No more typing reviews! Try our Samantha, our new voice AI agent.

PortSwigger Burp Suite Enterprise Edition vs Qualys CyberSecurity Asset Management comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Feb 8, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Vulnerability Management
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
PortSwigger Burp Suite Ente...
Ranking in Vulnerability Management
41st
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
12
Ranking in other categories
Dynamic Application Security Testing (DAST) (8th)
Qualys CyberSecurity Asset ...
Ranking in Vulnerability Management
6th
Average Rating
9.0
Reviews Sentiment
7.0
Number of Reviews
35
Ranking in other categories
Patch Management (4th), Cyber Asset Attack Surface Management (CAASM) (3rd), Attack Surface Management (ASM) (3rd), Software Supply Chain Security (2nd)
 

Mindshare comparison

As of July 2026, in the Vulnerability Management category, the mindshare of Qualys TotalCloud is 1.1%, up from 1.0% compared to the previous year. The mindshare of PortSwigger Burp Suite Enterprise Edition is 1.1%, up from 0.9% compared to the previous year. The mindshare of Qualys CyberSecurity Asset Management is 1.4%, up from 0.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Qualys CyberSecurity Asset Management1.4%
Qualys TotalCloud1.1%
PortSwigger Burp Suite Enterprise Edition1.1%
Other96.4%
Vulnerability Management
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
OB
Studiant at Edifixio
Enables time-saving automated scanning and brute force attacks
The most appreciated functionality of PortSwigger Burp Suite is its ability to perform brute force attacks automatically. Its automated scanning feature saves time. Additionally, using this tool provides significant security insights, making our testing process more efficient and comprehensive, leading to considerable time savings, which in turn translates to financial benefits.
Nicki Møller - PeerSpot reviewer
Information Security Engineer at a manufacturing company with 5,001-10,000 employees
Enables automation and quick access to necessary information
One of the significant challenges Qualys is discovery, which I know Microsoft excels at. I can't recall how well Qualys performs this function; it seems I might be missing some details. However, if there's one key aspect to focus on, it's discovery—the ability to identify assets that you are not aware of, even when you can see they are present. Understanding what those assets are is crucial. With Qualys CyberSecurity Asset Management, it was very difficult to extract detections from the system. The features within Qualys are limited to what they have developed. Sometimes a complete overview is needed to push to a Power BI dashboard, Splunk, ServiceNow, or other platforms. The export process is incredibly challenging. We needed a developer to write a hundred-line Python script that would loop over certain assets due to export limitations. Qualys CyberSecurity Asset Management could improve its integration capabilities. While it generates substantial data, correlating it with other data sources can be challenging. The export process is difficult, and pre-built integrations with other tools could be enhanced for better process implementation.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Qualys TotalCloud has significantly improved our organization by automating our reporting processes, reducing the time spent on report creation from two hours to less than fifteen to twenty minutes."
"While automatic inventory detection upon connection is a helpful feature, a truly valuable capability would be assessing an environment's security posture against Azure and CIS best practices."
"If I had to say something positive about the product that brings me the biggest benefit, I would say it has accurate reports, gets new update CVEs, zero-day attack detection, and is easy to manage with its GUI."
"Qualys TotalCloud provides a single, prioritized view based on requirements such as identifying the most vulnerable assets and calculating the average time to remediate vulnerabilities."
"Qualys TotalCloud is an excellent platform, and the beauty of the platform is that we can get all the vulnerabilities, see all the reports in a single dashboard, view them segregated, and easily learn about critical, high, and medium findings with appropriately provided remediation steps."
"I appreciate Qualys TotalCloud's ability to onboard any type of device with ease, including containers."
"The most valuable feature of Qualys TotalCloud is the visibility it provides."
"The most valuable feature is the consolidated information that it provides from various platforms."
"The most valuable part is that a beginner can run those scans and the V scanning of that particular vulnerability."
"The product is easy to use."
"We are in the early stage of using the solution making it difficult to fully determine the best features. However, we have noticed the CMDB and device discovery features look valuable at this time."
"Parallel scans can be done with PortSwigger Burp Suite Enterprise Edition."
"The tool is loaded with many features that give us ROI."
"The product's initial setup phase was super easy."
"This tool helps identify vulnerabilities. We then provide the report to the developers, who address the issues identified automatically. Its most valuable feature is CI/CD integration."
"The most valuable features of PortSwigger Burp Suite Enterprise Edition are the vast amount of options and ease of use. They frequently improve the solution every six months to a year. Additionally, if we want any more features we can upload a custom script to meet our needs."
"Qualys CyberSecurity Asset Management offers valuable features such as continuous vendor support, rapid response times, dedicated vendor partnerships, and advanced technical capabilities for risk identification."
"ESAM covers the entire attack surface, discovers more, and provides complete details about the assets, such as the external interface and internal interface, correlating them so we get the complete details of the assets, which were not given by the other solution."
"I would rate Qualys CSAM a ten out of ten."
"Authorized and unauthorized software visibility is the best feature for me. It helps me understand security controls on our network and where we lack visibility. With a single security tool, we are able to get an extensive list."
"When you implement a dynamic tag using a query, you do not need to manually tag all the servers. It categorizes all the servers that come under that query. The tagging part is automatically done within a few minutes. It reduces the effort."
"The support has been excellent; they are responsive and effectively bring in the appropriate resources to help solve problems."
"I would rate the Qualys CSAM a ten out of ten for its overall performance."
"There are no stability issues, and I would rate it a ten out of ten."
 

