ImmuniWeb vs Qualys CyberSecurity Asset Management comparison

ImmuniWeb and Qualys are both solutions in the Attack Surface Management (ASM) category. ImmuniWeb is ranked #19 with an average rating of 8.7, while Qualys is ranked #3 with an average rating of 9.2. ImmuniWeb holds a 0.5% mindshare in ASM, compared to Qualys’s 3.7% mindshare. Additionally, 85% of ImmuniWeb users are willing to recommend the solution, compared to 100% of Qualys users who would recommend it.

ImmuniWeb

Read 7 ImmuniWeb reviews

1,175 Views
165 Comparison Views

85% willing to recommend

Qualys CyberSecurity Asset ...

Read 22 Qualys CyberSecurity Asset Management reviews

2,070 Views
642 Comparison Views

100% willing to recommend

ImmuniWeb

Qualys CyberSecurity Asset ...

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Jul 27, 2025

ImmuniWeb and Qualys CyberSecurity Asset Management both compete in the cybersecurity asset management sector. ImmuniWeb stands out for its affordability and strong customer support, whereas Qualys is preferred for its comprehensive features that justify its investment.

Features: ImmuniWeb offers AI-driven vulnerability scanning, web security testing, and continual monitoring. In comparison, Qualys excels in asset visibility, inventory management, and comprehensive vulnerability assessment tools.

Room for Improvement: ImmuniWeb could enhance its asset management capabilities, expand its integration options, and increase scalability for larger enterprises. Qualys can improve its pricing model, simplify its user interface, and enhance its deployment process.

Ease of Deployment and Customer Service: ImmuniWeb is praised for its easy deployment and responsive customer service. It integrates smoothly into existing systems. Qualys, while having a steeper deployment curve, provides extensive documentation and a supportive community, offering rich resources beneficial for users.

Pricing and ROI: ImmuniWeb is cost-effective, offering excellent ROI through efficient threat detection. While Qualys involves higher initial costs, it provides extensive features that enhance long-term ROI, making it a valuable long-term investment.

To learn more, read our detailed ImmuniWeb vs. Qualys CyberSecurity Asset Management Report (Updated: July 2025).

Buyer's Guide

ImmuniWeb vs. Qualys CyberSecurity Asset Management

July 2025

Download the complete report

Helped 865,384 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

ImmuniWeb

Ranking in Attack Surface Management (ASM)

19th

Average Rating

8.2

Reviews Sentiment

7.8

Number of Reviews

Ranking in other categories

Static Application Security Testing (SAST) (23rd)

Qualys CyberSecurity Asset ...

Ranking in Attack Surface Management (ASM)

3rd

Average Rating

9.2

Reviews Sentiment

7.7

Number of Reviews

Ranking in other categories

Vulnerability Management (8th), Patch Management (6th), Cyber Asset Attack Surface Management (CAASM) (3rd), Software Supply Chain Security (5th)

Mindshare comparison

As of August 2025, in the Attack Surface Management (ASM) category, the mindshare of ImmuniWeb is 0.5%, up from 0.3% compared to the previous year. The mindshare of Qualys CyberSecurity Asset Management is 3.7%, up from 0.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Attack Surface Management (ASM)

Featured Reviews

Vivek Ashvinbhai Pancholi

Senior Cybersecurity Consultant at a tech consulting company with 1,001-5,000 employees

Commendable Solution with Robust Vulnerability Detection Mechanism Suitable for Global Market

The solution helped us with one of our clients in the New York area contacted us about a data breach. In response, we swiftly organized a case meeting involving our client, internal, and email customer support teams. Together, we conducted an incident response, facilitating offline assistance for proper planning and risk management processes. We delved into the details of the data breach, identified how it occurred, and collaborated to rectify the issue. The client expressed satisfaction with the resolution process.

Read full review

Scott Frederick

Director of Vulnerability Management at a insurance company with 1,001-5,000 employees

Well-integrated with our vulnerability scanning utilities and efficient in asset tagging and identification

