PortSwigger Burp Suite Enterprise Edition vs Qualys CyberSecurity Asset Management comparison

PortSwigger Burp Suite Enterprise Edition vs. Qualys CyberSecurity Asset Management

Download the complete report

Helped 900,747 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Qualys TotalCloud

Mindshare comparison

As of June 2026, in the Vulnerability Management category, the mindshare of Qualys TotalCloud is 1.0%, up from 0.9% compared to the previous year. The mindshare of PortSwigger Burp Suite Enterprise Edition is 1.1%, up from 0.9% compared to the previous year. The mindshare of Qualys CyberSecurity Asset Management is 1.3%, up from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Vulnerability Management Mindshare Distribution
Product	Mindshare (%)
Qualys CyberSecurity Asset Management	1.3%
Qualys TotalCloud	1.0%
PortSwigger Burp Suite Enterprise Edition	1.1%
Other	96.6%

Vulnerability Management

Featured Reviews

Robert Orłowski

IT Security Expert at Alior Bank S.A.

Unified risk scoring has improved our cloud visibility and simplifies remediation priorities

Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.

Read full review

Oussama Ben Taher

Studiant at Edifixio

Enables time-saving automated scanning and brute force attacks

The most appreciated functionality of PortSwigger Burp Suite is its ability to perform brute force attacks automatically. Its automated scanning feature saves time. Additionally, using this tool provides significant security insights, making our testing process more efficient and comprehensive, leading to considerable time savings, which in turn translates to financial benefits.

Read full review

Nicki Møller

Information Security Engineer at a manufacturing company with 5,001-10,000 employees

Enables automation and quick access to necessary information

One of the significant challenges Qualys is discovery, which I know Microsoft excels at. I can't recall how well Qualys performs this function; it seems I might be missing some details. However, if there's one key aspect to focus on, it's discovery—the ability to identify assets that you are not aware of, even when you can see they are present. Understanding what those assets are is crucial. With Qualys CyberSecurity Asset Management, it was very difficult to extract detections from the system. The features within Qualys are limited to what they have developed. Sometimes a complete overview is needed to push to a Power BI dashboard, Splunk, ServiceNow, or other platforms. The export process is incredibly challenging. We needed a developer to write a hundred-line Python script that would loop over certain assets due to export limitations. Qualys CyberSecurity Asset Management could improve its integration capabilities. While it generates substantial data, correlating it with other data sources can be challenging. The export process is difficult, and pre-built integrations with other tools could be enhanced for better process implementation.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Once you have your vulnerabilities fixed and your patches pushed out using Qualys TotalCloud, then you are able to eliminate threats and cyber risk."

"Qualys TotalCloud's most valuable features are its cloud security posture management, Kubernetes, and container security capabilities."

"I appreciate TotalCloud's real-time protection and remediation features. The remediation options include automated one-click remedies and custom changes that help manage vulnerabilities efficiently."

"I would definitely recommend it because it is easy to handle any cloud resources."

"The vulnerability management feature is the one I like the most because it provides a clear picture of all vulnerabilities."

"One of the features I appreciate is the ability to generate daily reports without relying on anyone else."

"Qualys TotalCloud provides unified vulnerability and threat assessment for IaaS and SaaS and a single prioritized view of risk, which helps reduce my workload by not having to combine multiple sources."

"If someone were to ask me to review Qualys TotalCloud, I would summarize it as an end-to-end solution for cloud security with visibility and governance-grade controls without needing to manage multiple disconnected tools."

More Qualys TotalCloud pros

"Parallel scans can be done with PortSwigger Burp Suite Enterprise Edition."

"The tool is loaded with many features that give us ROI."

"We are in the early stage of using the solution making it difficult to fully determine the best features. However, we have noticed the CMDB and device discovery features look valuable at this time."

"Its automated scanning feature saves time."

"The initial setup is straightforward."

"The product's initial setup phase was super easy."

"The product is easy to use."

"I like normal dynamic scanning, general web applications scanning, and vulnerability assessments."

More PortSwigger Burp Suite Enterprise Edition pros

"I appreciate the feature that simplifies cloud security posture, offering insights into vulnerabilities, and reducing the complexity of managing the security program."

"The best feature is asset discovery through their cloud agent or IP-based scanning."

"We have had zero attacks since we enabled all the features in Qualys CSAM."

"My favourite feature of Qualys CyberSecurity Asset Management is its ability to target missing software."

"Qualys CyberSecurity Asset Management provides accurate content that identifies all the endpoints, making it better in that way, and the review results for finding vulnerabilities and reporting also show that it identifies most of them, helping us complete tasks in 3.5 days instead of five."

