Since 2004, Mandiant has been a partner to security-conscious organizations. Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instills confidence in their readiness to defend against and respond to cyber threats.
N/A
Qualys TruRisk Platform
Score 6.9 out of 10
N/A
Qualys TruRisk Platform (formerly Qualys Cloud Platform, or Qualysguard), from San Francisco-based Qualys, is network security and vulnerability management software featuring app scanning and security, network device mapping and detection, vulnerability prioritization schedule and remediation, and other features to provide vulnerability management and network attack surface reduction.
N/A
Pricing
Mandiant Advantage Attack Surface Management
Qualys TruRisk Platform
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Mandiant Advantage Attack Surface Management
Qualys TruRisk Platform
Free Trial
Yes
No
Free/Freemium Version
Yes
No
Premium Consulting/Integration Services
Yes
No
Entry-level Setup Fee
Required
No setup fee
Additional Details
—
—
More Pricing Information
Features
Mandiant Advantage Attack Surface Management
Qualys TruRisk Platform
Threat Intelligence
Comparison of Threat Intelligence features of Product A and Product B
Mandiant Advantage Attack Surface Management
7.7
1 Ratings
3% below category average
Qualys TruRisk Platform
8.7
7 Ratings
9% above category average
Network Analytics
8.21 Ratings
8.96 Ratings
Threat Recognition
7.31 Ratings
8.37 Ratings
Vulnerability Classification
7.31 Ratings
8.87 Ratings
Automated Alerts and Reporting
8.21 Ratings
9.07 Ratings
Threat Analysis
8.21 Ratings
8.27 Ratings
Threat Intelligence Reporting
6.41 Ratings
8.97 Ratings
Automated Threat Identification
8.21 Ratings
8.77 Ratings
Vulnerability Management Tools
Comparison of Vulnerability Management Tools features of Product A and Product B
Many companies that have an presence can benefit from using Mandiant ASM to identify and manage their internet facing assets, like web servers, email servers and DNS servers. This helps reduce the risk of cyberattacks targeting these assets.However smaller organizations with exposure might not always need the extensive attack surface monitoring provided by Mandiant ASM. For example a small company with one website may not require much monitoring, as a larger corporation.
Qualys Cloud Platform is well suited for organizations that need additional tools to secure and bolster their security from end to end. The automated, real-time threat protection is very quick to notify an admin of potential vulnerabilities and risks, as well as recommending quick fixes to resolve/close the gap before an incident occurs. QCP excels at portraying all of these in a single pane of glass, and find that the Qualys reports are more detailed than competitor product lines. One of our big issues with QCP is that you do have to pay for each scanner, which can quickly add up to large costs. For this reason, I would rate Qualys at a ~7 due to great features and functionality, but overall value could be better for a large organization. I would also say that QCP may make more sense for smaller organizations due to this pricing model.
Mandiant ASM combines sources of information such, as assets through the internet cloud resources and suppliers from third parties. This comprehensive approach provides organizations with an understanding of their external attack surface.
With scanning Mandiant ASM identifies threats and vulnerabilities present on the external attack surface and promptly notifies users. Whenever a new threat or vulnerability is detected an alert is generated to empower enterprises to take action in mitigating the risks.
Mandiant ASM assesses risks based on their likelihood of exploitation impact on organizations and severity. This prioritization enables organizations to focus their efforts, on addressing the risks effectively.
It really does well at vulnerability scanning, which it is well known for. It's accuracy at finding vulnerabilities is top notch, more so than a lot of other vulnerability tools out there. In an organization/company you want this kind of accuracy at finding vulnerabilities in your network/endpoints
It is very good at managing endpoints on a consistent basis, meaning you can add endpoints to Qualys and have the platform scan/track/protect for vulnerabilities on an ongoing basis, without user intervention
It does really well at separating out and identifying what levels of criticality each vulnerability should fall into. This way, an organization/company can attack the more critical vulnerabilities first
To enhance user experience it would be beneficial to make the interface more user friendly and easier to navigate. This can be achieved by simplifying the layout offering help when needed and utilizing terminology that's easily understandable.
Additionally incorporating reporting features that are customizable will empower users to generate reports tailored to their individual requirements.
In order to enhance the solutions efficiency optimizing the code and implementing data structures would prove valuable.
This program is really complicated, the multiple functions that are presented to us are not very clear and in some cases, it is a matter of intuition to execute a function, it is not very informative.
The interface of this program can be a real problem; for our taste, this program looks a bit messy, and the interface does not help or guide you to find the options you need.
Again, the usability of Qualys has been a pinpoint for this entire review. It was easily the worst thing about the product and because of this, I would not recommend Qualys to anybody in my field. This should be something that Qualys strives to improve if they wish to stay in business.
They had a support page within the WAS to report any concerns or seek help. But the UI of that is not smooth. Regardless support staff were pretty responsive and helpful. They scheduled calls to understand and address our problems. Email support is good as well.
I decided to go with Mandiant Advantage Attack Surface Management because it offers a range of features performs excellently and is easy to use. What I really appreciate about Mandiant is their commitment, to innovation and their proven track record, in ensuring security.
As described before Qualys is used to scan periodically the environment in order to check if there are some packages (Linux) or Applications (Windows) outdated, generating reports to the Service Owners, fulfilling what's is expected from us, attending all our expectations regarding the tool. That's why we'd choose Qualys to our organization.
Automation plays a role in saving time by streamlining operations related to attack surface management. These include automated asset discovery, vulnerability scanning and continuous monitoring of threat intelligence. As a result security teams can allocate their efforts towards projects such as security planning and incident response.
ASM provides a view of the external attack surface, for businesses encompassing internet facing assets, cloud resources and third party vendors. This enhances the understanding of assets enabling organizations to identify and prioritize risks effectively and make decisions on security investments
One notable advantage is cost savings. By eliminating the need to purchase and maintain security tools ASM becomes a solution for enterprises. It can replace products, like asset discovery tools, vulnerability management tools and threat intelligence feeds with its capabilities.
