Try our new research platform with insights from 80,000+ expert users

Bitsight vs Qualys CyberSecurity Asset Management comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 16, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Bitsight
Ranking in Attack Surface Management (ASM)
13th
Average Rating
8.6
Reviews Sentiment
7.8
Number of Reviews
6
Ranking in other categories
IT Vendor Risk Management (4th)
Qualys CyberSecurity Asset ...
Ranking in Attack Surface Management (ASM)
4th
Average Rating
9.2
Reviews Sentiment
7.6
Number of Reviews
21
Ranking in other categories
Vulnerability Management (10th), Patch Management (7th), Cyber Asset Attack Surface Management (CAASM) (2nd), Software Supply Chain Security (5th)
 

Mindshare comparison

As of April 2025, in the Attack Surface Management (ASM) category, the mindshare of Bitsight is 3.3%, up from 0.1% compared to the previous year. The mindshare of Qualys CyberSecurity Asset Management is 2.9%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Attack Surface Management (ASM)
 

Featured Reviews

Marc Chapel - PeerSpot reviewer
Stable product with efficient features for listing vulnerabilities
I recommend BitSight because it is very convenient to use. It has become a standard tool used in many companies. It is easy to share a few components of an algorithm for users. It is not ideal as it only reflects some of the reality of Internet-facing applications. However, it is the best solution at the moment. I rate it an eight out of ten.
Revathi VeeraRaghavan - PeerSpot reviewer
Provides comprehensive visibility and covers the complete attack surface
For some of the software, there was no life cycle or general information. We wanted them to give details in the database as and when the software comes. I raised a ticket for that, and after that, they updated the details for more than one million software. They should address the false positives generated in EASM. It is fetching assets that have Infosys as the keyword. They should fix that. When we click on the web application, it only shows potential web assets. The application details are not there. Overall, CSAM has matured a lot. These are the few enhancements that need to be done.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution is user-friendly."
"The product helps us identify the vulnerabilities of internet-facing applications."
"Its customer service team responds quickly."
"I prefer BitSight due to its patch management capabilities. The score is a valuable feature. I have contacted the customer support through e-mail and their response rate is fast. I rate the solution a nine out of ten."
"The best thing about BitSight is the comprehensive list of risk vectors, covering compromised systems, diligence failures, and behavioral anomalies."
"Offers open ports from an external point of view."
"The end-of-life and end-of-service software and hardware are some of my favorite features."
"The most valuable aspect we receive from Qualys is the remediation."
"With Qualys CSAM, we can see which assets have critical application vulnerabilities. This feature helps us prioritize and address these vulnerabilities more efficiently."
"My favourite feature of Qualys CyberSecurity Asset Management is its ability to target missing software."
"I appreciate the feature that simplifies cloud security posture, offering insights into vulnerabilities, and reducing the complexity of managing the security program."
"Qualys CyberSecurity Asset Management offers comprehensive features to cover our entire attack surface."
"I would rate the Qualys CSAM a ten out of ten for its overall performance."
"The most valuable features of Qualys CSAM include the ability to manage authorized and unauthorized applications efficiently. This feature helps in validating applications and maintaining a secure environment."
 

Cons

"There may be room for improvement in the methodology for identifying findings, as occasional errors occur on the technical side."
"The solution’s benchmarking should be improved."
"Its factor analysis feature could be better."
"BitSight could improve the classes and lower-level detections of anomalies that compound the information used to compute the rating."
"Data enrichment is the major issue."
"At the moment, when the vulnerability score decreases, it remains the same for quite a while, even though issues are resolved in 24 hours."
"The scanning function could be improved."
"The UI needs improvement as it can become overwhelming after prolonged use."
"They should address the false positives generated in EASM. It is fetching assets that have Infosys as the keyword. They should fix that."
"In my opinion, the area that needs improvement is the role-based access control (RBAC). The access privilege management needs to be more robust and streamlined to enhance user access management. Additionally, improvements to the user interface could be beneficial."
"Qualys CyberSecurity Asset Management could be more cost-effective by offering a lower price point or integrating with existing VMDR features."
"Based on the company's budget, Qualys offers limited features, which can also be utilized in other environments."
"The UI needs improvement as it can become overwhelming after prolonged use."
"Qualys could improve by enhancing its dynamic tagging and role-based access control features, and by refining its user interface for a more intuitive and efficient user experience."
 

Pricing and Cost Advice

"The product has a reasonable price."
"The solution's price is average."
"It is cost-effective because, in a single tool, we are getting everything. All the solutions come in a single license or price."
"Qualys is competitively priced for its features. Its pricing is suitable for large organizations with more than 4,000 assets, but for smaller organizations with few assets, such as banks, the costs might be high. They should come up with packages that are suitable for small organizations."
"The Qualys Cybersecurity Asset Management pricing is well-aligned with our usage."
"The pricing is market-competitive."
"Though the solution is considered expensive, if bundled with other services such as VMDR or cloud agents, its value would significantly increase. It is currently a bit costly, but with bundling, it could become attractive to more customers."
"The pricing is fair. I would love to see the price come down a little bit, but we do get a lot of value out of it. We are squeezing every ounce of value we can out of the tool."
"Qualys offers excellent value for money."
"The cost for Qualys CyberSecurity Asset Management is high."
report
Use our free recommendation engine to learn which Attack Surface Management (ASM) solutions are best for your needs.
845,589 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
18%
Computer Software Company
14%
Manufacturing Company
9%
Insurance Company
8%
Computer Software Company
23%
Financial Services Firm
14%
Government
9%
Retailer
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for BitSight?
The product is a little expensive and very oriented to large companies.
What needs improvement with BitSight?
BitSight could improve the classes and lower-level detections of anomalies that compound the information used to compute the rating. They could evolve to be a more powerful scanner of cyber hygiene...
What is your experience regarding pricing and costs for Qualys CyberSecurity Asset Management?
The pricing is reasonable relative to the features provided, as it collects all module data and operates as a main, centralized inventory, making it a cost-effective solution.
What needs improvement with Qualys CyberSecurity Asset Management?
Qualys is continually developing, adding new features each year. Previously, there was no on-demand scan feature in a cloud agent, but multiple features have since been added to my cloud agent modu...
What is your primary use case for Qualys CyberSecurity Asset Management?
I have been working with Qualys for approximately two and a half years. I have used this module to manage security postures in cloud environments, and it is essentially used for hybrid management s...
 

Overview

 

Sample Customers

Fannie Mae, Cabela's, BNP Paribas, PWC, AIR Worldwide, Con Edison, The Container Store, OshKosh, Steris, University of South Florida, Emblem Health, Lloyds Bank
Information Not Available
Find out what your peers are saying about Bitsight vs. Qualys CyberSecurity Asset Management and other solutions. Updated: March 2025.
845,589 professionals have used our research since 2012.