Qualys VMDR vs Tenable Nessus comparison

You must select at least 2 products to compare!
Qualys Logo
6,199 views|4,706 comparisons
Tenable Network Security Logo
12,409 views|8,901 comparisons
Comparison Buyer's Guide
Executive Summary
Updated on Sep 20, 2023

We compared Qualys VMDR and Tenable Nessus based on our users reviews in six parameters. After reading the collected data, you can find our conclusion below:

  • Ease of Deployment

    The setup process for Qualys VMDR is quick and uncomplicated, taking only a few minutes. However, setting up Qualys Container Security can be intricate and time-consuming. In contrast, Tenable Nessus is described as straightforward and effortless to set up, taking anywhere from 30 minutes to a couple of hours.

  • Features

    Qualys VMDR is notable for its effective prioritization system, ongoing monitoring, customizable dashboard, and extensive vulnerability overview. On the other hand, Tenable Nessus excels in vulnerability assessment, reporting, and ease of use.

  • Room for Improvement

    Both Qualys VMDR and Tenable Nessus have areas that could be improved. Qualys VMDR could enhance user experience, UI design, SLA tracking, batch prioritization, integration, reporting, and dashboards. On the other hand, Tenable Nessus could improve integration, pricing, user interface, reporting, support, and learning resources.

  • ROI

    Both Qualys VMDR and Tenable Nessus provide valuable returns on investment. Qualys VMDR prioritizes the reduction of cybersecurity risks, while Tenable Nessus places emphasis on proactive vulnerability discovery and patch deployment.

  • Service and Support

    The customer service for Qualys VMDR has received both positive and negative feedback. Some customers appreciate the convenience of reaching out to a global team and the implementation of suggested improvements. However, there are concerns about the response time and the expertise of the support staff. Tenable Nessus also has a mix of reviews. Some customers find the support to be prompt and useful, while others believe that the support team could be more knowledgeable and that the solutions provided are not always effective.

Comparison Results

Based on the reviews, Qualys VMDR and Tenable Nessus have similar initial setup processes that are straightforward and easy. However, Qualys VMDR stands out for its user-friendly setup and maintenance, including automatic agent updates. On the other hand, Tenable Nessus is highly effective in vulnerability assessment and reporting, and is also praised for its affordability and scalability. Qualys VMDR is valued for its prioritization mechanism and comprehensive overview of vulnerabilities, while Tenable Nessus is commended for its real-time monitoring and self-updating engine. Customer service and support for both products have received mixed reviews, with some users finding the support teams responsive and helpful, while others had negative experiences or did not require support.

To learn more, read our detailed Qualys VMDR vs. Tenable Nessus Report (Updated: March 2023).
734,678 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"This solution gives us insight into our environment and improves our security. It helps us to maintain a good patching system whereby we know that XYZ is vulnerable within the system.""It is a stable solution.""The biggest benefit is from a security operations perspective, where we are able to drive our security posture upwards by remediating any discovered vulnerabilities.""I find Qualys VM very robust, and it's very useful for vulnerability management and patch management. The value that it brings to my environment is economies of scale. There is no limitation on adding any endpoints. You go by the rule, and it's added once another endpoint is added to our environment. It's automatically installed, and it's less work from our end. It frees up my license automatically if I don't need an endpoint or if my machine is decommissioned. I like the dashboard displays because I don't see any duplication. The most important part is vulnerability management and prioritization. Unlike Symantec, it shows the kind of vulnerability I would want to patch first. It provides a holistic view of the kind of vulnerabilities and the ones I should remediate first. I don't have to do a scan; it just brings up those critical kinds of vulnerabilities like zero-day vulnerabilities and tells me to prioritize them. You have to prioritize these vulnerabilities first and go on with the rest. The dashboard shows me the ones that have been fixed, so I don't have to complete an aging report. The user experience and the graphical interface are good. As it's user-friendly and understandable on an executive level, it brings real value. We also use this solution because it's robust and flexibile.""Provides great functionality.""It's stable and quite reliable.""I find the solution's dashboard interesting...The response time is fine. You can pull up reports without dragging or consuming bandwidth.""It's really beneficial for scanning and interacting with the agent."

