Last updated Sep 29, 2025
Qualys
How much does Qualys cost after negotiations?
Vendr's Qualys pricing calculator uses AI to provide a customized estimate of what you should pay after negotiations.Get a customized estimate
Vendr's estimates are backed by recent real purchases of Qualys
How much does Qualys typically cost?
Policy ComplianceAutomates the assessment of IT assets for compliance with internal security policies and external regulations, reducing manual audit preparation and evidence collection efforts. Delivers continuous monitoring, policy enforcement, and reporting across multiple regulatory frameworks, enabling organizations to identify misconfigurations, ensure adherence, and remediate compliance gaps efficiently.
Policy Compliance
Automates the assessment of IT assets for compliance with internal security policies and external regulations, reducing manual audit preparation and evidence collection efforts. Delivers continuous monitoring, policy enforcement, and reporting across multiple regulatory frameworks, enabling organizations to identify misconfigurations, ensure adherence, and remediate compliance gaps efficiently.Typical price after negotiations
Qualys Compliance: File Integrity Monitoring (FIM)New purchase, 1 year term
Users
100Price after negotiations-
Get a customized estimate
Cloud Workload ProtectionProviding continuous security for cloud workloads across virtual machines, containers, and serverless environments, this solution enables organizations to detect vulnerabilities, unauthorized access, and misconfigurations in real time. Key capabilities include automated vulnerability management, behavioral monitoring, compliance enforcement, and integration with DevOps pipelines for improved visibility, risk mitigation, and operational efficiency in dynamic multi-cloud architectures.
Cloud Workload Protection
Providing continuous security for cloud workloads across virtual machines, containers, and serverless environments, this solution enables organizations to detect vulnerabilities, unauthorized access, and misconfigurations in real time. Key capabilities include automated vulnerability management, behavioral monitoring, compliance enforcement, and integration with DevOps pipelines for improved visibility, risk mitigation, and operational efficiency in dynamic multi-cloud architectures.Typical price after negotiations
Qualys Vulnerability & Configuration Management: Vulnerability Management, Detection & Response (VMDR)New purchase, 1 year term
Bundles
2000Price after negotiations-
Get a customized estimate
Typical price after negotiations
Qualys Vulnerability & Configuration Management: Web Application Scanning (WAS)New purchase, 1 year term
Subscription
10Price after negotiations-
Get a customized estimate
Enterprise TruRisk Management (ETM)Addressing the challenge of fragmented security data and lack of unified risk visibility, this platform aggregates, normalizes, and prioritizes cybersecurity risks across cloud, on-premises, and third-party environments. It enables organizations to quantify cyber risks in business and financial terms, orchestrate automated remediation workflows, and align security strategies with business objectives for more informed decision-making.
Enterprise TruRisk Management (ETM)
Addressing the challenge of fragmented security data and lack of unified risk visibility, this platform aggregates, normalizes, and prioritizes cybersecurity risks across cloud, on-premises, and third-party environments. It enables organizations to quantify cyber risks in business and financial terms, orchestrate automated remediation workflows, and align security strategies with business objectives for more informed decision-making.API SecurityUnsecured APIs pose significant risks by exposing sensitive data and increasing the attack surface across cloud, on-premises, and hybrid environments. This solution automatically discovers and inventories all API assets, conducts AI-powered vulnerability testing against the OWASP API Top 10, and continuously monitors for compliance to industry standards and OpenAPI specifications.
API Security
Unsecured APIs pose significant risks by exposing sensitive data and increasing the attack surface across cloud, on-premises, and hybrid environments. This solution automatically discovers and inventories all API assets, conducts AI-powered vulnerability testing against the OWASP API Top 10, and continuously monitors for compliance to industry standards and OpenAPI specifications.Web Application FirewallAddressing the need for immediate protection against web application threats, this solution blocks attacks, applies virtual patches to vulnerabilities, and enforces secure communication protocols. Key capabilities include customizable policies, out-of-the-box templates for popular platforms, integration with vulnerability scanning, and scalability through virtual appliances.