Cons

"Qualys's ticketing system can be confusing when assigning tasks to individuals, and support could be improved by offering instant call solutions with engineers in addition to ticket replies."
"Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names."
"The downside is only in container security, but it has not been a long time since they introduced these models."
"The response part of the Cloud Detection and Response (CDR) module can be improved."
"To improve the user experience, reporting could be simplified for better comprehension by end users and project managers, facilitating issue resolution."
"The vulnerability part is good, but the policy compliance module needs improvement because it involves a lot of manual work. Specifically, the remediation part of the controls requires enhancements."
"There should be improvement from a dashboard perspective when collecting and showcasing data to lead management."
"Qualys TotalCloud's increasing complexity, due to the development and deployment of multiple solutions, is making the GUI difficult to navigate."
"The solution is a bit expensive."
"Scalability could be better."
"The implementation of the solution is quite complicated and could be easier."
"The stability is a big issue. So many times the scans fail."
"From my personal experience, the solution's performance could be improved."
"It would be better if the solution is cloud-based."
"The stability of the scans could be improved."
"The cost per license per user could be cheaper, specifically for individual licensing."
"In the best practice for categorizing assets with the C-SAM module in Qualys CyberSecurity Asset Management, I see potential for improvement with integration of other CMDB systems in creating a relationship with Qualys and other solutions."
"The UI and menu navigation has improved significantly, however, the menus could still be clunky, making navigation within the assets challenging."
"The product stability has notably declined over the last two months, and the performance to fulfill a page request is very slow compared to its previous performance."
"With Qualys CyberSecurity Asset Management, it was very difficult to extract detections from the system."
"Qualys CyberSecurity Asset Management is moderately good, while Rapid7 is slightly much better."
"In our reporting, we faced a challenge syncing with cloud devices."
"The UI needs improvement as it can become overwhelming after prolonged use."
"We've received very poor guidance from them, especially after learning several things we need to fix during the Qualys conference."
 

Pricing and Cost Advice

"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."
"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."
"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"TotalCloud's price is about right where I would expect it to be."
"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
"For Professional, it's about $400 per year."
"PortSwigger Burp Suite Enterprise Edition is expensive compared to other solutions."
"PortSwigger Burp Suite Enterprise Edition is neither a cheap nor an expensive product. PortSwigger Burp Suite Enterprise Edition is a good tool for companies."
"The tool's pricing is reasonable and costs around 400 dollars per year."
"Although the solution can be a bit expensive for small companies, its pricing is fairly reasonable for its capabilities."
"Qualys offers excellent value for money."
"The cost for Qualys CyberSecurity Asset Management is high."
"It is cost-effective because, in a single tool, we are getting everything. All the solutions come in a single license or price."
"The pricing is market-competitive."
"Though the solution is considered expensive, if bundled with other services such as VMDR or cloud agents, its value would significantly increase. It is currently a bit costly, but with bundling, it could become attractive to more customers."
"The Qualys Cybersecurity Asset Management pricing is well-aligned with our usage."
"The pricing is fair. I would love to see the price come down a little bit, but we do get a lot of value out of it. We are squeezing every ounce of value we can out of the tool."
"The pricing for Qualys Cybersecurity Asset Management is reasonable, with an annual subscription costing around $1,000 per year or a monthly subscription starting at approximately $72 per month, depending on the specific package and features included."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Financial Services Firm
19%
Computer Software Company
7%
Construction Company
6%
Manufacturing Company
6%
Financial Services Firm
15%
Computer Software Company
9%
Manufacturing Company
8%
Comms Service Provider
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise2
Large Enterprise7
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise2
Large Enterprise23
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What is your experience regarding pricing and costs for PortSwigger Burp Suite Enterprise Edition?
I am using the Community Edition, which is free, however, I understand there might be extra expenses for additional f...
What needs improvement with PortSwigger Burp Suite Enterprise Edition?
It would be beneficial if Burp Suite provided predefined payloads for each attack category, such as SQL injection and...
What is your primary use case for PortSwigger Burp Suite Enterprise Edition?
I work with security testing tools for SaaS, focusing on static application security testing and using tools like Bur...
What needs improvement with Qualys CyberSecurity Asset Management?
I think the one thing Qualys CyberSecurity Asset Management can do better is the package management and the updating ...
What is your primary use case for Qualys CyberSecurity Asset Management?
I primarily use it for a small, single-site, multi-source setup with multi-WAN inputs. I have a main fiber connection...
 

Also Known As

Qualys TotalCloud with FlexScan
No data available
No data available
 

Overview

 

Sample Customers

Information Not Available
Nasa, Disney, Dow Jones, Iberia Bank, IBM, Ernest and Young, Apple, Ryanair, Thyssenkrupp, Delivery Hero
Information Not Available
Find out what your peers are saying about PortSwigger Burp Suite Enterprise Edition vs. Qualys CyberSecurity Asset Management and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.