Try our new research platform with insights from 80,000+ expert users

BigFix vs Qualys CyberSecurity Asset Management comparison

HCLSoftware and Qualys are both solutions in the Patch Management category. HCLSoftware is ranked #2 with an average rating of 9.0, while Qualys is ranked #6 with an average rating of 9.2. HCLSoftware holds a 9.0% mindshare in PM, compared to Qualys’s 1.0% mindshare. Additionally, 97% of HCLSoftware users are willing to recommend the solution, compared to 100% of Qualys users who would recommend it.
BigFix
Read 97 BigFix reviews
  • 3,186 Views
  • 915 Comparison Views
97% willing to recommend
Qualys CyberSecurity Asset ...
Read 22 Qualys CyberSecurity Asset Management reviews
  • 158 Views
  • 37 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Apr 20, 2025

BigFix and Qualys CyberSecurity Asset Management compete in the cybersecurity management sector, catering to asset management and security solutions. BigFix holds an advantage in large-scale environments due to its comprehensive control features, while Qualys excels in ease of use and automated scanning.

Features: BigFix offers extensive client management, real-time recording capabilities, comprehensive patch management, customization via robust API integrations, and powerful configuration and compliance tools. Qualys thrives with excellent asset discovery, dynamic tagging, seamless integration with vulnerability management tools, and automatic vulnerability scanning for swift risk identification and mitigation.

Room for Improvement: BigFix can enhance its user interface, optimize deployment task support, and improve documentation for better clarity. Users are calling for more automation and cloud capabilities. Qualys could improve scan frequency controls, offer a more intuitive end-user interface, and enhance its tagging and categorization features. Additionally, there's a desire for wider integration capabilities and expanded report customization.

Ease of Deployment and Customer Service: BigFix, primarily utilized in on-premises setups, provides flexibility for organizations with existing infrastructures but requires expertise for optimal deployment. Customer support has improved but interfaces could be more streamlined. Conversely, Qualys supports deployment across public and hybrid clouds, offering scalability and flexibility for dynamic environments. Their support is consistently responsive, providing effective assistance, with room for improved initial setup guidance.

Pricing and ROI: BigFix is often seen as expensive due to its comprehensive features, yet it offers significant ROI through reduced manpower and enhanced compliance efficiency. Various packages cater to diverse needs which might include discounts. Qualys, competitively priced, delivers substantial value when bundled with other services, offering a straightforward pricing model that can result in attractive ROI for larger firms.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed BigFix vs. Qualys CyberSecurity Asset Management Report (Updated: June 2025).
Buyer's Guide
BigFix vs. Qualys CyberSecurity Asset Management
June 2025
Download the complete report
Helped 859,129 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

BigFix
Ranking in Patch Management
2nd
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
97
Ranking in other categories
Configuration Management (6th), Endpoint Protection Platform (EPP) (26th), Unified Endpoint Management (UEM) (4th)
Qualys CyberSecurity Asset ...
Ranking in Patch Management
6th
Average Rating
9.2
Reviews Sentiment
7.7
Number of Reviews
22
Ranking in other categories
Vulnerability Management (8th), Cyber Asset Attack Surface Management (CAASM) (3rd), Attack Surface Management (ASM) (3rd), Software Supply Chain Security (4th)
 

Mindshare comparison

As of June 2025, in the Patch Management category, the mindshare of BigFix is 9.0%, down from 12.4% compared to the previous year. The mindshare of Qualys CyberSecurity Asset Management is 1.0%, up from 0.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Patch Management
 