Our favorite features are the tagging and the ability to quickly find assets in the portal. Additionally, I do like the fact that Qualys CSAM is integrated with the rest of our vulnerability scanning utilities. We use the full suite from Qualys. The fact that it is integrated makes it very easy to understand. It shares tagging information with VMDR. That is very nice. Qualys CSAM has discovered assets not previously covered by our vulnerability management program. Primarily, if we have assets without vulnerabilities, they become less visible, but Qualys CSAM alerts us to them because they have IP addresses and are attached to our network. It could discover everything from printers to servers to endpoints. It could discover UPSs, network devices, and across all operating systems. It discovers our security badge readers and digital signage. We have to feed that the IP address ranges, but beyond that, it finds everything in our internal network. We were able to realize its benefits within the first quarter of installing it. We did have to take some time to learn it and understand how to operationally leverage what it was telling us, but it was very quick. In addition to vulnerabilities, Qualys CSAM helps identify other risk factors to a degree. For instance, we can see if servers or assets have incorrect naming standards. We have our network segmented into development model, test, and production, and we have server naming standards that identify which management they should be in. If a production server has the naming standard of a development model server, we can find that. That is one area we have used it for. We are not fully using TruRisk, but we are using the Qualys detection score that is central to our corporate risk prioritization approach. It has completely replaced our homegrown one.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"I like the fully automated continuous discovery run by ImmuniWeb in the background. We do not need to rerun the same tests or the same scanning against our resources. We need to supply our IP addresses, domain names, and significant resources with special domain names and URLs, and we need to do it only once. Then we always have an up-to-date picture. I also like the integration with our single sign-on system. We do not need to maintain a separate set of usernames or user accounts. We can plug this ImmuniWeb service into our authentication technology, enabling two-factor authentication. We have secure authentication right out of the box. The other important feature I like is the executive view. You can easily switch from a technical view to an executive view and have a helicopter view of the compliance status. We can see how much effort is required and our current status."

"ImmuniWeb is stable."

"The initial setup process is user-friendly."

"The solution's most valuable feature is reporting."

"The most valuable features are the SLA of Zero false-positives, less time of service development, validation of unlimited patched vulnerabilities, and several others."

"ImmuniWeb boasts a robust vulnerability detection mechanism, formidable threat mitigation, and an efficient remediation process, incorporating automation techniques and ALM strategies. The solution is highly stable. The solution is scalable. Editing Key Points for Review "Review about ImmuniWeb" What is our primary use case? We use the solution when we face challenges and urgent attention is needed for complex cases from our clients. To address this, we collaborate with the middleware, internal, and client teams to analyze and sort through intricate logs concerning our business cybersecurity program. How has it helped my organization? The solution helped us with one of our clients in the New York area contacted us about a data breach. In response, we swiftly organized a case meeting involving our client, internal, and email customer support teams. Together, we conducted an incident response, facilitating offline assistance for proper planning and risk management processes. We delved into the details of the data breach, identified how it occurred, and collaborated to rectify the issue. The client expressed satisfaction with the resolution process. What is most valuable? ImmuniWeb boasts a robust vulnerability detection mechanism, formidable threat mitigation, and an efficient remediation process, incorporating automation techniques and ALM strategies. It also focuses on consumer satisfaction and operates in English-speaking markets, primarily required by the UAE, the United States, Canada, and Australia, among other developed countries. For how long have I used the solution? We have been using this product for the past one and half years. What do I think about the stability of the solution? The solution is highly stable. I rate it a perfect ten. What do I think about the scalability of the solution? The solution is scalable. I rate it a nine out of ten. How are customer service and support? Support is generally excellent"

"After the assessment, you clearly know which assets require penetration testing."

"My favourite feature of Qualys CyberSecurity Asset Management is its ability to target missing software."

"The scanning results are pretty good, and some insights are quite valuable."

"Tags are very useful for us since we can tag virus applications in infrastructure types such as databases, operating systems, or web platforms."

"The end-of-life and end-of-service software and hardware are some of my favorite features."

"With Qualys CSAM, we can see which assets have critical application vulnerabilities. This feature helps us prioritize and address these vulnerabilities more efficiently."

"There are no stability issues, and I would rate it a ten out of ten."

"I would rate Qualys CSAM a ten out of ten."

"The support is extremely helpful, deserving a 10 out of 10 rating."

More Qualys CyberSecurity Asset Management pros

Cons

"A great idea would be to support using Discovery on the internal network, allowing delivery of all the features of the current Discovery to internal network resources."

"A great idea would be to make a mobile application for the ImmuniWeb portal so that all information would be available on the go and from a mobile phone as well. It would be much more convenient."

"Its technical support could be better."

"The product’s interface for the web applications could be similar to Android and iOS versions."

"The deployment process on the cloud is straightforward, while on-premise can be complex. Support is generally excellent, although there can be delays in ticket resolution."

"It would be better if they had an automated tagging feature. The tagging functionality currently requires manual tagging, and that's probably the most needed feature from my standpoint. We also do not have enough tools, enough features, or options to display different resources in the way we need. There are basic grouping and some filtering features, but we still cannot fully separate some flavors of our resources. However, we may not be aware of the latest features."

