No more typing reviews! Try our Samantha, our new voice AI agent.

Qualys VMDR vs Tenable.io Container Security comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Container Security
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Cloud Workload Protection Platforms (CWPP) (8th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Qualys VMDR
Ranking in Container Security
9th
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
96
Ranking in other categories
IT Asset Management (3rd), Vulnerability Management (3rd), Configuration Management Databases (3rd), Risk-Based Vulnerability Management (1st)
Tenable.io Container Security
Ranking in Container Security
27th
Average Rating
8.0
Reviews Sentiment
6.1
Number of Reviews
9
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of June 2026, in the Container Security category, the mindshare of Qualys TotalCloud is 1.4%, up from 0.9% compared to the previous year. The mindshare of Qualys VMDR is 2.1%, down from 2.3% compared to the previous year. The mindshare of Tenable.io Container Security is 1.0%, up from 1.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security Mindshare Distribution
ProductMindshare (%)
Qualys VMDR2.1%
Qualys TotalCloud1.4%
Tenable.io Container Security1.0%
Other95.5%
Container Security
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Vaibhav Ghule - PeerSpot reviewer
Soc Lead & Edr Administration at Persistent Systems
Continuous risk-based monitoring has strengthened incident response and vulnerability prioritization
I haven't explored Qualys VMDR's vulnerability lifecycle automation yet. One of my analysts mentioned that queries lack grouping operators in Qualys VMDR. From my experience, I would appreciate improvements in the query options in Qualys VMDR, specifically in the query-building process where I would need more features and operators. Additionally, we have been facing issues with Qualys on the cloud level. We cannot download the configuration profile from the cloud agent, and it is showing a pending action for download. During 2025, we noticed outages of Qualys a couple of times. I want to mention that there is an issue with receiving timely RCA deliveries. While this is not necessarily about the tool, it relates to support. The support has not been very responsive, and we are receiving RCAs a little delayed whenever we raise support cases or communicate with the TAMs. Additionally, the UI has a slight latency, which I and my team have experienced. They have also reported this latency issue when navigating through different pages.
AS
Cyber Security Architect at a security firm with 201-500 employees
Detailed container image reports have improved vulnerability insight and support secure operations
Most valuable are the reports that are quite good, particularly the detailed ones for container image scanning. Tenable.io Container Security is giving me the vulnerability information of Docker images and the information about software bill of materials. However, my challenge at this time is that I am using all these solutions with GitLab Ultimate, and it does not support integration, so I am doing some alternate arrangements which are giving me operational complexity because I need to introduce something else instead of GitLab Ultimate. That is the primary concern regarding the benefits of real-time visibility into my containerized application security status.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"By integrating TotalCloud, we have significantly reduced vulnerabilities in our deployment pipeline."
"The most valuable feature is the consolidated information that it provides from various platforms."
"One of the features I appreciate is the ability to generate daily reports without relying on anyone else."
"I appreciate Qualys TotalCloud's ability to onboard any type of device with ease, including containers."
"The platform's unified view of the organization proves particularly valuable for leadership team meetings."
"Qualys TotalCloud has significantly improved our organization by automating our reporting processes, reducing the time spent on report creation from two hours to less than fifteen to twenty minutes."
"The most valuable feature is extensibility."
"I would definitely recommend it because it is easy to handle any cloud resources."
"Use it. It is a great product."
"It's worth it, really, when you see the complete picture and see all the factors."
"This is one of the best products I have worked with so far."
"Before we were taking eight hours, now we're taking around 30 minutes to respond to any incident, security and such."
"The reporting is fine."
"The most recent is VMDR, which provides a comprehensive overview of how to detect, patch, and remediate specific vulnerabilities."
"I strongly recommend that you use this solution."
"Qualys VM is a really good tool for vulnerability scanning, and it has different sets of profiles that can be utilized for your own requirements."
"The tool's most valuable feature is scanning, reporting, and troubleshooting."
"The strong security provided by the product in the container environment is its most valuable feature."
"Most valuable are the reports that are quite good, particularly the detailed ones for container image scanning."
"Tenable.io detects misconfiguration when you deploy a Docker or Kubernetes container. It's much better to remedy these issues during deployment instead of waiting until the container is already in the production environment."
"By using Nessus, we are able to finish testing with assured results, in half the time."
"The solution shows you the exploitable vulnerabilities and helps you prioritize."
"Nessus scanner is very effective for internal penetration testing."
"It helps us secure our applications from the build phase and identify the weaknesses from scratch."
 

