Qualys faces structural market-share pressure from Tenable across the vulnerability management market, and that pressure has transformed deal-desk discount authority in ways the company's first-pass proposals don't reflect. The Enterprise TruRisk Platform narrative is designed to defend installed-base accounts from Tenable and CrowdStrike displacement — and customers who engage on platform positioning with credible competitive alternatives routinely close at 46–68% off list. This guide shows how — based on 105+ benchmarked Qualys deals. For list context, see our Qualys VMDR pricing guide and the cybersecurity software category benchmark.
Why Qualys Discounts Are Larger Than They Admit
Qualys projects itself as the established, stable VMDR platform. In practice, five years of market-share loss to Tenable has fundamentally changed the deal-desk posture — even if first-pass proposals don't reflect it. Five structural realities drive deeper discount capacity than Qualys reps reveal upfront.
First, Qualys's market-share position has deteriorated in vulnerability management. Gartner, Forrester, and industry trackers show Qualys losing VMDR share to Tenable across multiple consecutive measurement periods. That competitive pressure has expanded discount authority meaningfully — Qualys deal desk approves 8–14 points deeper discount on contested accounts today than equivalent accounts received three years ago. Customers who position credible Tenable displacement threat capture that expanded capacity.
Second, Enterprise TruRisk Platform (ETP) consolidation is Qualys's installed-base defense mechanism, and platform-tier discount economics reflect that strategic urgency. ETP commitments that bundle VMDR, TotalCloud, Patch Management, Policy Compliance, WAS, EDR/XDR, Cloud Agent, and CyberSecurity Asset Management unlock 20–30% additional discount beyond module-level pricing. Customers who engage ETP as a commercial consolidation vehicle — not just a technical story — capture the full platform discount.
Third, Qualys's asset-based pricing model creates volume-tier nonlinearities similar to Tenable. Volume-tier transitions at 10,000, 25,000, 100,000, and 250,000+ assets each unlock discount tier changes. First-pass proposals routinely price at the lower end of the achieved tier. Asset-count negotiation alone routinely captures 5–9 points of discount.
Fourth, Qualys's calendar-year fiscal close creates predictable Q4 leverage. Qualys fiscal year ends December 31. The last three weeks of December carry peak discount authority, with deal-desk turnaround compressing from 5–10 business days to 48 hours. Most customers default to their own budget cycle rather than Qualys's fiscal dynamics and miss 5–8 points of discount depth that December close routinely delivers.
Fifth, Qualys Cloud Agent deployments hide asset-count inflation. Cloud Agent discovers more assets than traditional scanning — virtualized, containerized, and ephemeral workloads that wouldn't appear in scan-based inventories. Standard contracts true-up these discovered assets at full per-asset pricing, effectively inflating cost 15–30% over the term as agent coverage expands. Negotiate separate asset categorization for agent-discovered assets with bundled pricing.
The Discount Levers That Actually Work With Qualys
These seven levers reliably move Qualys deal desk. In combination with December timing, they compound into 46–68% off list.
01 — Bring a written Tenable proposal
The single strongest Qualys lever. A written Tenable VM or Tenable One proposal sized to your environment with specific asset pricing and module coverage produces 8–14 points of Qualys discount improvement over generic competitive framing. Qualys deal desk specifically defends against Tenable displacement — having a documented Tenable evaluation is the entry ticket to Qualys's deepest discount authority on contested accounts.
02 — Position Enterprise TruRisk Platform as platform displacement
If ETP is the destination, position it explicitly as Tenable One, CrowdStrike Falcon Exposure Management, or Wiz platform displacement. Map Qualys modules to the alternative platform's modules: VMDR → Tenable VM or Wiz VM, TotalCloud → Tenable.cs or Wiz, Patch Management → Tenable Patch or SCCM, EDR/XDR → Tenable D1 or CrowdStrike Falcon. The platform-displacement framing unlocks Qualys's deepest discount authority.
03 — Negotiate asset-count tier maximization
Understand Qualys's volume tiers and negotiate at tier ceilings. For customers between 20,000 and 25,000 assets, negotiate 25,000-asset tier pricing with asset ramp. For customers between 80,000 and 100,000 assets, negotiate 100,000-asset tier pricing. Tier-ceiling pricing with ramp routinely captures 5–9 points of discount without increasing commitment risk.
