Try our new research platform with insights from 80,000+ expert users

Bitsight vs Qualys CyberSecurity Asset Management comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jul 27, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Bitsight
Ranking in Attack Surface Management (ASM)
10th
Average Rating
8.6
Reviews Sentiment
7.8
Number of Reviews
6
Ranking in other categories
IT Vendor Risk Management (3rd)
Qualys CyberSecurity Asset ...
Ranking in Attack Surface Management (ASM)
3rd
Average Rating
9.2
Reviews Sentiment
7.7
Number of Reviews
22
Ranking in other categories
Vulnerability Management (8th), Patch Management (6th), Cyber Asset Attack Surface Management (CAASM) (3rd), Software Supply Chain Security (5th)
 

Mindshare comparison

As of August 2025, in the Attack Surface Management (ASM) category, the mindshare of Bitsight is 4.6%, up from 0.5% compared to the previous year. The mindshare of Qualys CyberSecurity Asset Management is 3.7%, up from 0.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Attack Surface Management (ASM)
 

Featured Reviews

Marc Chapel - PeerSpot reviewer
Stable product with efficient features for listing vulnerabilities
I recommend BitSight because it is very convenient to use. It has become a standard tool used in many companies. It is easy to share a few components of an algorithm for users. It is not ideal as it only reflects some of the reality of Internet-facing applications. However, it is the best solution at the moment. I rate it an eight out of ten.
Scott Frederick - PeerSpot reviewer
Well-integrated with our vulnerability scanning utilities and efficient in asset tagging and identification
Our favorite features are the tagging and the ability to quickly find assets in the portal. Additionally, I do like the fact that Qualys CSAM is integrated with the rest of our vulnerability scanning utilities. We use the full suite from Qualys. The fact that it is integrated makes it very easy to understand. It shares tagging information with VMDR. That is very nice. Qualys CSAM has discovered assets not previously covered by our vulnerability management program. Primarily, if we have assets without vulnerabilities, they become less visible, but Qualys CSAM alerts us to them because they have IP addresses and are attached to our network. It could discover everything from printers to servers to endpoints. It could discover UPSs, network devices, and across all operating systems. It discovers our security badge readers and digital signage. We have to feed that the IP address ranges, but beyond that, it finds everything in our internal network. We were able to realize its benefits within the first quarter of installing it. We did have to take some time to learn it and understand how to operationally leverage what it was telling us, but it was very quick. In addition to vulnerabilities, Qualys CSAM helps identify other risk factors to a degree. For instance, we can see if servers or assets have incorrect naming standards. We have our network segmented into development model, test, and production, and we have server naming standards that identify which management they should be in. If a production server has the naming standard of a development model server, we can find that. That is one area we have used it for. We are not fully using TruRisk, but we are using the Qualys detection score that is central to our corporate risk prioritization approach. It has completely replaced our homegrown one.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I prefer BitSight due to its patch management capabilities. The score is a valuable feature. I have contacted the customer support through e-mail and their response rate is fast. I rate the solution a nine out of ten."
"The best thing about BitSight is the comprehensive list of risk vectors, covering compromised systems, diligence failures, and behavioral anomalies."
"Offers open ports from an external point of view."
"Its customer service team responds quickly."
"The product helps us identify the vulnerabilities of internet-facing applications."
"The solution is user-friendly."
"The integration with different third-party tools, such as cloud providers like Azure and AWS, and asset management tools like CMDB systems, is valuable."
"Our favorite features are the tagging and the ability to quickly find assets in the portal."
"Authorized and unauthorized software visibility is the best feature for me. It helps me understand security controls on our network and where we lack visibility. With a single security tool, we are able to get an extensive list."
"I recommend Qualys CyberSecurity Asset Management due to its superior asset information collection capabilities, including comprehensive hardware and software inventorying."
"The scanning results are pretty good, and some of the insights are quite valuable."
"There are no stability issues, and I would rate it a ten out of ten."
"The fact that it is integrated makes it very easy to understand."
"The scanning results are pretty good, and some insights are quite valuable."
 