"I really enjoy the flexibility of the interface setup configuration for my network VLANs, which makes it very easy to configure."

"The most valuable feature is the real-time visibility Qualys CyberSecurity Asset Management provides into all assets across our development and operational environments."

"The fact that it is integrated makes it very easy to understand."

More Qualys CyberSecurity Asset Management pros

Cons

"I would appreciate additional integration options to connect Qualys TotalCloud with our other vulnerability management tools."

"It has been working very well, but it would be helpful if the dashboard could generate reports tailored to specific compliance needs. For example, in India, we have to comply with RBI and SEBI guidelines. It w"

"There is room for improvement in the support."

"The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed."

"The cloud licensing unit system is unclear, especially since "units" aren't well-defined."

"We encountered challenges identifying the correct resource category for certain items, such as those in containers or storage."

"Qualys TotalCloud's increasing complexity, due to the development and deployment of multiple solutions, is making the GUI difficult to navigate."

"From a downside perspective, the UI is not user-friendly and feels dated compared to other tools like Prisma Cloud."

More Qualys TotalCloud cons

"It's not a stable product. Sometimes, it takes a lot of time to scan."

"There's definitely room for improvement. There are lots of false positives. Once I do the manual assessment, it comes as a false positive. They need to improve the Enterprise Edition, especially the part that gives false positives."

"From my personal experience, the solution's performance could be improved."

"The cost per license per user could be cheaper, specifically for individual licensing."

"The stability is a big issue. So many times the scans fail."

"PortSwigger Burp Suite Enterprise Edition should incorporate a static code analysis feature. One main issue we encounter is false positives. False positives can be challenging for developers."

"The stability of the scans could be improved."

"It would be beneficial if Burp Suite provided predefined payloads for each attack category, such as SQL injection and cross-site scripting, to automate some tasks more effectively."

More PortSwigger Burp Suite Enterprise Edition cons

"In my opinion, the area that needs improvement is the role-based access control (RBAC). The access privilege management needs to be more robust and streamlined to enhance user access management. Additionally, improvements to the user interface could be beneficial."

"I think the one thing Qualys CyberSecurity Asset Management can do better is the package management and the updating process."

"Sometimes both updates and software types appear together on one list, making it hard to differentiate."

"In our reporting, we faced a challenge syncing with cloud devices."

"Some areas that would be helpful are more comprehensive tagging and the ability to set up better dynamic rules."

"Currently, in the EASM module, the scan frequency is limited to once daily, but allowing end users control over scan scheduling would be advantageous."

"The only minor issue is occasionally being redirected to multiple teams, causing slight delays."

"One downside of Qualys CyberSecurity Asset Management is that I would prefer to see a more interactive dashboard."

More Qualys CyberSecurity Asset Management cons

Pricing and Cost Advice

"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."

"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."

"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."

"The cost is high, but it meets our organizational needs."

"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."

"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."

"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."

"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."

More Qualys TotalCloud pricing and cost advice

"The tool's pricing is reasonable and costs around 400 dollars per year."

"Although the solution can be a bit expensive for small companies, its pricing is fairly reasonable for its capabilities."

"PortSwigger Burp Suite Enterprise Edition is neither a cheap nor an expensive product. PortSwigger Burp Suite Enterprise Edition is a good tool for companies."

"For Professional, it's about $400 per year."

"PortSwigger Burp Suite Enterprise Edition is expensive compared to other solutions."

"The pricing is market-competitive."

"Though the solution is considered expensive, if bundled with other services such as VMDR or cloud agents, its value would significantly increase. It is currently a bit costly, but with bundling, it could become attractive to more customers."

"The pricing is fair. I would love to see the price come down a little bit, but we do get a lot of value out of it. We are squeezing every ounce of value we can out of the tool."

"The pricing is reasonable relative to the features provided, as it collects all module data and operates as a main, centralized inventory, making it a cost-effective solution."

"Qualys CyberSecurity Asset Management can be expensive, especially if we already have VMDR."

"The pricing for Qualys Cybersecurity Asset Management is reasonable, with an annual subscription costing around $1,000 per year or a monthly subscription starting at approximately $72 per month, depending on the specific package and features included."

"It is cost-effective because, in a single tool, we are getting everything. All the solutions come in a single license or price."

"Qualys offers excellent value for money."

More Qualys CyberSecurity Asset Management pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.

See recommendations

900,747 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Manufacturing Company

18%

Financial Services Firm

14%

Construction Company

Comms Service Provider

Financial Services Firm

19%

Computer Software Company

Manufacturing Company

Construction Company

Financial Services Firm

15%

Computer Software Company

Manufacturing Company

Comms Service Provider

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	10
Midsize Enterprise	3
Large Enterprise	29

By reviewers
Company Size	Count
Small Business	5
Midsize Enterprise	2
Large Enterprise	7

By reviewers
Company Size	Count
Small Business	8
Midsize Enterprise	2
Large Enterprise	23

Questions from the Community

What is your experience regarding pricing and costs for Qualys TotalCloud?