04 — Negotiate Cloud Agent asset-count protection
Often the largest hidden cost lever over the term. Cloud Agent discovers 20–40% more assets than traditional scanning. Negotiate separate asset categorization for agent-discovered ephemeral assets (containers, serverless, short-lived VMs) with bundled pricing at 40–55% discount from per-asset rate. Annual true-up (not quarterly) with 15% asset-count buffer.
05 — Cap annual uplift and lock asset categories
Cap annual renewal uplift at lower of US CPI or 3%, applied to effective per-asset and per-user rates. Lock asset category definitions (standard, privileged, cloud, container, OT, mobile) with fixed per-category pricing through the renewal. Qualys cannot reclassify assets into higher-priced categories without customer consent.
06 — Demand per-module discount transparency
Qualys ETP bundles obscure module-level pricing. Demand per-module discount percentages on the order form — VMDR, TotalCloud, Patch Management, Policy Compliance, WAS, EDR/XDR, Cloud Agent. Module-level transparency surfaces inconsistencies where newer modules (EDR/XDR, TotalCloud AI) discount deeper than VMDR, creating negotiation opportunity.
07 — Time to Qualys fiscal Q4 close (October–December)
Qualys FY ends December 31. The last three weeks of December deliver peak discount authority. Deal-desk exceptions clear in 48 hours versus the normal 5–10 business days. Start negotiation 90–120 days out, have all terms finalized by mid-December, and close on December 18–29. The Q4 premium over Q2 close is typically 5–8 points of discount depth.
Overpaying for Qualys?
Upload your Qualys proposal and get a full benchmark analysis within 24 hours. Per-SKU discount benchmarks across VMDR, TotalCloud, Patch Management, EDR/XDR, and Enterprise TruRisk Platform, asset-tier optimization, Cloud Agent exposure, and renewal uplift risk — quantified line by line.
Submit Your Contract →Typical Discount Ranges: What Comparable Companies Actually Achieve
These ranges reflect Qualys deals benchmarked across 2024–2026. "Achievable with leverage" assumes a written Tenable alternative, ETP platform positioning where relevant, asset-tier maximization, and Qualys December close.
| Deal Profile | Typical Discount | Achievable With Leverage | Notes |
|---|---|---|---|
| Qualys VMDR, < 10,000 assets | 22–32% | 32–42% | Entry tier. Below strategic threshold. |
| Qualys VMDR, 10,000–25,000 assets | 30–40% | 40–50% | Mid-tier. Tenable VM alternative essential. |
| Qualys VMDR, 25,000–100,000 assets | 38–48% | 48–58% | Strategic tier. Tier-ceiling pricing lever. |
| Qualys VMDR, 100,000+ assets | 45–55% | 55–65% | Enterprise tier. Multi-year commitment preferred. |
| Enterprise TruRisk Platform (ETP), 25,000+ assets | 48–58% | 58–68% | Full platform. Requires phased adoption structure. |
| Tenable displacement defense deal | 52–62% | 62–70% | Contested installed-base defense. Deep discount authority. |
| TotalCloud standalone, 5,000+ cloud assets | 28–38% | 42–52% | Competitive vs. Wiz, Prisma Cloud, Orca Security. |
| EDR/XDR standalone, 10,000+ endpoints | 25–35% | 35–48% | Competitive vs. CrowdStrike, SentinelOne. |
The compound lever most customers miss: Qualys's defensive posture against Tenable has transformed deal-desk authority in ways that published pricing and first-pass proposals don't reflect. Customers who engage Qualys with documented Tenable evaluations and ETP platform positioning routinely close at TCO 20–28% below customers who accept first-pass VMDR renewals at face value.
Timing Your Qualys Negotiation for Maximum Leverage
Qualys FY runs January 1 – December 31. Quarter-end dynamics at Qualys favor late-December closes.
The Q4 Window (October – December)
The last three weeks of December deliver the deepest discount authority of the year. Deal-desk exceptions clear in 48 hours versus the normal 5–10 business days. For Enterprise TruRisk Platform commitments, Tenable displacement defense, and 3-year renewals, December close is strongly preferred.
