We compared Qualys VMDR and Tenable Nessus based on our users reviews in six parameters. After reading the collected data, you can find our conclusion below:
The setup process for Qualys VMDR is quick and uncomplicated, taking only a few minutes. However, setting up Qualys Container Security can be intricate and time-consuming. In contrast, Tenable Nessus is described as straightforward and effortless to set up, taking anywhere from 30 minutes to a couple of hours.
Qualys VMDR is notable for its effective prioritization system, ongoing monitoring, customizable dashboard, and extensive vulnerability overview. On the other hand, Tenable Nessus excels in vulnerability assessment, reporting, and ease of use.
Both Qualys VMDR and Tenable Nessus have areas that could be improved. Qualys VMDR could enhance user experience, UI design, SLA tracking, batch prioritization, integration, reporting, and dashboards. On the other hand, Tenable Nessus could improve integration, pricing, user interface, reporting, support, and learning resources.
Both Qualys VMDR and Tenable Nessus provide valuable returns on investment. Qualys VMDR prioritizes the reduction of cybersecurity risks, while Tenable Nessus places emphasis on proactive vulnerability discovery and patch deployment.
The customer service for Qualys VMDR has received both positive and negative feedback. Some customers appreciate the convenience of reaching out to a global team and the implementation of suggested improvements. However, there are concerns about the response time and the expertise of the support staff. Tenable Nessus also has a mix of reviews. Some customers find the support to be prompt and useful, while others believe that the support team could be more knowledgeable and that the solutions provided are not always effective.
Comparison Results
Based on the reviews, Qualys VMDR and Tenable Nessus have similar initial setup processes that are straightforward and easy. However, Qualys VMDR stands out for its user-friendly setup and maintenance, including automatic agent updates. On the other hand, Tenable Nessus is highly effective in vulnerability assessment and reporting, and is also praised for its affordability and scalability. Qualys VMDR is valued for its prioritization mechanism and comprehensive overview of vulnerabilities, while Tenable Nessus is commended for its real-time monitoring and self-updating engine. Customer service and support for both products have received mixed reviews, with some users finding the support teams responsive and helpful, while others had negative experiences or did not require support.
"Qualys VM is very stable."
"Performs automated, regular scans in the network."
"I find Qualys VM very robust, and it's very useful for vulnerability management and patch management. The value that it brings to my environment is economies of scale. There is no limitation on adding any endpoints. You go by the rule, and it's added once another endpoint is added to our environment. It's automatically installed, and it's less work from our end. It frees up my license automatically if I don't need an endpoint or if my machine is decommissioned. I like the dashboard displays because I don't see any duplication. The most important part is vulnerability management and prioritization. Unlike Symantec, it shows the kind of vulnerability I would want to patch first. It provides a holistic view of the kind of vulnerabilities and the ones I should remediate first. I don't have to do a scan; it just brings up those critical kinds of vulnerabilities like zero-day vulnerabilities and tells me to prioritize them. You have to prioritize these vulnerabilities first and go on with the rest. The dashboard shows me the ones that have been fixed, so I don't have to complete an aging report. The user experience and the graphical interface are good. As it's user-friendly and understandable on an executive level, it brings real value. We also use this solution because it's robust and flexibile."
"I am impressed with the VMDR feature."
"It gives a very good overview of the inventory assessment process, and it can be accessed across our company because it's a global tool."
"It is very easy to use and there are lots of options. We can usually easily go through it and all of the things we want to configure, and we can configure everything to our specifications very easily."
"It is a stable solution."
"There are many features. Its reliability, ease of installation, ease of use, and the richness of the information provided are the most valuable features."
"Tenable Nessus is cheap and flexible."
"We have around 500 virtual machines. Therefore, we conduct monthly scans and open tickets for our developers to address identified vulnerabilities. These scans cover the servers, other network equipment, and appliances in our infrastructure."
"We looked at Tenable, Qualys and Rapid7. We found Tenable was the best of all three."
"Makes ransomware checking and OS auditing and implementation relatively easy."
"The most valuable features of Tenable Nessus are the scanning option. Advanced scanning is highly useful. The offline config audits and application assessments are useful."
"Once you get past the initial implementation, the solution is very stable."
"I have found the vulnerability assessment and the reports to be useful."
"The initial setup of Tenable Nessus is very easy."
"What we have found is that the solution is not closely tied with the patch management. It is okay with newer ones, like Windows 10 machines; it gives the correct patch. But for Windows 7 or Windows Server 2008, it does not give us the correct patch so we have to manually identify the patches. This is a major problem."
"Some of the older features could be polished instead of focusing on releasing new features."
"The customer support is very bad."
"I would like to see this solution simplified to work more easily in a multi-cloud environment."
"I would like to have CSPM, a continuous scan-like cloud added to the solution."
"Qualys could improve the inbuilt dashboards."
"Finding things in management can be quite difficult."
"When tested on Zero day, there were errors."
"There is room, overall, for improvement in the way it groups the workstations and the way it detects, when the vulnerability is scanned. Even when we would run a new scan, if it was an already existing vulnerability, it wouldn't put a new date on it."
"The price and scalability of the solution could improve."
"Tenable Nessus could improve by having more steady updates which will reduce the vulnerabilities."
"We'd like to see the solution embrace more user-friendliness."
"In Nessus Professional, the main drawback was that we could have a single-user login password. So it could be better in terms of security."
"The price could be reduced."
"There is room for improvement in finishing the transition to the cloud. We'd like to see them keep on improving the Tenable.io product, so that we can migrate to it entirely, instead of having to keep the Tenable.sc on-prem product."
"Remediation needs improvement."
Qualys VMDR is ranked 3rd in Risk-Based Vulnerability Management with 76 reviews while Tenable Nessus is ranked 3rd in Vulnerability Management with 75 reviews. Qualys VMDR is rated 8.2, while Tenable Nessus is rated 8.4. The top reviewer of Qualys VMDR writes "Good visibility but expensive and needs better support". On the other hand, the top reviewer of Tenable Nessus writes "Unlimited assets for one price and quick, agentless results". Qualys VMDR is most compared with Tenable Security Center, Rapid7 InsightVM, Microsoft Defender Vulnerability Management, Tenable Vulnerability Management and Microsoft Defender for Cloud Apps, whereas Tenable Nessus is most compared with Rapid7 InsightVM, Tenable Security Center, Tenable Vulnerability Management, Pentera and Microsoft Defender Vulnerability Management. See our Qualys VMDR vs. Tenable Nessus report.
We monitor all Risk-Based Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.