Cons

"TotalCloud could improve its scanning of niche devices like Wi-Fi dongles and USB modems because they are often untested. It covers everything else, like laptops, mobile devices, and Bluetooth IoT devices. They can improve on the small IoT devices because hackers and testers use these."
"Qualys TotalCloud has the potential to improve by integrating a hybrid platform for comprehensive management of both on-premises and cloud infrastructures."
"Enhancing clarity regarding its compliance capabilities would be beneficial, as the current scope is limited in geographic coverage."
"Qualys TotalCloud's increasing complexity, due to the development and deployment of multiple solutions, is making the GUI difficult to navigate."
"The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed."
"Qualys's ticketing system can be confusing when assigning tasks to individuals, and support could be improved by offering instant call solutions with engineers in addition to ticket replies."
"I would appreciate additional integration options to connect Qualys TotalCloud with our other vulnerability management tools."
"The onboarding process is a bit difficult. In the initial phase, it is very difficult to understand the features, what the dashboard contains, and what criteria they are using."
"The customer support is very bad; when we submit a ticket, we do not get a response immediately."
"The reporting and the GUI need improvements."
"Qualys currently does not have any features for scanning SCADA, IoT, and Industrial Control Systems."
"If anything, I would like to see the user interface modernized a bit more."
"For a company with over 100,000 assets, there are challenges with scalability."
"Streamline PCI integration and attestation."
"The IT infrastructure, especially server administration, needs to be improved."
"Qualys could improve the inbuilt dashboards."
"Tenable.io Container Security should improve integration modules. It should also improve stability."
"The initial setup is highly complex."
"I believe integration plays a crucial role for Tenable, particularly in terms of connecting with other products and various container solutions like Docker or Kubernetes. It seems that in future updates, enhanced integration is something I would appreciate. Currently, there is integration with Docker, but when it comes to Kubernetes or other container solutions, it appears to be a challenge, especially with on-prem scanners."
"However, my challenge at this time is that I am using all these solutions with GitLab Ultimate, and it does not support integration, so I am doing some alternate arrangements which are giving me operational complexity because I need to introduce something else instead of GitLab Ultimate."
"The stability and setup phase of the product are areas with shortcomings where improvements are needed."
"The support is tricky to reach, so we would like better-oriented technical support enabled."
"I feel that in certain areas this product has false positives which the company should work on."
"They need to work on auto-remediation so it's easier for the security team to act quickly when certain assets or resources are deployed. The latest version has a CIS benchmark that you need to meet for containers in the cloud, but more automation is needed."
 

Pricing and Cost Advice

"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."
"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."
"The cost is high, but it meets our organizational needs."
"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"There are no additional fees in addition to the standard licensing fees."
"We have an annual contract for Qualys VMDR. I believe it's for either two years or five years."
"There is a license for the use of this solution. We pay annually instead of monthly to receive a better discount on the price."
"Qualys VM is quite expensive. It's a subscription-based license, and it's yearly. Right now, it's open for me, and I don't have any limitations or caps on the licenses. They are seeing if the product is viable for 4500 users. I can add as much as I want, and at the end of the subscription, they'll let me know how many licenses were actually used and bill me accordingly. On a scale from one to five, I would give their pricing a three. It's still expensive."
"The product is more expensive than that of any other vendor."
"Qualys VM is better suited for medium to large companies because the price can be too much for smaller customers."
"It is different for every company, but for us, it's every three years."
"The price is very reasonable."
"The product does not operate on a pay-per-license model."
"The solution's pricing is neither cheap nor very expensive."
"It's best to be an institutional buyer and directly contact the sales team as they can provide over-the-top discounts for bulk orders."
"I rate the product’s pricing a six out of ten."
"I rate the tool's pricing a three out of ten."
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
900,747 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
18%
Financial Services Firm
14%
Construction Company
7%
Comms Service Provider
7%
Financial Services Firm
16%
Manufacturing Company
7%
Computer Software Company
7%
Government
6%
Financial Services Firm
15%
Manufacturing Company
8%
Retailer
7%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business10
Midsize Enterprise3
Large Enterprise29
By reviewers
Company SizeCount
Small Business20
Midsize Enterprise12
Large Enterprise70
By reviewers
Company SizeCount
Small Business2
Midsize Enterprise3
Large Enterprise4
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What is your experience regarding pricing and costs for Qualys VMDR?
My experience with pricing, setup cost, and licensing shows that we can consider both time and money saved.
What needs improvement with Qualys VMDR?
I haven't explored Qualys VMDR's vulnerability lifecycle automation yet. One of my analysts mentioned that queries la...
What advice do you have for others considering Qualys VMDR?
I have some understanding about PeerSpot, and I have visited the website. PeerSpot is similar to TrustRadius. It take...
What needs improvement with Tenable.io Container Security?
Several things need improvement about Tenable.io Container Security. First, they should support GitLab Ultimate. Seco...
What is your primary use case for Tenable.io Container Security?
I have been dealing with Tenable.io Container Security for almost four to six months.
 

Also Known As

Qualys TotalCloud with FlexScan
Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security
Tenable FlawCheck, FlawCheck
 

Overview

 

Sample Customers

Information Not Available
Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx
ServiceMaster
Find out what your peers are saying about Qualys VMDR vs. Tenable.io Container Security and other solutions. Updated: June 2026.
900,747 professionals have used our research since 2012.