Featured Reviews

Bella Yakoby - PeerSpot reviewer
Offers third-party patching feature, good scalability, and enhance endpoint management capabilities
From the perspective of the team that's handling the environment, it's not so user-friendly compared to other solutions, the competitors. We hire new teams from time to time, and they are complaining, look, although BigFix is very robust and cross-platform, it's not so fun to work with. The user interface for the technical teams is not so advanced. It's not so intuitive compared to SCCM, compared to ManageEngine. And this is the fact that they have, with the teams, because they have the rejection. The look and feel of the system are old-fashioned. For new employees, it's less easy to find someone I don't need to educate on how to work with BigFix. Although it's easy, it's not as intuitive as the other solutions, and the functionality of the other solutions is less advanced. Let's summarize: The user interface has to be changed from the perspective of the teams that are managing the product. It's old school.
Read full review
Scott Frederick - PeerSpot reviewer
Well-integrated with our vulnerability scanning utilities and efficient in asset tagging and identification
Our favorite features are the tagging and the ability to quickly find assets in the portal. Additionally, I do like the fact that Qualys CSAM is integrated with the rest of our vulnerability scanning utilities. We use the full suite from Qualys. The fact that it is integrated makes it very easy to understand. It shares tagging information with VMDR. That is very nice. Qualys CSAM has discovered assets not previously covered by our vulnerability management program. Primarily, if we have assets without vulnerabilities, they become less visible, but Qualys CSAM alerts us to them because they have IP addresses and are attached to our network. It could discover everything from printers to servers to endpoints. It could discover UPSs, network devices, and across all operating systems. It discovers our security badge readers and digital signage. We have to feed that the IP address ranges, but beyond that, it finds everything in our internal network. We were able to realize its benefits within the first quarter of installing it. We did have to take some time to learn it and understand how to operationally leverage what it was telling us, but it was very quick. In addition to vulnerabilities, Qualys CSAM helps identify other risk factors to a degree. For instance, we can see if servers or assets have incorrect naming standards. We have our network segmented into development model, test, and production, and we have server naming standards that identify which management they should be in. If a production server has the naming standard of a development model server, we can find that. That is one area we have used it for. We are not fully using TruRisk, but we are using the Qualys detection score that is central to our corporate risk prioritization approach. It has completely replaced our homegrown one.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The tool's most valuable features are patching and integration with vulnerability scanners."
"I would advise someone considering this product to go for it. It's easy to use, cheaper than the value, and there is tons and tons of support from the BigFix community. With almost every challenge we have someone who has encountered it, and you will have a solution right away."
"BigFix is incredibly fast and accurate in patching, reporting, and remediation."
"In terms of vulnerability management, it gives tough competition by providing a single management console with multiple benefits."
"BigFix helped us to identify the compliance of devices and has also improved the way that we manage our software inventory for reporting to vendors."
"My company provides support services to a lot of customers and companies. We have reduced a huge amount of man-effort. Along with the man-effort, we have reduced the timeline to fix the compliance and security gaps. We have an unbroken record. The documentation clearly says that we have done the patching of newly released patches, including Microsoft and third-party patches, in up to 80% of the computers, within 72 hours of the release of the production. That was a very massive benefit that we have seen. When I talk about the 80% endpoints, it is 100 or 200. I am talking about 25,000 endpoints."
"We rely on BigFix as part of our consulting engagements. It's more efficient from a visibility and discovery standpoint on the initial phase, the consulting engagement. It also increases our efficiencies on the remediation phase of our engagements."
"The most valuable features of the solution are Windows patching and the hardware and software inventory."
More BigFix pros
"Qualys CyberSecurity Asset Management offers comprehensive features to cover our entire attack surface."
"The scanning results are pretty good, and some of the insights are quite valuable."
"The end-of-life and end-of-service software and hardware are some of my favorite features."
"The best feature is asset discovery through their cloud agent or IP-based scanning."
"Qualys CSAM is valuable for providing end-of-life and end-of-sale information. It gives me visibility into the number of products or hardware items that are end-of-life."
"Authorized and unauthorized software visibility is the best feature for me. It helps me understand security controls on our network and where we lack visibility. With a single security tool, we are able to get an extensive list."
"When you implement a dynamic tag using a query, you do not need to manually tag all the servers. It categorizes all the servers that come under that query. The tagging part is automatically done within a few minutes. It reduces the effort."
"The most valuable feature is the Management sensor, which helps identify gaps in policy agent availability, thereby improving agent utilization."
More Qualys CyberSecurity Asset Management pros
 