"ImmuniWeb sometimes shows previous scans instead of running tests."

"One improvement that they can make in the EASM module is the scan frequency. After EASM is configured the first time, it allows you to do the complete configuration, but if you want to reconfigure it, it will not ask or provide any option for scan frequency. For that, you need to raise a case with Qualys and talk to the Qualys team."

"We have had challenges modifying the agent configuration. Particularly, when we want to change the tenant that the agent is pointing to, we have had difficulties making that reliable and working properly."

"It is automatically exporting the vulnerabilities and the assets. However, it would be useful to have the ability to select or to filter which we would like to export."

"Based on the company's budget, Qualys offers limited features, which can also be utilized in other environments."

"The Qualys CAPS service requires further exploration and improvement, particularly in its handling of protocols and reactivity with MAC and IP addresses for CAP agents."

"The deployment is somewhat complicated and could be made more user-friendly for most users. It is currently not user-friendly for all users. It is good but can be improved. It is a new product, and they are working on it."

"The only minor issue is occasionally being redirected to multiple teams, causing slight delays."

"The scanning function could be improved."

More Qualys CyberSecurity Asset Management cons

Pricing and Cost Advice

"ImmuniWeb is relatively cheap. It's a competitive price compared to other products in the marketplace. It's worth the money we are paying for it."

"It is pretty expensive."

"The values of ImmuniWeb are currently significantly below what is valued in the Chilean market for these services and solutions."

"The platform is expensive if a large development is involved. However, it is less expensive for scheduled-based testing, quarterly or in a year."

"There should be the flexibility to change or add pricing, especially for pay-per-use cases."

"It is pretty expensive."

"I use the product's free version. The tool costs around 229 dollars."

"Qualys offers excellent value for money."

"The pricing for Qualys CSAM is nominal."

"The cost for Qualys CyberSecurity Asset Management is high."

"The pricing is market-competitive."

"The Qualys Cybersecurity Asset Management pricing is well-aligned with our usage."

"The pricing for Qualys Cybersecurity Asset Management is reasonable, with an annual subscription costing around $1,000 per year or a monthly subscription starting at approximately $72 per month, depending on the specific package and features included."

"It is cost-effective because, in a single tool, we are getting everything. All the solutions come in a single license or price."

"Qualys is competitively priced for its features. Its pricing is suitable for large organizations with more than 4,000 assets, but for smaller organizations with few assets, such as banks, the costs might be high. They should come up with packages that are suitable for small organizations."

More Qualys CyberSecurity Asset Management pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Attack Surface Management (ASM) solutions are best for your needs.

See recommendations

865,384 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

19%

Computer Software Company

12%

Comms Service Provider

Media Company

Computer Software Company

17%

Financial Services Firm

15%

Government

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you recommend for a securing Web Application?

In addition to Sitelock and Immuniweb, another option to consider for a 24/7 automated vulnerability monitoring tool to protect web applications is Modshield SB Modshield SB is a web application fi...

See all answers

What do you like most about ImmuniWeb?

ImmuniWeb is stable.

See all answers

What is your experience regarding pricing and costs for ImmuniWeb?

I use the product's free version. The tool costs around 229 dollars.

See all answers

What is your experience regarding pricing and costs for Qualys CyberSecurity Asset Management?

The pricing is reasonable relative to the features provided, as it collects all module data and operates as a main, centralized inventory, making it a cost-effective solution.

See all answers

What needs improvement with Qualys CyberSecurity Asset Management?

Qualys CyberSecurity Asset Management helps us prioritize assets according to operating system, kernel version, installed software, and current version information. The ASM assists with attack surf...

See all answers

What is your primary use case for Qualys CyberSecurity Asset Management?

We are using Qualys CyberSecurity Asset Management for daily activities such as identifying new assets through network scanning and agent-based scanning for newly provisioned assets. When any new a...