Cons

"There may be room for improvement in the methodology for identifying findings, as occasional errors occur on the technical side."
"At the moment, when the vulnerability score decreases, it remains the same for quite a while, even though issues are resolved in 24 hours."
"BitSight could improve the classes and lower-level detections of anomalies that compound the information used to compute the rating."
"The solution’s benchmarking should be improved."
"Data enrichment is the major issue."
"Its factor analysis feature could be better."
"The scanning function could be improved."
"One improvement that they can make in the EASM module is the scan frequency. After EASM is configured the first time, it allows you to do the complete configuration, but if you want to reconfigure it, it will not ask or provide any option for scan frequency. For that, you need to raise a case with Qualys and talk to the Qualys team."
"In my opinion, the area that needs improvement is the role-based access control (RBAC). The access privilege management needs to be more robust and streamlined to enhance user access management. Additionally, improvements to the user interface could be beneficial."
"Currently, in the EASM module, the scan frequency is limited to once daily, but allowing end users control over scan scheduling would be advantageous."
"All required features are available in Qualys CSAM. However, it would be helpful if Qualys CSAM started incorporating AI models. An inclusion of threat details for AI and LLM-related risks would be beneficial."
"The UI needs improvement as it can become overwhelming after prolonged use."
"Qualys CSAM is not super responsive, and there can be delays sometimes, especially with the network passive sensor. You might see duplicate objects which eventually disappear but it takes time. If that can be done faster, it will be great."
"Further research and development are needed to enhance integration with other cloud agents and products, particularly improving communication with external products and vendors."
 

Pricing and Cost Advice

"The product has a reasonable price."
"The solution's price is average."
"The pricing for Qualys CSAM is nominal."
"Qualys is competitively priced for its features. Its pricing is suitable for large organizations with more than 4,000 assets, but for smaller organizations with few assets, such as banks, the costs might be high. They should come up with packages that are suitable for small organizations."
"The pricing for Qualys Cybersecurity Asset Management is reasonable, with an annual subscription costing around $1,000 per year or a monthly subscription starting at approximately $72 per month, depending on the specific package and features included."
"It is cost-effective because, in a single tool, we are getting everything. All the solutions come in a single license or price."
"The Qualys Cybersecurity Asset Management pricing is well-aligned with our usage."
"The pricing is fair. I would love to see the price come down a little bit, but we do get a lot of value out of it. We are squeezing every ounce of value we can out of the tool."
"Qualys CyberSecurity Asset Management can be expensive, especially if we already have VMDR."
"Though the solution is considered expensive, if bundled with other services such as VMDR or cloud agents, its value would significantly increase. It is currently a bit costly, but with bundling, it could become attractive to more customers."
report
Use our free recommendation engine to learn which Attack Surface Management (ASM) solutions are best for your needs.
865,295 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
16%
Computer Software Company
11%
Manufacturing Company
9%
Insurance Company
8%
Computer Software Company
17%
Financial Services Firm
15%
Government
7%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for BitSight?
The product is a little expensive and very oriented to large companies.
What needs improvement with BitSight?
BitSight could improve the classes and lower-level detections of anomalies that compound the information used to compute the rating. They could evolve to be a more powerful scanner of cyber hygiene...
What is your experience regarding pricing and costs for Qualys CyberSecurity Asset Management?
The pricing is reasonable relative to the features provided, as it collects all module data and operates as a main, centralized inventory, making it a cost-effective solution.
What needs improvement with Qualys CyberSecurity Asset Management?
Qualys CyberSecurity Asset Management helps us prioritize assets according to operating system, kernel version, installed software, and current version information. The ASM assists with attack surf...
What is your primary use case for Qualys CyberSecurity Asset Management?
We are using Qualys CyberSecurity Asset Management for daily activities such as identifying new assets through network scanning and agent-based scanning for newly provisioned assets. When any new a...
 

Overview

 

Sample Customers

Fannie Mae, Cabela's, BNP Paribas, PWC, AIR Worldwide, Con Edison, The Container Store, OshKosh, Steris, University of South Florida, Emblem Health, Lloyds Bank
Information Not Available
Find out what your peers are saying about Bitsight vs. Qualys CyberSecurity Asset Management and other solutions. Updated: July 2025.
865,295 professionals have used our research since 2012.