Try our new research platform with insights from 80,000+ expert users

Cymulate vs Qualys CyberSecurity Asset Management comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jul 27, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cymulate
Ranking in Attack Surface Management (ASM)
11th
Average Rating
8.6
Reviews Sentiment
7.4
Number of Reviews
5
Ranking in other categories
Threat Intelligence Platforms (10th), Breach and Attack Simulation (BAS) (1st), Continuous Threat Exposure Management (CTEM) (2nd)
Qualys CyberSecurity Asset ...
Ranking in Attack Surface Management (ASM)
3rd
Average Rating
9.2
Reviews Sentiment
7.7
Number of Reviews
22
Ranking in other categories
Vulnerability Management (8th), Patch Management (6th), Cyber Asset Attack Surface Management (CAASM) (3rd), Software Supply Chain Security (5th)
 

Mindshare comparison

As of August 2025, in the Attack Surface Management (ASM) category, the mindshare of Cymulate is 3.2%, up from 2.9% compared to the previous year. The mindshare of Qualys CyberSecurity Asset Management is 3.7%, up from 0.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Attack Surface Management (ASM)
 

Featured Reviews

Ondrej Kováč - PeerSpot reviewer
Advanced cybersecurity solution for attack based vulnerability mng. and upskill platform for SOC.
While Cymulate's technology shows great promise and delivers excellent results, their approach to positioning the solution appears to overlap with other companies like Tenable, making them both direct and indirect competitors. Cymulate must refine their messaging and manage expectations effectively. In my experience, they need to be more attentive internally and mindful of potential negative impacts on customers. They exhibit a high degree of flexibility, which can result in sudden changes without adequate alerting. Communicating with them via phone for business matters can be challenging. On a scale from one to ten, I would rate Cymulate's technology level at eight, but their business level at four out of ten.
Scott Frederick - PeerSpot reviewer
Well-integrated with our vulnerability scanning utilities and efficient in asset tagging and identification
Our favorite features are the tagging and the ability to quickly find assets in the portal. Additionally, I do like the fact that Qualys CSAM is integrated with the rest of our vulnerability scanning utilities. We use the full suite from Qualys. The fact that it is integrated makes it very easy to understand. It shares tagging information with VMDR. That is very nice. Qualys CSAM has discovered assets not previously covered by our vulnerability management program. Primarily, if we have assets without vulnerabilities, they become less visible, but Qualys CSAM alerts us to them because they have IP addresses and are attached to our network. It could discover everything from printers to servers to endpoints. It could discover UPSs, network devices, and across all operating systems. It discovers our security badge readers and digital signage. We have to feed that the IP address ranges, but beyond that, it finds everything in our internal network. We were able to realize its benefits within the first quarter of installing it. We did have to take some time to learn it and understand how to operationally leverage what it was telling us, but it was very quick. In addition to vulnerabilities, Qualys CSAM helps identify other risk factors to a degree. For instance, we can see if servers or assets have incorrect naming standards. We have our network segmented into development model, test, and production, and we have server naming standards that identify which management they should be in. If a production server has the naming standard of a development model server, we can find that. That is one area we have used it for. We are not fully using TruRisk, but we are using the Qualys detection score that is central to our corporate risk prioritization approach. It has completely replaced our homegrown one.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Cymulate is easy to set up, install, and configure."
"The most valuable feature for us is the zero-day."
"The reporting capabilities are very good."
"The security validation feature helps my organization in assessing our security posture."
"Cymulate has positively impacted our organization by helping us to take care of the efficacy and reviewing the policies and configuration."
"The most valuable aspect we receive from Qualys is the remediation."
"The most valuable features of Qualys CSAM include the ability to manage authorized and unauthorized applications efficiently. This feature helps in validating applications and maintaining a secure environment."
"The most valuable feature is the real-time visibility Qualys CyberSecurity Asset Management provides into all assets across our development and operational environments."
"I appreciate the feature that simplifies cloud security posture, offering insights into vulnerabilities, and reducing the complexity of managing the security program."
"Qualys CyberSecurity Asset Management has helped to improve the organization's security posture significantly."
"Qualys CSAM helps find all the assets. It categorizes information based on various criteria such as host and tenant version. It provides in-depth visibility into both hardware and software."
"The support is extremely helpful, deserving a 10 out of 10 rating."
"There are no stability issues, and I would rate it a ten out of ten."
 

