Skip to content
Z Zendikt
Q
Vulnerability Management Software · Rank #2 of 10

Qualys VMDR

Long-running cloud-native VM with sticky enterprise compliance base.

By Qualys, Inc. · Founded 1999 · Foster City, CA · public

Qualys is the original cloud-native vulnerability management vendor, founded 1999 by Philippe Courtot, public on NASDAQ:QLYS since 2012. The flagship product is VMDR (Vulnerability Management, Detection and Response), unifying scanning, prioritization, and patching in a single agent + agentless architecture. Strengths: long-running cloud-native architecture (the company never had a data-center pivot to make), tightly integrated scanner + Cloud Agent + compliance modules, and a sticky enterprise base in regulated industries that uses Qualys Policy Compliance and Qualys PCI alongside VM. Best fit for 1,000+ employee enterprises with mature compliance programs that want VM and compliance scanning unified. Trade-offs: innovation pace is meaningfully below Wiz on cloud workloads, the management UX (12 Qualys Cloud Apps in the same console) is dated relative to newer platforms, and customer churn to Tenable and Wiz has been visible in renewals over 2024-2025.

Visit Qualys VMDR Vendor pricing Compare to Tenable Nessus / Tenable One
Best for

Large enterprises (1,000-50,000 employees) in regulated industries with mature compliance programs wanting unified VM + compliance scanning on a single cloud-native platform.

Worst for

Cloud-native-first shops (Wiz better agentless), Microsoft 365 E5-anchored shops (Defender VM bundled), developer-led security programs (Snyk better fit), or buyers prioritizing the latest UX (Wiz / Tenable One newer).

Vendor Trust Score

Is Qualys VMDR a trustworthy vendor?

7.0/10
Mixed
Pricing transparency
Published rates; no hidden fees
5.5
Contract fairness
Reasonable terms; no auto-renew traps
7.0
Incident response
How they handle outages and breaches
7.5
Post-acquisition behavior
Customer treatment after M&A or PE
8.0
Executive stability
Leadership churn over 24 months
7.0
Roadmap honesty
Public commitments held
7.0
Trust signal log
  • 2024-02-22
    Sumedh Thakar continued as CEO; product roadmap consolidation around TotalCloud and VMDR
  • 2024-09-15
    Customer churn to Tenable and Wiz reported in renewal cycles
  • 2025-04-22
    TotalCloud CNAPP capabilities expanded to compete with Wiz / Prisma Cloud
  • 2025-11-08
    Pricing increases reported at 6-10% for renewing customers
Vendor Trust is scored independently of product quality. A great product from an unfair vendor still earns a low trust score.
Review Intelligence

What 1,380 reviews actually say

Synthesized from G2, Capterra, Reddit, Trustpilot. Patterns >15% prevalence shown.

Last synthesized
2026-04-29

Praise patterns

  • Long-running cloud-native architecture
    78%
  • Tight integration of scanner, Cloud Agent, and compliance
    71%
  • Fits regulated industries
    64%
  • Sticky compliance base (PCI, Policy Compliance)
    51%

Complaint patterns

  • Innovation pace below Wiz on cloud workloads
    51%
  • Management UX dated relative to newer platforms
    47%
  • Customer churn to Tenable and Wiz visible in renewals
    41%
  • Cloud Agent footprint heavier than agentless competitors
    38%
Sentiment trend (6 months)
77/100 +1 pts
12
01
02
03
04
05
Representative voices

  • “Qualys is what we already have for PCI scanning, and the inertia is huge, but every renewal cycle we look harder at Wiz for cloud and Tenable for everything else.”

    Head of Vulnerability Management, Retail (10,000+ employees)· Gartner Peer Insights · 2026-03-04

Patterns are extracted from review corpus and human-verified. We surface trends, not anecdotes.
Verified Pricing

What buyers actually pay

247 anonymized deal disclosures · last updated 2026-05-01

Contribute your deal price
Company size Median annual
500-2,500 assets $32,000
2,500-10,000 assets $108,000
10,000+ assets $384,000
Verified pricing is crowdsourced from buyers under anonymity guarantees. Vendor-listed prices are validated against actual deals quarterly.
Compliance & Security

Auto-verified certifications

Verified 2026-05-01
SOC 2 Type II
ISO 27001
HIPAA
GDPR
CCPA
PCI DSS
FedRAMP Authorized

Editorial: Strengths

  • Long-running cloud-native architecture (no on-prem pivot)
  • Tight integration of scanner, Cloud Agent, and compliance modules
  • Sticky enterprise compliance base (Qualys Policy Compliance, PCI)
  • Right call for regulated industries
  • Public company financial transparency
  • FedRAMP authorized
  • Mature managed-by-Qualys offerings

Editorial: Weaknesses

  • Innovation pace below Wiz on cloud workloads
  • Management UX dated relative to newer platforms
  • Customer churn to Tenable and Wiz visible in 2024-2025 renewals
  • Per-asset pricing meaningful at scale
  • Cloud Agent footprint heavier than agentless competitors

Key features & integrations

  • +VMDR (vulnerability management + detection + response)
  • +Cloud Agent (lightweight)
  • +Network scanner appliances
  • +Policy Compliance (CIS, DISA STIGs)
  • +PCI Compliance scanning
  • +Patch Management
  • +TotalCloud (CSPM)
  • +Web Application Scanning
200+ integrations
ServiceNowSplunkMicrosoft SentinelJiraCrowdStrikeAWS Security HubAzure Defender
Geography supported
Global; strongest in US, EU, UK, India; broad worldwide coverage
Best fit
1,000–500,000+ employees · Large enterprises in regulated industries
Editorial deep-dive

Read our full ranking of Vulnerability Management Software

Qualys VMDR ranks #2 in our editorial review of 10 vulnerability management software platforms. The deep-dive covers methodology, comparison tables, decision matrix, migration scoring, and FAQs.

Read the full ranking

Closest alternatives in Vulnerability Management Software

#1
Tenable Nessus / Tenable One
Market leader on scan coverage, plugin breadth, and exposure-management roadmap.
★ 4.5 partial
#3
Rapid7 InsightVM
Boston-anchored VM with tight Insight platform integration.
★ 4.4 partial
#4
Wiz
Redefined cloud VM with agentless graph-based scanning.
★ 4.7 opaque
Help the next buyer

Contribute your verified deal price

Pricing in B2B software is opaque because vendors want it that way. Verified buyer prices fix that, anonymously. Share what you actually paid for Qualys VMDR; we’ll add it to the verified pricing dataset on this page (with company size band only, no identifying details).

Submit anonymously