Cons

"The BigFix Inventory could have an increased scope regarding the tools that can be detected. It does not cover all the possible software installed in Asset."
"To make it a ten they should improve the licensing. Second, if they could have one environment for everything it would be nice. For you to install compliance you need to install the server, and then you add the modules. For you to install inventory you install the server and then you add the modules. It's not easy to do. When I was doing it before I learned it, it was not straight forward."
"The only thing that I don't like about BigFix is that it does not support other devices such as printer firmware, router firmware, and things like that. I will be happy if I can control everything and get everything else in there, even if it is just a line item. They can do some enhancements to the Web UI. I am trying to get customers to be able to manage their environment by using Web UI, and it would be good if we can delete endpoints by using Web UI. We should also be able to generate Excel content or data tables from the Web UI without having to go to the console. It is small stuff, and it drives me crazy that I have to go to another console to do these things."
"It could use better integration with Hypervisor products like VMware."
"I would like to see much better web reporting because as it is now, it's convoluted, basic, it's not modern, and there are limitations to it."
"I would like to see improvements in the Web UI program and also a BigFix console for Mac OS."
"I would like to see for it to be a little easier for new users to be able to learn and create relevant statements. In my opinion, that's the hardest part for bringing on new people that haven't had BigFix experience. Being able to have easier ways to build relevance in ActionScript would be the biggest improvement I'd like to see."
"I'm looking for them to make big web UI improvements."
More BigFix cons
"One improvement that they can make in the EASM module is the scan frequency. After EASM is configured the first time, it allows you to do the complete configuration, but if you want to reconfigure it, it will not ask or provide any option for scan frequency. For that, you need to raise a case with Qualys and talk to the Qualys team."
"In my opinion, the area that needs improvement is the role-based access control (RBAC). The access privilege management needs to be more robust and streamlined to enhance user access management. Additionally, improvements to the user interface could be beneficial."
"The UI needs improvement as it can become overwhelming after prolonged use."
"The scanning function could be improved."
"Qualys CSAM is not super responsive, and there can be delays sometimes, especially with the network passive sensor. You might see duplicate objects which eventually disappear but it takes time. If that can be done faster, it will be great."
"From the user experience perspective, we need a simpler interface and reduced complexity in certain features, particularly with the Qualys Query Language."
"It is automatically exporting the vulnerabilities and the assets. However, it would be useful to have the ability to select or to filter which we would like to export."
"Qualys could improve by enhancing its dynamic tagging and role-based access control features, and by refining its user interface for a more intuitive and efficient user experience."
More Qualys CyberSecurity Asset Management cons
 

Pricing and Cost Advice

"The price of BigFix is better than the solutions. You are able to pay monthly or annually. There are not any hidden costs with BigFix. There is an additional cost for the SQL database."
"I can estimate the reduced cost of servers maintenance to approximatively $500,000."
"The product is less costly when compared to other solutions, and this is a good solid solution for what we have paid."
"The price is reasonable, but our customers find it expensive."
"So, the pricing is slightly more expensive than the others. I have to keep buying licenses every time I add a new device."
"There's not much big cost. We only have to pay the agents' cost for the server, and for the systems."
"The tool's price continues to go up. The cost per endpoint can vary, ranging from approximately 30 to 80 dollars per year. Compared to other products, pricing is in the middle. You need to buy an additional database license, but most users already have it."
"Compliance, inventory, and licensing are really pricey. They should lower the price. It discourages users from getting onboard."
More BigFix pricing and cost advice
"The Qualys Cybersecurity Asset Management pricing is well-aligned with our usage."
"The cost for Qualys CyberSecurity Asset Management is high."
"The pricing for Qualys CSAM is nominal."
"Qualys offers excellent value for money."
"The pricing for Qualys Cybersecurity Asset Management is reasonable, with an annual subscription costing around $1,000 per year or a monthly subscription starting at approximately $72 per month, depending on the specific package and features included."
"Qualys is competitively priced for its features. Its pricing is suitable for large organizations with more than 4,000 assets, but for smaller organizations with few assets, such as banks, the costs might be high. They should come up with packages that are suitable for small organizations."
"Though the solution is considered expensive, if bundled with other services such as VMDR or cloud agents, its value would significantly increase. It is currently a bit costly, but with bundling, it could become attractive to more customers."
"Qualys CyberSecurity Asset Management can be expensive, especially if we already have VMDR."
More Qualys CyberSecurity Asset Management pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Patch Management solutions are best for your needs.
See recommendations
859,129 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
28%
Financial Services Firm
11%
Government
8%
Computer Software Company
7%
Computer Software Company
18%
Financial Services Firm
14%
Government
9%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about BigFix?
The most valuable features of the solution are Windows patching and the hardware and software inventory.
See all answers
What is your experience regarding pricing and costs for BigFix?
The pricing is competitive, but not the most competitive.
See all answers
What needs improvement with BigFix?
While performing integration, we face many issues with IBM solution. We need detailed information about those issues that can help users to mitigate them. The problem was related to the hardware co...
See all answers
What is your experience regarding pricing and costs for Qualys CyberSecurity Asset Management?
The pricing is reasonable relative to the features provided, as it collects all module data and operates as a main, centralized inventory, making it a cost-effective solution.
See all answers
What needs improvement with Qualys CyberSecurity Asset Management?
Qualys CyberSecurity Asset Management helps us prioritize assets according to operating system, kernel version, installed software, and current version information. The ASM assists with attack surf...
See all answers
What is your primary use case for Qualys CyberSecurity Asset Management?
We are using Qualys CyberSecurity Asset Management for daily activities such as identifying new assets through network scanning and agent-based scanning for newly provisioned assets. When any new a...
See all answers
 