More Qualys VMDR Pros →

"Security is the key number because it can start to scan with a few clicks instead of credits, which is a bit complicated. So simplicity is the first advantage. Then the generated reports are well done and easy to present to management. The quality of the scan is quite good in detecting the severity. The solution has simplicity. Also, it has frequent updates so that is also a valuable feature.""The vulnerability scanner is the most valuable feature.""The scanning capabilities are most valuable when compared to Nessus.""The most valuable feature of Tenable Nessus is real-time monitoring.""It is easy to deploy and easy to use. Its reporting is good. From this reporting, you can see the pain point in your network, which makes it easy to fix them. It is easy to understand the reports and export them.""The solution can scale well.""The most valuable feature is the installation of Tenable which is incredibly easy.""It's scalable."

More Tenable Nessus Pros →

"Qualys Container Security can improve the interface. It could be easier to navigate and be enriched.""Qualys VM could improve by having more skilled support personnel.""The reporting and dashboards could improve in Qualys VM. However, they have improved since the previous versions.""There needs to be better documentation.""Qualys currently does not have any features for scanning SCADA, IoT, and Industrial Control Systems.""The reporting and the GUI need improvements.""They're still evolving their platform in terms of reporting capabilities.""Qualys VM's scanner doesn't pick up every vulnerability, so we have to use multiple scanners to cover that gap."

More Qualys VMDR Cons →

"Technically, it is an excellent and the best solution available in Libya. My only concern is related to its pricing. They are an emerging company in Libya, and they need to put in some effort to provide us with very good prices so that customers can go with the best solution. Chinese companies are getting into the market here, and they're providing very cheap solutions.""You can scale Nessus to the extent that you can afford it. You need to have a license for every device you scan. As long as you can afford the increased costs, you won't have a problem scaling it.""The interface is a little bit clunky, and the reporting is not marvelous. There should be better integration of reporting between instances. Currently, the instance stands alone, and it produces a report. Being able to amalgamate those reports with another instance will be useful.""There could be an integration between Tenable Nessus and other Tenable products. It will help us manage all the solutions using one dashboard.""They have added a new Tenable Nessus Expert. That is their new product, which caters to the cloud and everything else. I am assuming that the new features and product enhancements are based on that tool set, but we haven't reviewed it yet.""The price and scalability of the solution could improve.""Tenable Nessus application device assessment is one of the top tools. However, in the application security assessment, there are other tools that provide better, and more accurate findings.""It would be a good idea if they have a simulation of attacks or a use case for finding a new vulnerability or dealing with a zero-day attack."

More Tenable Nessus Cons →

Pricing and Cost Advice
  • "Qualys Virtual Scanner Appliance isn't expensive right now. But the price for their product bundles could be better."
  • "I used to work there, so I never paid for the product. As an employee, we get a lifetime license for personal use, and that's what I'm using. It is a comprehensive platform, so there is a lot more to it. There could be other solutions that are probably a little bit cheaper, but it depends on what people need. Different people have different needs. It offers many things on the same platform. If you add all the things up, it should be cheaper, but I have not done any analysis specifically."
  • "There is a license for the use of this solution. We pay annually instead of monthly to receive a better discount on the price."
  • "Qualys VM is better suited for medium to large companies because the price can be too much for smaller customers."
  • "There are no additional fees in addition to the standard licensing fees."
  • "An annual license for a single scanner costs around $3,000."
  • "Qualys VM is quite expensive. It's a subscription-based license, and it's yearly. Right now, it's open for me, and I don't have any limitations or caps on the licenses. They are seeing if the product is viable for 4500 users. I can add as much as I want, and at the end of the subscription, they'll let me know how many licenses were actually used and bill me accordingly. On a scale from one to five, I would give their pricing a three. It's still expensive."
  • "Qualys is a pay-as-you-go model, so there's flexibility to the pricing."
  • More Qualys VMDR Pricing and Cost Advice →

