Tenable vs Qualys

Posted by UpGuard

Tenable vs. Qualys

Continuous security and vulnerability detection—both Tenable and Qualys have built industry-leading suites around these two cybersecurity disciplines. The latter in particular serves as a focal point for both vendors, with Tenable SecurityCenter and Qualys Enterprise going head-to-head for the top slot in the vulnerability management category. Let's see how the two stack up in this comparison.

Though it's become quite fashionable lately to declare perimeter security "dead", the truth of the matter is that firewalls and endpoint security mechanisms remain crucial components of enterprise security. However, they should never stand as lone sentries between the enterprise's IT assets and cyber attackers. The continuous security required for protecting against today's cyber attacks is provided by a myriad of tools and platforms working in conjunction: vulnerability detection, compliance monitoring, security information event management systems (SIEM) / log management system, smart / next-generation firewalls (NGFW), and more. Tenable and Qualys both offer integrated security platforms built around vulnerability detection, layering on additional security mechanisms like malware detection, security analytics, and anomaly detection. 

Monitor your configs now

Tenable

Pehaps best known for its free (for personal use) Nessus vulnerability scanner, Tenable and its SecurityCenter platform offer vulnerability management and security analytics—viewed/managed with a series of pre-built, highly customizable dashboards and reports.

Tenable's user interface.

The Tenable interface. Source: Tenable Network Security / YouTube.com.

SecurityCenter Continuous View (CV) adds additional features for continuous visibility, advanced analytics, real-time metrics, and continuous compliance, among others.

Qualys

Founded in 1999, Qualys is an established name in enterprise security, with a full range of freemium solutions, continuous security platforms, and subscription-based security services. Its flagship platform is the aptly-named Qualys Enterprise, formerly known as QualysGuard.

Qualys Vulnerability Management UI.The Qualys Vulnerability Management UI. Source: Qualys.com

Qualys Enterprise is essentially a continuous security suite of tools for vulnerability management, asset discovery, network security, web app security, threat protection, and compliance monitoring.

Side-by-Side Scoring: Tenable vs. Qualys

1. Capability Set

Both SecurityCenter CV and Qualys Enterprise were designed to be comprehensive continuous security solutions, and both certainly excel in this regard. Qualys Enterprise's asset management capabilities and cloud/web app security features in particular are worth noting, while Tenable SecurityCenter CV's Nessus vulnerability scanner and advanced security analytics are the platform's strong points.

Capability Set

Tenable score_4.png
Qualys score_4.png

2. Ease of Use

Tenable's offering features a streamlined HTML5 interface and intuitive, user friendly navigation elements—a vast improvement from its previous Flash-based implementation.  Similarly, Qualys Enterprise's web-based interface is easy to get up to speed with, but can feel somewhat overmodularized due to the amount of moving, interacting parts in the solution suite.

Ease of Use

Tenable score_5.png
Qualys score_4.png

3. Community Support

Qualys hosts an active community off its corporate website, as does Tenable—in this case, the latter takes the cake for its robust discussion forum. Additionally, Nessus—originally an open source project—commands a legion of loyal followers as one of the most popular and capable vulnerability scanners.

Tenable score_4.png
Qualys score_5.png

4. Release Rate

Tenable SecurityCenter is currently on version 5.2 and has been undergoing regular releases since its inception. Nessus (currently at version 6)—at one point considered the most popular vulnerability scanner in the world—was launched in 1998 and sees full version updates roughly every 2 years.  Qualys' vulnerability scanner and cloud-based  security platform (currently at 8.7) has also undergone regular updates over the years, despite several confusing rebranding and product consolidation efforts.

Release Rate

Tenable score_760.png
Qualys score_570-2-1.png

5. Pricing and Support

As a SaaS-based offering, Qualys Enterprise is sold on an annual subscription basis; pricing in the past has ranged from $295 for small businesses to $1,995 for larger enterprises, depending on the number of endpoints monitored. Tenable SecurityCenter costs upwards of  $20,000 plus annual maintenance—a considerable investment for budget-conscious organizations.

Both vendors offer premium phone, web, and onsite support options, as well as a range of professional services to boot.

 

Pricing and Support

Tenable score_570-2-1.png
Qualys

score_570-2-1.png

6. API and Extensibility

The Qualys API is a non-REST, XML-based interface for integrating custom applications with Qualyscloud security and compliance solutions. In contrast, Tenable SecurityCenter provides a more modern REST API for integrating with other applications or hooking scripting interactions into the SecurityCenter server.

API and Extensibility

Tenable score_570-2-1.png
Qualys score_570-2-1.png

7. 3rd Party Integrations

Both solutions features a broad range of 3rd party integrations and technology partners. Qualys integrates with ServiceNow, BMC, ForeScout, and Splunk, among others, while Tenable's myriad of integrations—including vendors like Cisco, Salesforce. and Airwatch—allow customers to get the most out of their security platform investments.

3rd Party Integrations

Tenable score_570.png
Qualys score_570.png

8. Companies that Use It

Both security solutions are in use by many of the world's most prominent enterprises. Tenable purportedly has more than one million users and over 20,000 enterprise customers worldwide, including the U.S. Department of Defense, Deloitte, Visa, BMW, Adidas, and Microsoft. According to Qualys, more than 60% of the Forbes Global 50 rely on its continuous security solutions, including the likes of Cisco, DuPont, Microsoft, Sabre, and Sony Network Entertainment.

Companies that Use It

Tenable score_570.png
Qualys score_570.png

9. Learning Curve

Both continuous security platforms are relatively easy to learn, mosty due to the solutions' streamlined web interfaces and detailed product documentation.

Learning Curve

Tenable score_570.png
Qualys score_570.png

 

Scoreboard and Summary

  Tenable Qualys
Capability Set score_570.png score_570.png
Ease of Use score_570.png score_570.png
Community Support score_570.png score_570.png
Release Rate score_570.png score_570.png
Pricing and Support score_570.png score_570.png
API and Extensibility score_570.png score_570.png
3rd Party Integrations score_570.png score_570.png
Companies that Use It score_570.png score_570.png
Learning Curve score_570.png score_570.png
Total  4.6 out of 5  4.3 out of 5

Both Qualys Enterprise and Tenable SecurityCenter CV offer continuous cyber protection through an array of layered security tools and services. Qualys sports some impressive asset management capabilities, while Tenable offers advanced security analytics and an industry-leading vulnerability scanner. That said, Tenable can be a challenge for small to mid-range organizations to acquire; as such, budget sensitive firms will certainly find Qualys more managable from a cost perspective.

 

  Get the Digital Resilience eBook

More Articles

Datadog vs. New Relic

Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.

 

 

Cisco vs. FireEye for Continuous Security

Who provides better continuous security: the world's largest maker of networking equipment or the first cybersecurity firm certified by the U.S. Department of Homeland Security?

Read Article >

AlienVault vs. Tenable for Continuous Security

As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.

Read Article 

 

 

 

Topics: vulnerabilities, continuous security

UpGuard customers