Comparisons

Microsoft Intune vs BigFix Logo
Microsoft Intune vs BigFix
Compared 12% of the time
Tanium vs BigFix Logo
Tanium vs BigFix
Compared 8% of the time
Microsoft Configuration Manager vs BigFix Logo
Microsoft Configuration Manager vs BigFix
Compared 8% of the time
Red Hat Ansible Automation Platform vs BigFix Logo
Red Hat Ansible Automation Platform vs BigFix
Compared 6% of the time
Red Hat Satellite vs BigFix Logo
Red Hat Satellite vs BigFix
Compared 4% of the time
More BigFix Competitors
Amazon Inspector vs Qualys CyberSecurity Asset Management Logo
Amazon Inspector vs Qualys CyberSecurity Asset Management
Compared 13% of the time
Armis vs Qualys CyberSecurity Asset Management Logo
Armis vs Qualys CyberSecurity Asset Management
Compared 11% of the time
CrowdStrike Falcon vs Qualys CyberSecurity Asset Management Logo
CrowdStrike Falcon vs Qualys CyberSecurity Asset Management
Compared 9% of the time
Axonius vs Qualys CyberSecurity Asset Management Logo
Axonius vs Qualys CyberSecurity Asset Management
Compared 7% of the time
Microsoft Defender External Attack Surface Management vs Qualys CyberSecurity Asset Management Logo
Microsoft Defender External Attack Surface Management vs Qualys CyberSecurity Asset Management
Compared 7% of the time
More Qualys CyberSecurity Asset Management Competitors
 

Product Reports

Buyer's Guide
BigFix
June 2025
BigFix reportDownload BigFix product report
Buyer's Guide
Qualys CyberSecurity Asset Management
June 2025
Qualys CyberSecurity Asset Management reportDownload Qualys CyberSecurity Asset Management product report
 

Also Known As

Tivoli Endpoint Manager
No data available
 

Overview

HCL BigFix is a powerful patch management tool that enables organizations to simply control their patch management operations. It is designed so that IT security and operations teams can collaborate in the most effective way possible. Users that employ BigFix can find and fix issues with their endpoints faster than those that employ its competitors. It comes with thousands of security checks that can be deployed quickly and easily. These enable users to safeguard themselves from a wide variety of digital threats.

HCL BigFix Benefits

Some of the ways that organizations can benefit by choosing to deploy HCL BigFix include:

  • Total visibility and simplified control. BigFix provides users with total system visibility while simultaneously enabling administrators to easily manage their networks. It enables organizations to run all of their patch management operations from a single user interface. This UI contains all of BigFix’s system controls. It also contains all of an organization’s network data. Users will never have to search for the features or information that they need as everything is centrally located.
  • Maximum benefit for reduced overhead. BigFix enables businesses to integrate with more than 100 different operating systems. Users can utilize the operating system of their choice without multiplying their overhead costs. They can keep costs down while still achieving their goals. 
  • Flexibility. BigFix is highly flexible. Users can integrate it with the top vulnerability management solutions on the market. This enables users to maximize their protective coverage and minimize the amount of time that they have to spend resolving issues. 

BigFix Features

  • BigFix Insights. The BigFix insights feature gives users access to a powerful deep analysis tool. This tool enables organizations to gather data from all of their endpoints and compile them into reports that can aid administrators in their work. It can centralize an organization’s data and also enable it to import data from other sources so that it can make more informed decisions.
  • Task automation. BigFix has the ability to automate rudimentary tasks so that users can focus on tasks that require a greater level of attention. This can include tasks such as event remediation and data collection. This feature enables users to focus their attention on other more critical tasks.
  • Data loss prevention tool. This tool enables users to prevent critical data from being leaked or leaking accidentally. It creates policies that limit or prevent sensitive data from being transmitted. It also enforces the privacy protocols that are already in place. Organizations can leverage this tool to bolster the security protecting their data from malicious actors.
  • Web reputation tool. This tool proactively protects networks from malicious websites. It scans for potentially dangerous websites and opens a blocking page when one is detected. Users are also given the ability to set proxy server credentials for the system to recognize and authenticate. Users can use this to ensure that suspicious websites are unable to infect their networks.
  • Centralized UI. BigFix comes with a built-in UI that centralizes all of the solution’s features so that they can be accessed from a single location. It enables administrators to target specific portions of the network when issues arise without requiring them to take actions that will affect the entire network.