The price is very expensive, actually.

What needs improvement with Qualys TotalCloud?

Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...

What is your primary use case for Qualys TotalCloud?

Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...

What is your experience regarding pricing and costs for PortSwigger Burp Suite Enterprise Edition?

I am using the Community Edition, which is free, however, I understand there might be extra expenses for additional f...

What needs improvement with PortSwigger Burp Suite Enterprise Edition?

It would be beneficial if Burp Suite provided predefined payloads for each attack category, such as SQL injection and...

What is your primary use case for PortSwigger Burp Suite Enterprise Edition?

I work with security testing tools for SaaS, focusing on static application security testing and using tools like Bur...

What is your experience regarding pricing and costs for Qualys CyberSecurity Asset Management?

I'm not entirely sure about the pricing; I don't know.

What needs improvement with Qualys CyberSecurity Asset Management?

I think the one thing Qualys CyberSecurity Asset Management can do better is the package management and the updating ...

What is your primary use case for Qualys CyberSecurity Asset Management?

I primarily use it for a small, single-site, multi-source setup with multi-WAN inputs. I have a main fiber connection...

Microsoft Defender for Cloud vs Qualys TotalCloud

Comparisons

Wiz vs Qualys TotalCloud

Compared 12% of the time

Compared 8% of the time

Prisma Cloud by Palo Alto Networks vs Qualys TotalCloud

Compared 6% of the time

JupiterOne vs Qualys TotalCloud

Compared 5% of the time

Nucleus Security vs Qualys TotalCloud

Compared 5% of the time

More Qualys TotalCloud Competitors

Seal Security vs PortSwigger Burp Suite Enterprise Edition

Compared 30% of the time

Rapid7 Metasploit vs PortSwigger Burp Suite Enterprise Edition

Compared 7% of the time

Acunetix vs PortSwigger Burp Suite Enterprise Edition

Compared 6% of the time

Rapid7 InsightAppSec vs PortSwigger Burp Suite Enterprise Edition

Compared 6% of the time

Tenable Nessus vs PortSwigger Burp Suite Enterprise Edition

Compared 5% of the time

More PortSwigger Burp Suite Enterprise Edition Competitors

Axonius vs Qualys CyberSecurity Asset Management

Compared 6% of the time

Armis vs Qualys CyberSecurity Asset Management

Compared 5% of the time

CrowdStrike Falcon vs Qualys CyberSecurity Asset Management

Compared 4% of the time

Bitsight vs Qualys CyberSecurity Asset Management

Compared 4% of the time

Rapid7 Metasploit vs Qualys CyberSecurity Asset Management

Compared 4% of the time

More Qualys CyberSecurity Asset Management Competitors

Product Reports

Qualys TotalCloud

Download Qualys TotalCloud product report

PortSwigger Burp Suite Enterprise Edition

Download PortSwigger Burp Suite Enterprise Edition product report

PortSwigger Burp Suite Enterprise Edition report

Qualys CyberSecurity Asset Management

Download Qualys CyberSecurity Asset Management product report

Qualys CyberSecurity Asset Management report

Also Known As

Qualys TotalCloud with FlexScan

No data available

Overview

Qualys TotalCloud enhances security posture across cloud environments with continuous monitoring, vulnerability management, and risk visualization, ensuring efficient threat assessment and automated remediation for improved cyber risk reduction.

Qualys TotalCloud offers a robust suite of security tools essential for organizations managing multi-cloud infrastructures. By integrating cloud accounts and automating workflows, it supports AWS, Azure, and GCP, offering comprehensive vulnerability management and zero-day detection. The platform's user-friendly design, combined with its extensive risk management and unified threat assessment capabilities, enables organizations to prioritize and remediate vulnerabilities effectively. TruRisk Insights provides clear insights on cyber risks, while the automation options streamline patch management and scanning processes. API integration across IaaS and SaaS environments further enhances resource allocation efficiency and saves time, addressing misconfigurations across cloud environments.

What are the most important features of Qualys TotalCloud?

Accurate Vulnerability Reports: Delivers precise and actionable insights for risk mitigation.
Zero-Day Detection: Identifies and addresses zero-day vulnerabilities proactively.
Unified Threat Assessment: Offers comprehensive evaluation of threats across the environment.
Extensive Risk Management: Manages risks effectively with advanced insights and prioritization.
Continuous Monitoring: Provides non-stop surveillance for vulnerabilities and threats.
Cloud-Native Automation: Streamlines processes and reduces manual efforts using automation.
FlexScan for Internet-Facing VMs: Scans external VMs efficiently to detect vulnerabilities.
Dashboard Risk Visualization: Clear visualization helps prioritize vulnerabilities.

