We compared Qualys VMDR and Tenable Nessus based on our users reviews in six parameters. After reading the collected data, you can find our conclusion below:
The setup process for Qualys VMDR is quick and uncomplicated, taking only a few minutes. However, setting up Qualys Container Security can be intricate and time-consuming. In contrast, Tenable Nessus is described as straightforward and effortless to set up, taking anywhere from 30 minutes to a couple of hours.
Qualys VMDR is notable for its effective prioritization system, ongoing monitoring, customizable dashboard, and extensive vulnerability overview. On the other hand, Tenable Nessus excels in vulnerability assessment, reporting, and ease of use.
Both Qualys VMDR and Tenable Nessus have areas that could be improved. Qualys VMDR could enhance user experience, UI design, SLA tracking, batch prioritization, integration, reporting, and dashboards. On the other hand, Tenable Nessus could improve integration, pricing, user interface, reporting, support, and learning resources.
Both Qualys VMDR and Tenable Nessus provide valuable returns on investment. Qualys VMDR prioritizes the reduction of cybersecurity risks, while Tenable Nessus places emphasis on proactive vulnerability discovery and patch deployment.
The customer service for Qualys VMDR has received both positive and negative feedback. Some customers appreciate the convenience of reaching out to a global team and the implementation of suggested improvements. However, there are concerns about the response time and the expertise of the support staff. Tenable Nessus also has a mix of reviews. Some customers find the support to be prompt and useful, while others believe that the support team could be more knowledgeable and that the solutions provided are not always effective.
Comparison Results
Based on the reviews, Qualys VMDR and Tenable Nessus have similar initial setup processes that are straightforward and easy. However, Qualys VMDR stands out for its user-friendly setup and maintenance, including automatic agent updates. On the other hand, Tenable Nessus is highly effective in vulnerability assessment and reporting, and is also praised for its affordability and scalability. Qualys VMDR is valued for its prioritization mechanism and comprehensive overview of vulnerabilities, while Tenable Nessus is commended for its real-time monitoring and self-updating engine. Customer service and support for both products have received mixed reviews, with some users finding the support teams responsive and helpful, while others had negative experiences or did not require support.
"The biggest benefit is from a security operations perspective, where we are able to drive our security posture upwards by remediating any discovered vulnerabilities."
"It is a stable solution."
"The most valuable features of Qualys VM are its ability to do proper vulnerability assessment. It has a lot of updates for all the vulnerability databases from all over the globe. It's an amazing solution when it comes to the versatility of the features it has. Additionally, the reports are very good. It generates very detailed reports about the vulnerabilities inside the environment"
"The integrations for this solution are very good. I use a different product for virtual patching of vulnerabilities and Qualys integrates well with that product."
"I like Qualys because it is a very complete product, more so than Tenable."
"Performs automated, regular scans in the network."
"It is a simple solution that makes scanning easy. You just give it a scheduled task, and it will do everything for you."
"It is very easy to use and there are lots of options. We can usually easily go through it and all of the things we want to configure, and we can configure everything to our specifications very easily."
"Tenable Nessus is cheap and flexible."
"Easy to set up vulnerability scanner with good stability and a responsive technical support team."
"It's scalable."
"Tenable Nessus is one of the best vulnerability assessment tools, that I know."
"My favorite part about Nessus is that you can customize the tool to scan exactly what you want. Microsoft releases new patches monthly on Patch Tuesday, and a lot of companies track that date. I set up Nessus for the day after Patch Tuesday to see which devices have already pushed those updates from Microsoft, so we can stay updated."
"We have done code scanning for a long period because as a company, we do DevOps as part of our development life cycle."
"The most valuable feature of Tenable Nessus is vulnerability detection."
"The results are not that bad, but the key selling point is that it is an affordable tool set."
"The reporting in this solution can be improved."
"When tested on Zero day, there were errors."
"There seems to be a lack of easy onboarding into Qualys."
"I would like to see this solution more developed and competitive in the Cloud space."
"The IoT scan is not great."
"Qualys Container Security can improve the interface. It could be easier to navigate and be enriched."
"Some of the older features could be polished instead of focusing on releasing new features."
"It is a struggle to be able to pull our report and to be able to do onboarding using automated tools."
"Scans aren't done properly and some devices aren't pinged."
"We use credentialed scans. They need more permissions and more changes or settings on Windows and Linux."
"Tenable Nessus application device assessment is one of the top tools. However, in the application security assessment, there are other tools that provide better, and more accurate findings."
"Tenable Nessus could improve reporting and information sharing. It would be helpful if we could share the reports and have a little bit better flexibility in the reporting of the data."
"There should be a possibility to install agents on scanned machines. Tenable IO provides the capability of using local agents to check local problems, but this feature is not there in Tenable Nessus Professional. It would be nice to have something similar in Tenable Nessus Professional. We should have the capability to use local agents installed on the machines to locally check a problem."
"There is room, overall, for improvement in the way it groups the workstations and the way it detects, when the vulnerability is scanned. Even when we would run a new scan, if it was an already existing vulnerability, it wouldn't put a new date on it."
"It would be a good idea if they have a simulation of attacks or a use case for finding a new vulnerability or dealing with a zero-day attack."
"The solution should be able to support more devices."
Qualys VMDR is ranked 3rd in Risk-Based Vulnerability Management with 77 reviews while Tenable Nessus is ranked 3rd in Vulnerability Management with 75 reviews. Qualys VMDR is rated 8.2, while Tenable Nessus is rated 8.4. The top reviewer of Qualys VMDR writes "Good visibility but expensive and needs better support". On the other hand, the top reviewer of Tenable Nessus writes "Unlimited assets for one price and quick, agentless results". Qualys VMDR is most compared with Tenable Security Center, Rapid7 InsightVM, Microsoft Defender Vulnerability Management, Tenable Vulnerability Management and Microsoft Defender for Cloud Apps, whereas Tenable Nessus is most compared with Rapid7 InsightVM, Tenable Security Center, Tenable Vulnerability Management, Pentera and Microsoft Defender Vulnerability Management. See our Qualys VMDR vs. Tenable Nessus report.
We monitor all Risk-Based Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.