The Q2 Close (April – June)
Half-year push. 65–75% of Q4 discount authority. Useful if your IT budget cycle forces a July commitment or your renewal anniversary falls in May–June.
The Worst Windows
January and February — Qualys Q1 — carry reduced discount authority post-quota reset. If your renewal anniversary falls January–February, extend current subscription 60–90 days to align with Q2 or Q4.
Subscription Auto-Renewal Windows
Qualys subscriptions auto-renew unless customer provides formal non-renewal notice typically 60–90 days before anniversary. Miss the window and you're renewed at Qualys's standard uplift with asset-count true-up applied at quarterly cadence. Send formal written notice of evaluation 120 days before anniversary.
What to Do When Qualys Says No
Qualys's enterprise reps operate with specific objection-handling scripts centered on ETP and TruRisk positioning. Here's how to move through them.
"Qualys is the most established VMDR platform — our pricing reflects stability premium." Standard framing. Counter: "Established position doesn't establish price; comparable delivered value does. Our Tenable One proposal delivers equivalent coverage at 26% lower 3-year TCO. Please price against the Tenable proposal, not against Qualys's positioning narrative."
"Enterprise TruRisk Platform is priced as a platform — we can't break out module discount." Structural resistance. Counter: "Every platform commitment we sign has per-module transparency. Without per-module discount visibility, we cannot benchmark against comparable customers. Please provide per-module discount percentages on the ETP order form."
"Cloud Agent asset discovery is part of standard per-asset pricing — no separate category." Revenue protection. Counter: "Cloud Agent discovers 20–40% more ephemeral assets than traditional scanning. Pricing these at full per-asset rates inflates TCO 15–30% over the term. We need separate asset categorization for agent-discovered ephemeral assets at bundled discount pricing."
"Asset true-up is quarterly standard — we don't do annual true-up." Contestable. Counter: "Enterprise customers uniformly negotiate annual true-up with asset-count buffer. Quarterly true-up creates cost unpredictability. Please provide annual true-up with 15% asset-count buffer as a term of this renewal."
"TotalCloud pricing is standardized — we can't discount against Wiz." Mis-framing. Counter: "Wiz is winning cloud security displacement for specific pricing and capability reasons. We have a documented Wiz proposal. Please price TotalCloud against the documented Wiz proposal, not against Qualys internal TotalCloud pricing policy."
Get a 24-hour Qualys benchmark
We compare your Qualys proposal line-by-line against 105+ benchmarked VMDR, TotalCloud, Patch Management, EDR/XDR, and Enterprise TruRisk Platform deals. Per-SKU rates, asset-tier optimization, Cloud Agent exposure, Tenable displacement analysis, and renewal protections — quantified.
Contact Us →Contract Language That Protects You at Renewal
These clauses should appear in every Qualys agreement.
Renewal Uplift Cap
Annual renewal uplift capped at lower of US CPI or 3%, applied to effective per-asset and per-user rates. Cap preserved across mid-term expansion.
Asset Category Lock
Asset category definitions (standard, privileged, cloud, container, ephemeral, OT, mobile) fixed in the order form. Per-category pricing locked through the renewal. Qualys cannot reclassify assets into higher-priced categories without customer consent.
Asset True-Up Terms
Annual asset true-up (not quarterly), with 10–15% asset-count buffer before true-up applies. Overage priced at committed-tier discount. Asset ramp provisions for multi-year deals assuming growth rather than baseline count.
Cloud Agent Asset Protection
Cloud Agent–discovered ephemeral assets (containers, serverless workloads, short-lived VMs) priced at 40–55% discount from standard per-asset rate. Cloud Agent rollout treated as coverage expansion, not per-asset uplift.
ETP Platform Flexibility
Enterprise TruRisk Platform commitments tied to phased adoption milestones with deactivation rights if milestones slip. Discount on remaining modules preserved when deactivating failed adoption module.
Module Pricing Lock
New Qualys modules (TotalCloud AI, CyberSecurity Asset Management, EDR/XDR enhancements) launched during the term priced at the same discount tier as existing commitment. Premium pricing on new modules prohibited.
Auto-Renewal Notice Window
90 days' notice to non-renew, effective on delivery. Auto-renewal only at same discount tier, module scope, and commitment.
