The thing I like most about Tenable Nessus is its ease of use. I also like that it has highly customizable scans. Compared to other tools I have used in the past, Nessus has more plugins/add-ons, tests, and templates. In addition to being easy to set up, it provides you with the ability to safely migrate applications to the cloud. Tenable Nessus scales well with good VPR scores too, and so far I haven’t experienced any challenges. Another feature I really like about it is the plug-in text information, which I find to be quite useful. Overall, from what I can tell, the solution is also very stable and fast. One downside is that I feel the technical support has been quite disappointing.
Qualys VM is excellent. It successfully provides continuous monitoring, it is simple to install, easy to maintain, good for scaling, and has very helpful technical support. Qualys VM also includes asset tagging and asset grouping, which I really like. Their dashboard is also flexible, allowing you to customize it any way you need to. While Qualys VM is a great solution and is reasonably steady, it also has a lot of room for improvement. Although their dashboard is customizable, it would be better if it had different tabs that allowed you to see trending vulnerabilities so that the trend analysis is easier. It does not have any features for scanning SCADA, Industrial Control Systems, and IoT. And the solution itself is pretty generic and could benefit from the addition of more assets.
Conclusion: Tenable Nessus was the right choice for me because it fulfilled my business requirements, but also because I felt Qualys VM still has a long way to go.