See all answers

Comparisons

Acunetix vs ImmuniWeb

Compared 39% of the time

OpenText Core Application Security vs ImmuniWeb

Compared 24% of the time

Qualys Web Application Scanning vs ImmuniWeb

Compared 17% of the time

OWASP Zap vs ImmuniWeb

Compared 10% of the time

PortSwigger Burp Suite Professional vs ImmuniWeb

Compared 9% of the time

More ImmuniWeb Competitors

CrowdStrike Falcon vs Qualys CyberSecurity Asset Management

Compared 11% of the time

Amazon Inspector vs Qualys CyberSecurity Asset Management

Compared 10% of the time

Armis vs Qualys CyberSecurity Asset Management

Compared 8% of the time

Axonius vs Qualys CyberSecurity Asset Management

Compared 8% of the time

Bitsight vs Qualys CyberSecurity Asset Management

Compared 7% of the time

More Qualys CyberSecurity Asset Management Competitors

Product Reports

Buyer's Guide

ImmuniWeb

August 2025

Download ImmuniWeb product report

Buyer's Guide

Qualys CyberSecurity Asset Management

August 2025

Qualys CyberSecurity Asset Management report

Download Qualys CyberSecurity Asset Management product report

Overview

ImmuniWeb is a global application security company operating in over 50 countries, headquartered in Geneva, Switzerland. Most of ImmuniWeb's customers come from regulated industries, such as banking, healthcare, and e-commerce.

ImmuniWeb® AI Platform leverages award-winning AI and Machine Learning technology for acceleration and intelligent automation of Attack Surface Management and Dark Web Monitoring. The data is later leveraged for threat-aware and risk-based Application Penetration Testing for web, mobile, and API security testing. ImmuniWeb is the only company that offers a contractual zero false-positives SLA with a money-back guarantee. ImmuniWeb’s AI technology is a recipient of numerous awards and recognitions, including Gartner Cool Vendor, IDC Innovator, and the winner of “SC Award Europe” in the “Best Usage of Machine Learning and AI” category.

ImmuniWeb® Community Edition runs over 100,000 daily tests, being one of the largest application security communities. ImmuniWeb SA is an ISO 27001 certified and CREST-accredited company.

https://www.immuniweb.com.

ImmuniWeb

Qualys CyberSecurity Asset Management provides advanced real-time asset visibility, dynamic tagging, and External Attack Surface Management. It streamlines asset discovery and management using cloud agents and IP-based scanning, enhancing risk management and software lifecycle tracking.

Qualys CyberSecurity Asset Management offers a comprehensive solution for managing asset inventories and tracking software lifecycle states. It facilitates network visibility and supports zero-day vulnerability solutions, enhancing security posture through efficient monitoring. Users benefit from its cloud-based interface, which provides in-depth asset configurations and insights. Key features include automated vulnerability scanning and unauthorized software management, reducing manual efforts. The platform also emphasizes the importance of timely remediation and ongoing risk mitigation across multiple environments. Despite its strengths, users note the need for enhanced integration with additional CMDBs beyond ServiceNow, as well as cost efficiency improvements. Requests also include better report customization, more scan control, and a simplified UI.

What are the key features of Qualys CyberSecurity Asset Management?

Real-time Visibility: Offers continuous insight into asset status and condition.
Dynamic Tagging: Allows for flexible organization and assessment of assets.
External Attack Surface Management: Identifies potential threats from external sources.
Automated Vulnerability Scanning: Reduces manual scanning efforts and identifies vulnerabilities instantly.
Unauthorized Software Management: Detects and manages software not approved for use.
Asset Purge Rule: Automates the removal of obsolete assets from the inventory.

What benefits should users look for in reviews?

Enhanced Security Posture: Gains stronger defense through effective asset monitoring.
Efficient Risk Management: Identifies threats quickly, enabling timely resolutions.
Improved Compliance: Assists in meeting industry standards and regulations.
Reduced Manual Effort: Automates repetitive tasks, saving time and resources.
Comprehensive Insight: Provides detailed data for informed decision making.

In industries like finance, healthcare, and manufacturing, Qualys CyberSecurity Asset Management enhances asset control by offering visibility into hardware and software configurations. It aids in maintaining security compliance and identifying unauthorized software, crucial for sectors with strict regulatory requirements.

Qualys

Sample Customers

Ebay, United Nations, Next Bank Credit Agricole, Geneva Swiss Bank, Banca Stato, Celgene, SIM University, Heymarket, Swissquote, more...

Information Not Available

Buyer's Guide

ImmuniWeb vs. Qualys CyberSecurity Asset Management

July 2025

Free Report: ImmuniWeb vs. Qualys CyberSecurity Asset Management

Find out what your peers are saying about ImmuniWeb vs. Qualys CyberSecurity Asset Management and other solutions. Updated: July 2025.

DOWNLOAD NOW

865,384 professionals have used our research since 2012.

See our ImmuniWeb vs. Qualys CyberSecurity Asset Management report.

See our list of best Attack Surface Management (ASM) vendors.

We monitor all Attack Surface Management (ASM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.