provider16%
Financial Services Firm12%
Government12%
REVIEWERS
Comms Service Provider27%
Healthcare Company20%
Manufacturing Company13%
Financial Services Firm13%
VISITORS READING REVIEWS
Software R&D Company27%
Comms Service Provider16%
Financial Services Firm10%
Healthcare Company6%
VISITORS READING REVIEWS
Software R&D Company31%
Comms Service Provider14%
Financial Services Firm10%
Manufacturing Company8%
Find out what your peers are saying about Qualys VM vs. Skybox Security Suite and other solutions. Updated: January 2020.
399,540 professionals have used our research since 2012.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.