Anonymous UserGlobal Infrastructure Architect at a energy/utilities company
Anonymous UserCISO at a financial services firm
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"Technical support is fantastic."
"The most valuable features are vulnerability detection and the scanning capability to enable identification of vulnerabilities across our network."
"What I like about Qualys VM is the dashboard presentation. It's very good."
"It's a good product. After the scan our internet works well. It scans our security posture."
"It is very easy to use and there are lots of options. We can usually easily go through it and all of the things we want to configure, and we can configure everything to our specifications very easily."
"The initial setup was good. We didn't have any problems with it."
"Technical support is great and we've never really had a problem."
"The features that are most valuable are the identification, scan features, and the identification of vulnerabilities."
"The solution is very stable."
"The most valuable feature is the breadth of vulnerabilities that it finds. It's able to find across a lot of different platforms and operating systems. It's also able to combine local testing with network-based testing."
"Nessus is good at finding out what nodes you have in place. It will then provide you a report, by node, of what the vulnerabilities are. It does it quickly and stealthfully."
"It also has an executive report where you don't have to provide the client all the detail for them to sift though. But if they wish to dig through the detail they can."
"Among the most valuable features are scanning for vulnerabilities and the reporting. The reporting templates are okay. I like that I can see all the hosts with different vulnerabilities."
"The most valuable feature is how it scanned and detected through its database to let us know exactly what fixes we needed to put in place for the vulnerabilities. It detects and it also gives you the way to fix it."
"Nessus gives me a good preview of vulnerabilities and good suggestions for remediation. It's easy to find a description of a given vulnerability and solutions for it."
"Scanners and reports using CIS templates ("de-facto" standard, easy to fix and to locate correction tips at documentation), tests against cloud providers, database profiles, several types of telecom devices, and others highly customizable scans."
"It's quite complex on the way it is set up, so it takes a fair bit of time in order to get your head around it in order to deploy it. Once you've deployed it, then you're never confident on the versions of the browsers and the SSL certificates, etc. You have to always go back into Qualys and check."
"I would like to see this solution more developed and competitive in the Cloud space."
"The customer support is very bad."
"The reporting needs improvement. It should generate much more stuff like field reports."
"Sometimes we face a problem with accessing the tool and not getting an expected result. From a technology point of view, they need to look into this."
"The ability to manage user accounts and give rights to the operator to know about abnormalities of applications is something that needs improvement."
"We are moving away from Qualys to Defender ATP because I find that Defender ATP is much better at prioritizing the vulnerabilities that I should be looking at."
"I would like to see more accuracy in detections, better reporting capabilities, and better dashboard download capabilities."
"I would like to see an improvement in the ranking of high, medium and low vulnerability."
"There is room for improvement in finishing the transition to the cloud. We'd like to see them keep on improving the Tenable.io product, so that we can migrate to it entirely, instead of having to keep the Tenable.sc on-prem product."
"One area with room for improvement is instead of there just being a PDF format for output, I'd like the option of an Excel spreadsheet, whereby I could better track remediation efforts and provide reporting off of that."
"We use credentialed scans. They need more permissions and more changes or settings on Windows and Linux."
"There is room, overall, for improvement in the way it groups the workstations and the way it detects, when the vulnerability is scanned. Even when we would run a new scan, if it was an already existing vulnerability, it wouldn't put a new date on it."
"One area that has room for improvement is the reporting. I'm preparing reports for Windows and Linux machines, etc. Currently, I'm collecting three or four reports and turning them into one report. I don't know if it is possible to combine all of them in one report, but that would be helpful."
"Model OS costs (and its segregation schema for individual modules)."
"We would like to have the option of using the solution for the cloud as well as on-premises with the same license at the same time. That would be very helpful."
"They have recently changed the pricing model, which is now better than it was before."
"It is different for every company, but for us, it's every three years."
"Qualys is cheaper and more affordable than other solutions."
"The pricing and licensing for Qualys could be improved."
"Nowadays, your vulnerability applications are going to be kind of pricey because lots of them, including Rapid7, are based upon a base price, but then they add in the nodes. That's where they get you. If you're a big network, obviously, you need to scan everything. Therefore, it's going to be costly. The risk and insurance money associated with having ransomware on my networks is going to cost me more money, time, and marketing than the price of the tool. That's why I'm speaking only as an information security officer to security operations. This is the tool that is there in my toolbox to say whether we vulnerable or not. At this point, I don't care about how much it costs my company to have it because if I wasn't able to report it and we got ransomware, then who cares? I'm probably going to be out of business because it happened. That's why I don't care about the price. I have it, and I could use it effectively and do my report. At the end of the day, even if we get ransomware, as long as I reported it, followed my protocol, and put in the change, irrespective of whether it was ignored or denied, I did my job."
"We pay approximately $2,500 on a yearly basis."
"We have a subscription, the licensing fees are paid yearly, and I am using the latest version."
"We incurred a single cost for a perpetual license, although I cannot comment on the price as this is above my management level."
"The price is reasonable."
PradeepKumar4Senior System Engineer at Trianz
Qualys Vulnerability Management (VM) is a cloud-based service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest Internet threats and how to protect them. It helps you to continuously identify threats and monitor unexpected changes in your network before they turn into breaches.
Nessus Professional is the industry’s most widely deployed assessment solution for identifying the vulnerabilities, configuration issues, and malware that attackers use to penetrate your, or your customer's network. With the broadest coverage, the latest intelligence, rapid updates, and an easy-to-use interface, Nessus offers an effective and comprehensive vulnerability scanning package for one low cost.
Qualys VM is ranked 4th in Vulnerability Management with 12 reviews while Tenable Nessus is ranked 1st in Vulnerability Management with 20 reviews. Qualys VM is rated 8.2, while Tenable Nessus is rated 8.4. The top reviewer of Qualys VM writes "Easy to use and scalable but needs to be priced more competitively". On the other hand, the top reviewer of Tenable Nessus writes "Easy to use, good support, and gives full reports of what's vulnerable per device". Qualys VM is most compared with Tenable SC, Rapid7 InsightVM, Darktrace, Microsoft Cloud App Security and Prisma SaaS by Palo Alto Networks, whereas Tenable Nessus is most compared with Tenable.io Vulnerability Management, Tenable SC, Rapid7 InsightVM, Rapid7 Metasploit and Tripwire IP360. See our Qualys VM vs. Tenable Nessus report.
See our list of best Vulnerability Management vendors.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.