Benchmarking Clause
Right to benchmark renewal pricing against comparable Qualys customers annually, with right to invoke renegotiation if benchmarked pricing exceeds market by 10%+.
Frequently Asked Questions
What discount can I negotiate on Qualys?
Qualys list pricing supports 40–68% discounts for Fortune 500 buyers. Our benchmarked deals show median 46% off list on 3-year Qualys VMDR commitments over 25,000 assets, rising to 56–68% on full Enterprise TruRisk Platform deals with written Tenable and Rapid7 competitive proposals. Qualys's ongoing market-share defense against Tenable has meaningfully expanded deal-desk discount authority — particularly on contested VMDR renewals where Tenable displacement is the stated alternative.
Should I commit to Qualys Enterprise TruRisk Platform?
Evaluate carefully. Enterprise TruRisk Platform (ETP) bundles VMDR, TotalCloud, Patch Management, Policy Compliance, Web Application Scanning, EDR, XDR, Cloud Agent, and CyberSecurity Asset Management into platform-tier pricing. Platform commitments unlock 20–30% additional discount beyond VMDR-only deals and position Qualys against Tenable One, CrowdStrike Falcon Exposure Management, and Wiz. Platform makes sense when you have genuine exposure management consolidation strategy. It doesn't make sense as a pure discount play — committing to modules you won't deploy wastes budget. Accept ETP with phased adoption milestones and deactivation rights.
How aggressive is Qualys on renewal uplift?
Moderate to aggressive — more aggressive than Tenable, particularly on VMDR-only installed-base accounts that haven't expanded to platform. Default renewal posture includes 6–12% uplift on asset subscriptions, aggressive asset-category reclassification (moving assets to higher-priced tiers), TotalCloud and EDR/XDR expansion pressure, and Patch Management upsell. Qualys's TruRisk platform push is the primary renewal dynamic — customers who don't engage on platform positioning face flat-tier pricing without expanded discount access. Cap annual uplift at CPI or 3%, lock asset category definitions, and engage on platform structuring to access deeper discount.
What's the best leverage for a Qualys discount?
A written Tenable proposal is the single strongest Qualys lever — these two vendors compete head-to-head across vulnerability management and exposure management, and Qualys deal desk is specifically structured to defend against Tenable displacement. Qualys has lost VMDR market share to Tenable over multiple consecutive periods, which has meaningfully expanded deal-desk authority on contested accounts. Add a written Rapid7 InsightVM proposal for mid-market deals and a written CrowdStrike Falcon Exposure Management or Wiz proposal for platform-level evaluations. Qualys's calendar-year fiscal close (December 31) compounds the leverage.
Can I negotiate Qualys asset-count true-up terms?
Yes — Qualys asset-count true-up is highly negotiable and often the largest dollar lever over the contract term. Standard proposals true-up assets quarterly at standard list pricing, creating 8–14% effective cost escalation as asset counts grow. Negotiate annual true-up (not quarterly), asset-count buffer of 10–15% before true-up applies, and overage pricing at committed-tier discount. Qualys Cloud Agent deployments in particular create asset-count discovery that inflates true-up — negotiate separate asset categorization for agent-discovered assets with bundled pricing below standard per-asset rates.
Next Steps
Qualys negotiations reward Tenable competitive positioning and Cloud Agent discipline. The worst-priced Qualys renewals we benchmark share a pattern: no written Tenable alternative, asset count at mid-tier rather than ceiling, Cloud Agent assets priced at full per-asset rates, true-up quarterly at list, no asset-count buffer, and renewals closed in Qualys Q1. The best-priced renewals do the opposite: documented Tenable VM evaluation, asset-tier ceiling with ramp pricing, Cloud Agent ephemeral asset bundle pricing, annual true-up with buffer, per-module transparency on ETP, and late-December close.
If you're 3–12 months from a Qualys renewal, an ETP platform decision, or a strategic exposure management consolidation, upload your current proposals for a 48-hour benchmark analysis. We'll compare your per-SKU rates, asset-tier optimization, Cloud Agent exposure, Tenable displacement economics, and renewal protections against 105+ live Qualys contracts.
For related reading, see the Qualys VMDR pricing guide, the cybersecurity software category benchmark, the Tenable One pricing guide, the Tenable negotiation guide, and the Rapid7 InsightVM pricing guide for competitive context.