Reviews from Real Users

HCL BigFix is a highly effective solution that stands out when compared to most of its competitors. Two major advantages it offers are its auto-patching capability and its user-friendly tools.

Santhosh K., the chief executive officer of Catnip Infotech Private Limited, writes, “The second valuable feature is, BigFix also has an auto patch updating feature, where the latest patches, and what is required for my system are automatically downloaded and kept ready for me. The solution applies the patch and notifies me after applying the patch. BigFix also gives me a ping saying that I should reset my system within a certain period of time, while the patch is being applied. Let's say, the patch is being applied and if there's an issue, the solution can revoke the applied patch, and revert back to the old state.”


Benedikt S., an application administrator, says, “It's very straightforward. The usability is very close to everyday technical tools that you use as a systems administrator. So it's quite user-friendly.”

HCLSoftware

Qualys CyberSecurity Asset Management provides advanced real-time asset visibility, dynamic tagging, and External Attack Surface Management. It streamlines asset discovery and management using cloud agents and IP-based scanning, enhancing risk management and software lifecycle tracking.

Qualys CyberSecurity Asset Management offers a comprehensive solution for managing asset inventories and tracking software lifecycle states. It facilitates network visibility and supports zero-day vulnerability solutions, enhancing security posture through efficient monitoring. Users benefit from its cloud-based interface, which provides in-depth asset configurations and insights. Key features include automated vulnerability scanning and unauthorized software management, reducing manual efforts. The platform also emphasizes the importance of timely remediation and ongoing risk mitigation across multiple environments. Despite its strengths, users note the need for enhanced integration with additional CMDBs beyond ServiceNow, as well as cost efficiency improvements. Requests also include better report customization, more scan control, and a simplified UI.

What are the key features of Qualys CyberSecurity Asset Management?
  • Real-time Visibility: Offers continuous insight into asset status and condition.
  • Dynamic Tagging: Allows for flexible organization and assessment of assets.
  • External Attack Surface Management: Identifies potential threats from external sources.
  • Automated Vulnerability Scanning: Reduces manual scanning efforts and identifies vulnerabilities instantly.
  • Unauthorized Software Management: Detects and manages software not approved for use.
  • Asset Purge Rule: Automates the removal of obsolete assets from the inventory.
What benefits should users look for in reviews?
  • Enhanced Security Posture: Gains stronger defense through effective asset monitoring.
  • Efficient Risk Management: Identifies threats quickly, enabling timely resolutions.
  • Improved Compliance: Assists in meeting industry standards and regulations.
  • Reduced Manual Effort: Automates repetitive tasks, saving time and resources.
  • Comprehensive Insight: Provides detailed data for informed decision making.

In industries like finance, healthcare, and manufacturing, Qualys CyberSecurity Asset Management enhances asset control by offering visibility into hardware and software configurations. It aids in maintaining security compliance and identifying unauthorized software, crucial for sectors with strict regulatory requirements.

Qualys
 

Sample Customers

US Foods, Penn State, St Vincent's Health US Foods, Sabadell Bank, SunTrust, Australia Sydney, Stemac, Capgemini, WNS Global Services, Jebsen & Jessen, CenterBeam, Strauss, Christian Hospital Centre, Brit Insurance, Career Education Corporation
Information Not Available
Buyer's Guide
BigFix vs. Qualys CyberSecurity Asset Management
June 2025
Free Report: BigFix vs. Qualys CyberSecurity Asset Management
Find out what your peers are saying about BigFix vs. Qualys CyberSecurity Asset Management and other solutions. Updated: June 2025.
DOWNLOAD NOW
859,129 professionals have used our research since 2012.
See our BigFix vs. Qualys CyberSecurity Asset Management report.
See our list of best Patch Management vendors.

We monitor all Patch Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.