  • "One problem with Tenable is its pricing policy. Optimal results can be achieved with Greenbone Solutions which has much more friendly pricing policies."
  • "The solution has free options."
  • "There is an annual license required to use this solution."
  • "While Tenable Nessus is a good enterprise solution, the high price would likely make it prohibitive to smaller organizations."
  • "This solution is affordable."
  • "Its pricing is great and can't be improved. It is very cheap. It is less than 2,000 pounds a license, and you can't really ask for more. It has unlimited IPs and unlimited scans. There are no particular pricing constraints. The only additional cost is the inherent cost of the people to actually review the actual scans."
  • "Tenable Nessus needs to be licensed. We own a license for the security center and that license is charged by the number of IP addresses that you can scan. You're allowed to have as many scanners as you want and there's no license for the number of scanners. We have a bunch of Nessus scanners out there, and as long as we're comfortable with staying under that IP address limit, that's really all we have to be concerned about."
  • "The cost is around $4,300 per year. Use is unlimited. You don't pay more if you want to use it for another IP."
  • More Tenable Nessus Pricing and Cost Advice →

    Use our free recommendation engine to learn which Risk-Based Vulnerability Management solutions are best for your needs.
    734,678 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Qualys VM is used for vulnerability scans for the internet and applications using application exchange. There are many applications. We also use the solution for asset management per team, and the… more »
    Top Answer:The thing I like most about Tenable Nessus is its ease of use. I also like that it has highly customizable scans. Compared to other tools I have used in the past, Nessus has more plugins/add-ons… more »
    Top Answer:Hi Yao, The two products are totally different solutions. Pentera is an Automated Penetration Testing platform acting as a pentester in your environment while Qualys VMDR is a Vulnerability… more »
    Top Answer:You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. You can easily prioritize vulnerabilities using attacker analytics. Overall, Rapid7… more »
    Top Answer: Tenable Nessus is a vulnerability assessment solution that is both easy to deploy and easy to manage. The design of the program is such that if a company should desire to handle the installation… more »
    Top Answer:The product's most valuable features are vulnerability and asset management. It can define the rules and validate the configuration.
    Average Words per Review
    Average Words per Review
    Also Known As
    Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security, Qualys Virtual Scanner Appliance
    Learn More

    With VMDR, enterprises are empowered with visibility and insight into cyber risk exposure - making it easy to prioritize vulnerabilities, assets, or groups of assets based on business risk. Security teams can take action to mitigate risk, helping the business measure its true risk, and track risk reduction over time.

    Qualys VMDR offers an all-inclusive risk-based vulnerability management solution to prioritize vulnerabilities and assets based on risk and business criticality. VMDR seamlessly integrates with configuration management databases (CMDB) and patch management solutions to quickly discover, prioritize, and automatically remediate vulnerabilities at scale to reduce risk. Additionally, it integrates with ITSM solutions such as ServiceNow to automate and operationalize vulnerability management end-to-end.

    Get an all-Inclusive risk-based vulnerability management solution that prioritizes vulnerabilities, misconfigurations and assets based on risk, reduces risk by remediating vulnerabilities at scale, and helps organizations measure security program effectiveness by tracking risk reduction over time.

    Tenable Nessus is a vulnerability management solution that aims to empower organizations to be aware of threats that both they and their customers face. It is the most deployed scanner in the vulnerability management industry. Organizations that use this product have access to the largest continuously updated global library of vulnerability and configuration checks. They can stay ahead of threats that Tenable Nessus’s competitors may be unable to spot. Additionally, Tenable Nessus supports a greater number of technologies than its competitors.

    Tenable Nessus Benefits

    Some of the ways that organizations can benefit by deploying Tenable Nessus include:

    • Ease of use. Tenable Nessus is designed with security administrators in mind. It is built so that users can manipulate it intuitively without having to undergo special systems training. Users can create security policies with the greatest level of ease and can initiate scans of their entire networks with only a few clicks.
    • Support and resources. Tenable Nessus has both a support system of clarification resources and technical support for users to rely on. The solution has a resource center that contains guides and tips that can clarify things that confuse users and can aid them in gaining the maximum level of value. Additionally, users can reach out to Tenable Nessus’s technical support team, which is available around the clock and is reachable via a number of methods. This makes it simple for users to get help if they need it.
    • Reduction of threat vectors. Tenable Nessus provides users with the ability to reduce the number of potential threat vectors that a hacker can exploit. It enables users to find where the vulnerabilities in their networks are so their security won’t be compromised. They can then quickly address those weak points and head off issues before any have the chance to arise.