Cons

"The reporting process requires significant improvement as it often takes longer than expected and the quality is lacking."
"The cost can be quite high, and it impacts scalability as more simulations require additional expenses."
"The product must provide consultancy for initial setup."
"The way Cymulate works for EDR could be improved, as it drops payload and requires action from the EDR console for remediation, which can block the whole process of Cymulate execution."
"I will be honest, we have it, but in the last year, I didn't maintain the system until a month ago."
"The scanning function could be improved."
"Further research and development are needed to enhance integration with other cloud agents and products, particularly improving communication with external products and vendors."
"Qualys CSAM is not super responsive, and there can be delays sometimes, especially with the network passive sensor. You might see duplicate objects which eventually disappear but it takes time. If that can be done faster, it will be great."
"The deployment is somewhat complicated and could be made more user-friendly for most users. It is currently not user-friendly for all users. It is good but can be improved. It is a new product, and they are working on it."
"We encountered some false positives, which required coordination with the IT team for verification."
"We have had challenges modifying the agent configuration. Particularly, when we want to change the tenant that the agent is pointing to, we have had difficulties making that reliable and working properly."
"In my opinion, the area that needs improvement is the role-based access control (RBAC). The access privilege management needs to be more robust and streamlined to enhance user access management. Additionally, improvements to the user interface could be beneficial."
"Currently, in the EASM module, the scan frequency is limited to once daily, but allowing end users control over scan scheduling would be advantageous."
 

Pricing and Cost Advice

"The product is affordable."
"Cymulate's services are expensive."
"Qualys CyberSecurity Asset Management can be expensive, especially if we already have VMDR."
"Qualys offers excellent value for money."
"Qualys is competitively priced for its features. Its pricing is suitable for large organizations with more than 4,000 assets, but for smaller organizations with few assets, such as banks, the costs might be high. They should come up with packages that are suitable for small organizations."
"The cost for Qualys CyberSecurity Asset Management is high."
"The pricing is market-competitive."
"The pricing for Qualys Cybersecurity Asset Management is reasonable, with an annual subscription costing around $1,000 per year or a monthly subscription starting at approximately $72 per month, depending on the specific package and features included."
"The Qualys Cybersecurity Asset Management pricing is well-aligned with our usage."
"Though the solution is considered expensive, if bundled with other services such as VMDR or cloud agents, its value would significantly increase. It is currently a bit costly, but with bundling, it could become attractive to more customers."
report
Use our free recommendation engine to learn which Attack Surface Management (ASM) solutions are best for your needs.
865,384 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
16%
Computer Software Company
11%
Manufacturing Company
7%
Retailer
7%
Computer Software Company
17%
Financial Services Firm
15%
Government
7%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about Cymulate?
The most valuable feature for us is the zero-day.
What is your experience regarding pricing and costs for Cymulate?
I don't currently recall the specific pricing details as I last reviewed them two years ago. I initially thought it would be more expensive, but I found it reasonable because you can purchase modul...
What needs improvement with Cymulate?
The way Cymulate works for EDR could be improved, as it drops payload and requires action from the EDR console for remediation, which can block the whole process of Cymulate execution. They should ...
What is your experience regarding pricing and costs for Qualys CyberSecurity Asset Management?
The pricing is reasonable relative to the features provided, as it collects all module data and operates as a main, centralized inventory, making it a cost-effective solution.
What needs improvement with Qualys CyberSecurity Asset Management?
Qualys CyberSecurity Asset Management helps us prioritize assets according to operating system, kernel version, installed software, and current version information. The ASM assists with attack surf...
What is your primary use case for Qualys CyberSecurity Asset Management?
We are using Qualys CyberSecurity Asset Management for daily activities such as identifying new assets through network scanning and agent-based scanning for newly provisioned assets. When any new a...
 

Overview

 

Sample Customers

Euronext, YMCA, Telit, Nemours 
Information Not Available
Find out what your peers are saying about Cymulate vs. Qualys CyberSecurity Asset Management and other solutions. Updated: July 2025.
865,384 professionals have used our research since 2012.