What benefits and ROI should users look for?

Improved Security Posture: Enhances threat detection and response across clouds.
Time Savings: Automation reduces time spent on manual vulnerability management.
Resource Efficiency: Better allocation of resources through streamlined workflows.
Enhanced Risk Prioritization: Focus on critical vulnerabilities for effective mitigation.
Integrated Cloud Accounts: Facilitates seamless cloud management and security.

Qualys TotalCloud is deployed in sectors needing rigorous vulnerability management, such as finance and healthcare. Companies utilize it to secure multi-cloud environments like AWS, Azure, and GCP, focus on compliance, and integrate security into CI/CD pipelines to detect and remedy threats pre-deployment.

Qualys

PortSwigger Burp Suite Enterprise Edition is a comprehensive tool for web application security testing, emphasizing ease of use for dynamic scanning and vulnerability assessments. Its automation capabilities enhance efficiency and insights into API, web, and mobile app security.

PortSwigger Burp Suite Enterprise Edition is designed for vulnerability assessment, web app security testing, and dynamic application scanning. It enables teams to perform thorough assessments through automated brute force and active scanning features. With extensions, CI/CD integration, and automation, it provides a scalable environment, supporting manual and automated testing seamlessly. Users benefit from effective network call logging, vulnerability interception, and customizable scripting. Organizations from sectors such as IT services and medical equipment rely on it for penetration testing and application auditing, benefiting from its frequent improvements and integration capabilities.

What are the key features of PortSwigger Burp Suite Enterprise Edition?

Active Scan: Facilitates comprehensive exploration and security insights.
Automation and CI/CD Integration: Enhances efficiency through seamless workflow integration.
Extensions: Expands functionality to meet specific testing needs.
Parallel Scans: Supports high ROI by enabling multiple simultaneous tests.
Customizable Scripting: Offers tailored testing scenarios for diverse applications.

What benefits and ROI should users consider?

Ease of Use: Allows even beginners to conduct dynamic scanning.
Scalability: Ensures efficient assessments across large environments.
Process Optimization: Seamless integration supports streamlined workflow.
Frequent Improvements: Regular updates to address current issues and needs.

In sectors like medical devices and IT services, PortSwigger Burp Suite Enterprise Edition is integral for penetration testing and compliance verification. Teams use it for manual and automated testing in web and mobile applications, assessing APIs and interpreting network calls to enhance security and certification processes.

PortSwigger

Qualys CyberSecurity Asset Management provides key features including asset inventory management, end-of-life tracking, dynamic tagging, and integration with CMDB, offering extensive visibility and support for proactive threat response.

Qualys offers comprehensive visibility across hardware and software assets, aiding in tracking unauthorized applications and facilitating automated vulnerability remediation. Its user-friendly interface and dynamic risk scoring enhance security posture management. Users leverage it for vulnerability management and compliance, benefiting from real-time risk identification and efficient operations in cloud and on-premises environments.

What are the key features of Qualys CyberSecurity Asset Management?

Asset Inventory Management: Provides detailed visibility over hardware and software assets.
End-of-Life Tracking: Helps identify technical debt by pinpointing outdated hardware and software.
Dynamic Tagging: Allows flexible classification and categorization of assets.
Real-Time Risk Identification: Detects risks as they arise, enhancing threat response capabilities.
CMDB Integration: Streamlines data integration for comprehensive asset insights.

What benefits should users look for in Qualys reviews?

Improved Security Posture: Enables proactive threat management and streamlined operations.
Efficient Remediation: Automates vulnerability management and patch deployment.
User-Friendly Operations: Simplifies cybersecurity operations with an intuitive interface.
Comprehensive Asset Visibility: Offers unparalleled insight into organizational assets.
Scalable Solutions: Facilitates asset tracking across cloud and on-premises environments.

Cybersecurity teams in various industries, such as financial services, healthcare, and manufacturing, utilize Qualys to manage technical debt through end-of-life tracking and facilitate robust patch management. It supports compliance and visibility initiatives, essential for maintaining data integrity and operational security in dynamic environments.

Qualys

Sample Customers

Information Not Available

Nasa, Disney, Dow Jones, Iberia Bank, IBM, Ernest and Young, Apple, Ryanair, Thyssenkrupp, Delivery Hero

Information Not Available

PortSwigger Burp Suite Enterprise Edition vs. Qualys CyberSecurity Asset Management