Web Application Firewall
Addressing the need for immediate protection against web application threats, this solution blocks attacks, applies virtual patches to vulnerabilities, and enforces secure communication protocols. Key capabilities include customizable policies, out-of-the-box templates for popular platforms, integration with vulnerability scanning, and scalability through virtual appliances.Kubernetes and Container Security (KCS)Modern containerized and Kubernetes environments face challenges such as vulnerability management, misconfiguration risks, and maintaining compliance across hybrid and multi-cloud deployments. This solution continuously discovers, monitors, and protects container infrastructure by scanning container images and runtime activities for vulnerabilities, misconfigurations, and compliance issues.
Kubernetes and Container Security (KCS)
Modern containerized and Kubernetes environments face challenges such as vulnerability management, misconfiguration risks, and maintaining compliance across hybrid and multi-cloud deployments. This solution continuously discovers, monitors, and protects container infrastructure by scanning container images and runtime activities for vulnerabilities, misconfigurations, and compliance issues.Qualys TruRisk Eliminate (TE)Enables organizations to proactively reduce cyber risk by providing automated patch management, advanced mitigation, and targeted isolation capabilities that address vulnerabilities before exploitation. Facilitates unified workflows for security and IT teams to remediate issues across cloud, on-premises, and third-party environments—including cases where patching is not possible—thus minimizing exposure to ransomware and known exploited vulnerabilities.
Qualys TruRisk Eliminate (TE)
Enables organizations to proactively reduce cyber risk by providing automated patch management, advanced mitigation, and targeted isolation capabilities that address vulnerabilities before exploitation. Facilitates unified workflows for security and IT teams to remediate issues across cloud, on-premises, and third-party environments—including cases where patching is not possible—thus minimizing exposure to ransomware and known exploited vulnerabilities.Custom Assessment and Remediation (CAR)Automates the assessment and remediation of security risks by enabling organizations to create, manage, and execute custom scripts across their IT assets. Provides a centralized repository and execution framework for custom detections and remediations, supporting multiple scripting languages and platforms.
Custom Assessment and Remediation (CAR)
Automates the assessment and remediation of security risks by enabling organizations to create, manage, and execute custom scripts across their IT assets. Provides a centralized repository and execution framework for custom detections and remediations, supporting multiple scripting languages and platforms.Typical price after negotiations
Qualys Risk Remediation: Patch Management (PM)New purchase, 1 year term
Patch Management
500Price after negotiations-
Get a customized estimate
Typical price after negotiations
Qualys Asset Management: Cyber Security Asset Management (CSAM)New purchase, 1 year term
Users
3000Price after negotiations-
Get a customized estimate
External Attack Surface ManagementOrganizations gain continuous, outside-in visibility of internet-facing assets to identify previously unknown or unmanaged exposures, enabling proactive security and risk mitigation. The solution automates discovery, attribution, and assessment of external digital assets, providing alerts on vulnerabilities, misconfigurations, certificate issues, and other compliance gaps to help IT and security teams reduce attack surface and prioritize remediation actions.
External Attack Surface Management
Organizations gain continuous, outside-in visibility of internet-facing assets to identify previously unknown or unmanaged exposures, enabling proactive security and risk mitigation. The solution automates discovery, attribution, and assessment of external digital assets, providing alerts on vulnerabilities, misconfigurations, certificate issues, and other compliance gaps to help IT and security teams reduce attack surface and prioritize remediation actions.Typical price after negotiations
Qualys Cloud Security: Total Cloud (CNAPP)New purchase, 1 year term
Bundle
1000Price after negotiations-
Get a customized estimate
SaaS Security Posture Management (SSPM)Minimizing the risk of data breaches and compliance violations in SaaS applications, this solution continuously monitors and manages security settings, user permissions, and configurations across connected SaaS environments. Core capabilities include real-time detection of misconfigurations, suspicious user activity, and excessive privileges, as well as automated compliance checks to ensure alignment with regulatory standards.
SaaS Security Posture Management (SSPM)
Minimizing the risk of data breaches and compliance violations in SaaS applications, this solution continuously monitors and manages security settings, user permissions, and configurations across connected SaaS environments. Core capabilities include real-time detection of misconfigurations, suspicious user activity, and excessive privileges, as well as automated compliance checks to ensure alignment with regulatory standards.Posture Management (CSPM)Organizations address cloud security risks and compliance challenges by continuously monitoring cloud infrastructure for misconfigurations, policy violations, and regulatory compliance across multi-cloud environments. Automated workflows in this solution detect and remediate security issues in real time, providing unified visibility and simplifying the management of cloud security posture.