    Tenable Nessus Features

    • Report customization. Tenable Nessus enables users to customize the security reports that their system produces. They are able to set Tenable Nessus to generate reports that contain the information that is most relevant to their business objectives. Users can also utilize these report customization capabilities to customize the formats of their reports.
    • Vulnerability triage capability. Included in the Tenable Nessus security suite is a feature that enables users to conduct a triage of their vulnerabilities. The solution can apply one of five ratings to vulnerabilities that it detects. This makes it possible for organizations to work on addressing issues by order of severity.
    • Scaling. Tenable Nessus can scale to meet an organization’s needs by migrating the network that it is connected to, to other Tenable solutions. Users can scale up their systems as their security demands increase. It is capable of reaching hundreds of thousands of systems.

    Reviews from Real Users

    Tenable Nessus is a solution that stands out when compared to many of its competitors. Two major advantages it offers are its ease of use and its vulnerability scanning feature.

    Rallis F., the principal security architect at a technology vendor, writes, “The ease of use is the primary valuable feature. This specific version is very straightforward. I like the ability to modify it and configure it based on the different policies.”

    Sandip D., a cyber security expert at Birlasoft India Ltd, writes, “The vulnerability scanner is the most valuable feature. It's an important feature for us. We use the plugin output for that. It shows us the exact version of Nessus and what is needed for remediation. Based on that, we decide what should be remediated first to get the best result for security.”

    Learn more about Qualys VMDR
    Learn more about Tenable Nessus
    Sample Customers
    Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx
    Bitbrains, Tesla, Just Eat, Crosskey Banking Solutions, Covenant Health, Youngstown State University
    Top Industries
    Financial Services Firm19%
    Comms Service Provider16%
    Manufacturing Company14%
    Transportation Company12%
    Educational Organization33%
    Computer Software Company12%
    Financial Services Firm10%
    Manufacturing Company5%
    Computer Software Company14%
    Financial Services Firm12%
    Manufacturing Company10%
    Security Firm10%
    Educational Organization33%
    Computer Software Company11%
    Financial Services Firm7%
    Company Size
    Small Business19%
    Midsize Enterprise14%
    Large Enterprise68%
    Small Business15%
    Midsize Enterprise41%
    Large Enterprise43%
    Small Business39%
    Midsize Enterprise23%
    Large Enterprise38%
    Small Business17%
    Midsize Enterprise40%
    Large Enterprise43%
    Buyer's Guide
    Qualys VMDR vs. Tenable Nessus
    March 2023
    Find out what your peers are saying about Qualys VMDR vs. Tenable Nessus and other solutions. Updated: March 2023.
    734,678 professionals have used our research since 2012.

    Qualys VMDR is ranked 3rd in Risk-Based Vulnerability Management with 33 reviews while Tenable Nessus is ranked 3rd in Vulnerability Management with 45 reviews. Qualys VMDR is rated 8.0, while Tenable Nessus is rated 8.4. The top reviewer of Qualys VMDR writes "Excellent continuous monitoring, helpful technical support, easy to scale, and simple to install". On the other hand, the top reviewer of Tenable Nessus writes "Reasonably priced, reliable, and flexible". Qualys VMDR is most compared with Tenable Security Center, Rapid7 InsightVM, Microsoft Defender for Cloud Apps, Tenable Vulnerability Management and Pentera, whereas Tenable Nessus is most compared with Rapid7 InsightVM, Tenable Security Center, Tenable Vulnerability Management, Pentera and Rapid7 Metasploit. See our Qualys VMDR vs. Tenable Nessus report.

    We monitor all Risk-Based Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.