Tenable vs Qualys

Last updated by UpGuard on March 4, 2020

scroll down

Continuous security and vulnerability detection—both Tenable and Qualys have built industry-leading suites around these two cybersecurity disciplines. The latter in particular serves as a focal point for both vendors, with Tenable SecurityCenter and Qualys Enterprise going head-to-head for the top slot in the vulnerability management category. Let's see how the two stack up in this comparison.

Though it's become quite fashionable lately to declare perimeter security "dead", the truth of the matter is that firewalls and endpoint security mechanisms remain crucial components of enterprise security. However, they should never stand as lone sentries between the enterprise's IT assets and cyber attackers. The continuous security required for protecting against today's cyber attacks is provided by a myriad of tools and platforms working in conjunction: vulnerability detection, compliance monitoring, security information event management systems (SIEM) / log management system, smart / next-generation firewalls (NGFW), and more. Tenable and Qualys both offer integrated security platforms built around vulnerability detection, layering on additional security mechanisms like malware detection, security analytics, and anomaly detection. 


Perhaps best known for its free (for personal use) Nessus vulnerability scanner, Tenable and its SecurityCenter platform offer vulnerability management and security analytics—viewed/managed with a series of pre-built, highly customizable dashboards and reports.

Tenable's user interface.

The Tenable interface. Source: Tenable Network Security / YouTube.com.

SecurityCenter Continuous View (CV) adds additional features for continuous visibility, advanced analytics, real-time metrics, and continuous compliance, among others.


Founded in 1999, Qualys is an established name in enterprise security, with a full range of freemium solutions, continuous security platforms, and subscription-based security services. Its flagship platform is the aptly-named Qualys Enterprise, formerly known as QualysGuard.

Qualys Vulnerability Management UI.The Qualys Vulnerability Management UI. Source: Qualys.com

Qualys Enterprise is essentially a continuous security suite of tools for vulnerability management, asset discovery, network security, web app security, threat protection, and compliance monitoring.

Side-by-Side Scoring: Tenable vs. Qualys

1. Capability Set

Both SecurityCenter CV and Qualys Enterprise were designed to be comprehensive continuous security solutions, and both certainly excel in this regard. Qualys Enterprise's asset management capabilities and cloud/web app security features in particular are worth noting, while Tenable SecurityCenter CV's Nessus vulnerability scanner and advanced security analytics are the platform's strong points.

Tenable score_4.png
Qualys score_4.png

2. Ease of Use

Tenable's offering features a streamlined HTML5 interface and intuitive, user friendly navigation elements—a vast improvement from its previous Flash-based implementation.  Similarly, Qualys Enterprise's web-based interface is easy to get up to speed with, but can feel somewhat over modularized due to the amount of moving, interacting parts in the solution suite.

Tenable score_5.png
Qualys score_4.png

3. Security Rating

UpGuard's Vendor Risk platform is used by hundreds of companies to automatically monitor their third-party vendors. We ran a quick surface scan on both Tenable and Qualys, and found them in a similar security position. Both companies have similar risks which include:

  • DNS being susceptible to man-in-the-middle attacks
  • Potential for emails to be fraudulently sent from their domain
  • Increased susceptibility to man-in-the-middle attacks
Qualys has a higher risk of domain hijacking, as they do not use domain registry protection. This gives Tenable a slight edge, and a slightly higher rating.
Tenable Tenable Security Rating
Qualys Qualys Security Rating


4. Community Support

Qualys hosts an active community off its corporate website, as does Tenable—in this case, the latter takes the cake for its robust discussion forum. Additionally, Nessus—originally an open source project—commands a legion of loyal followers as one of the most popular and capable vulnerability scanners.

Tenable score_4.png
Qualys score_5.png

5. Release Rate

Tenable SecurityCenter is currently on version 5.2 and has been undergoing regular releases since its inception. Nessus (currently at version 6)—at one point considered the most popular vulnerability scanner in the world—was launched in 1998 and sees full version updates roughly every 2 years.  Qualys' vulnerability scanner and cloud-based  security platform (currently at 8.7) has also undergone regular updates over the years, despite several confusing rebranding and product consolidation efforts.

Tenable score_760.png
Qualys score_570-2-1.png

6. Pricing and Support

As a SaaS-based offering, Qualys Enterprise is sold on an annual subscription basis; pricing in the past has ranged from $295 for small businesses to $1,995 for larger enterprises, depending on the number of endpoints monitored. Tenable SecurityCenter costs upwards of  $20,000 plus annual maintenance—a considerable investment for budget-conscious organizations.

Both vendors offer premium phone, web, and onsite support options, as well as a range of professional services to boot.

Tenable score_570-2-1.png


7. API and Extensibility

The Qualys API is a non-REST, XML-based interface for integrating custom applications with Qualys Cloud security and compliance solutions. In contrast, Tenable SecurityCenter provides a more modern REST API for integrating with other applications or hooking scripting interactions into the SecurityCenter server.

Tenable score_570-2-1.png
Qualys score_570-2-1.png

8. 3rd Party Integrations

Both solutions features a broad range of 3rd party integrations and technology partners. Qualys integrates with ServiceNow, BMC, ForeScout, and Splunk, among others, while Tenable's myriad of integrations—including vendors like Cisco, Salesforce. and Airwatch—allow customers to get the most out of their security platform investments.

Tenable score_570.png
Qualys score_570.png

9. Companies that Use It

Both security solutions are in use by many of the world's most prominent enterprises. Tenable purportedly has more than one million users and over 20,000 enterprise customers worldwide, including the U.S. Department of Defense, Deloitte, Visa, BMW, Adidas, and Microsoft. According to Qualys, more than 60% of the Forbes Global 50 rely on its continuous security solutions, including the likes of Cisco, DuPont, Microsoft, Sabre, and Sony Network Entertainment.

Tenable score_570.png
Qualys score_570.png

10. Learning Curve

Both continuous security platforms are relatively easy to learn, largely due to the solutions' streamlined web interfaces and detailed product documentation.

Tenable score_570.png
Qualys score_570.png


Scoreboard and Summary

  Tenable Qualys
Capability Set score_570.png score_570.png
Ease of Use score_570.png score_570.png
Security Rating 784 / 950 813 / 950
Community Support score_570.png score_570.png
Release Rate score_570.png score_570.png
Pricing and Support score_570.png score_570.png
API and Extensibility score_570.png score_570.png
3rd Party Integrations score_570.png score_570.png
Companies that Use It score_570.png score_570.png
Learning Curve score_570.png score_570.png
Total  4.6  / 5  4.3 / 5


Both Qualys Enterprise and Tenable SecurityCenter CV offer continuous cyber protection through an array of layered security tools and services. Qualys sports some impressive asset management capabilities, while Tenable offers advanced security analytics and an industry-leading vulnerability scanner. That said, Tenable can be a challenge for small to mid-range organizations to acquire; as such, budget sensitive firms will certainly find Qualys more manageable from a cost perspective.

Related posts

Learn more about the latest issues in cybersecurity