Posture Management (CSPM)
Organizations address cloud security risks and compliance challenges by continuously monitoring cloud infrastructure for misconfigurations, policy violations, and regulatory compliance across multi-cloud environments. Automated workflows in this solution detect and remediate security issues in real time, providing unified visibility and simplifying the management of cloud security posture.Cloud Detection & Response (CDR)Continuous protection for cloud environments requires rapid detection and automated response to evolving threats. This solution leverages deep learning AI to monitor cloud workloads and network traffic, providing real-time identification of suspicious activity, malware, lateral movement, and advanced threats.
Cloud Detection & Response (CDR)
Continuous protection for cloud environments requires rapid detection and automated response to evolving threats. This solution leverages deep learning AI to monitor cloud workloads and network traffic, providing real-time identification of suspicious activity, malware, lateral movement, and advanced threats.Infrastructure as Code (IaC) SecurityDetects and remediates security issues in cloud infrastructure by scanning Infrastructure as Code (IaC) templates for misconfigurations prior to deployment. Integrates with CI/CD pipelines and developer tools to provide real-time feedback, support compliance with global standards, and prevent security risks before cloud resources are provisioned.
Infrastructure as Code (IaC) Security
Detects and remediates security issues in cloud infrastructure by scanning Infrastructure as Code (IaC) templates for misconfigurations prior to deployment. Integrates with CI/CD pipelines and developer tools to provide real-time feedback, support compliance with global standards, and prevent security risks before cloud resources are provisioned.Extended Detection & Response (XDR)Enables security teams to quickly identify, prioritize, and respond to threats by unifying security telemetry from endpoints, networks, cloud assets, and third-party sources into a single view. Delivers contextual risk assessment, automated incident response, and actionable detection by integrating vulnerability management, asset inventory, and threat intelligence.
Extended Detection & Response (XDR)
Enables security teams to quickly identify, prioritize, and respond to threats by unifying security telemetry from endpoints, networks, cloud assets, and third-party sources into a single view. Delivers contextual risk assessment, automated incident response, and actionable detection by integrating vulnerability management, asset inventory, and threat intelligence.Endpoint Detection Response (EDR, EPP)Reduces the risk of endpoint compromise by providing real-time detection, investigation, and automated response to threats across enterprise devices. Enables security teams to monitor endpoints for suspicious activity, correlate threats with vulnerabilities and patches, and act on incidents using a unified cloud-based platform.
Endpoint Detection Response (EDR, EPP)
Reduces the risk of endpoint compromise by providing real-time detection, investigation, and automated response to threats across enterprise devices. Enables security teams to monitor endpoints for suspicious activity, correlate threats with vulnerabilities and patches, and act on incidents using a unified cloud-based platform.Qualys PCI ComplienceEnables organizations to automate and streamline the process of meeting PCI DSS (Payment Card Industry Data Security Standard) compliance requirements by providing cloud-based network scanning, vulnerability detection, remediation guidance, and reporting. Businesses can perform required quarterly scans of internet-facing environments, monitor PCI compliance status, and generate reports for auditors and acquiring banks.
Qualys PCI Complience
Enables organizations to automate and streamline the process of meeting PCI DSS (Payment Card Industry Data Security Standard) compliance requirements by providing cloud-based network scanning, vulnerability detection, remediation guidance, and reporting. Businesses can perform required quarterly scans of internet-facing environments, monitor PCI compliance status, and generate reports for auditors and acquiring banks.Qualys Web Application ScanningOrganizations can address the risk of vulnerabilities and data exposures across their web applications and APIs with automated discovery, scanning, and prioritization. This solution supports detection of OWASP Top 10 vulnerabilities, misconfigurations, personally identifiable information (PII) exposures, compliance issues, and advanced threats using dynamic application security testing (DAST), API security scanning, and AI-powered techniques.
Qualys Web Application Scanning
Organizations can address the risk of vulnerabilities and data exposures across their web applications and APIs with automated discovery, scanning, and prioritization. This solution supports detection of OWASP Top 10 vulnerabilities, misconfigurations, personally identifiable information (PII) exposures, compliance issues, and advanced threats using dynamic application security testing (DAST), API security scanning, and AI-powered techniques.