• Home
  • Fortinet FortiWeb vs. Qualys VMDR

Fortinet FortiWeb vs Qualys VMDR comparison

Cancel
You must select at least 2 products to compare!
Fortinet Logo
Fortinet FortiWeb
Read 83 Fortinet FortiWeb reviews
9,313 views|6,665 comparisons
88% willing to recommend
Qualys Logo
Qualys VMDR
Read 77 Qualys VMDR reviews
6,732 views|5,110 comparisons
93% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Web Application Firewall (WAF)
May 2024
Executive Summary

We performed a comparison between Fortinet FortiWeb and Qualys VMDR based on real PeerSpot user reviews.

Find out what your peers are saying about Amazon Web Services (AWS), F5, Microsoft and others in Web Application Firewall (WAF).
To learn more, read our detailed Web Application Firewall (WAF) Report (Updated: May 2024).
Download the complete report
772,679 professionals have used our research since 2012.
Featured Review
Anonymous User
Works fine for classic websites and simple load balancing but lacks specialized protection
The WAF profiles has been most effective at mitigating web-based threats – probably something standardized, but again, we haven't tested it on... Read more →
Jan Vobruba
Easy to use, well supported with continually improving functionality
The functionality continues to improve and knowing when there are security issues is very helpful.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It is easy to install and to maintain.""It can scale well.""FortiWeb is easy to operate with a reasonably high level of protection. FortiWeb provides multiple deployment options with a physical or virtual (FortiWeb-VM) appliance, and acts either as a reverse/transparent proxy or out-of-band. It is also available on AWS and Azure.""The valuable feature of Fortinet FortiWeb vulnerability scanner""Security Fabric integration. This is really a value-added feature as FortiWeb can interact with the rest of the client’s Fortinet pack to provide an intelligent security layer like (FortiSIEM for central log management and correlation, FortiGate, FortiSandbox for malware analysis, etc.).""FortiWeb offers machine learning in the latest product. This fixed many problems. There are no false negatives.""It's stable and works efficiently against OWASP Top 10 attacks.""Technical support is very good."

More Fortinet FortiWeb Pros →

"We also like the flexibility in their licensing.""The initial setup was good. We didn't have any problems with it.""They also have threat detection which maps threats. There is a feed that comes from Qualys when a new vulnerability is found. It tells us which machines are infected with that vulnerability.""The most valuable feature is automation.""Performs automated, regular scans in the network.""Technical support is fantastic.""I am impressed with the VMDR feature.""I like Qualys because it is a very complete product, more so than Tenable."

More Qualys VMDR Pros →

Cons
"The product’s stability could be improved.""The Layer 7 DDoS attacks need improvement, it could be better.""A user interface or dashboard for troubleshooting is needed.""Another area for improvement is logging. When troubleshooting, the logs sometimes take a while to update. We've had people report that some things aren't logged if they're successful. It's a bit hit-and-miss. For example, sometimes people access one of our services, and it's successful, but we don't see that in the logs.""Fortinet FortiWeb needs to improve the way it's configured. Common services like publishing exchange should be done in one click only.""I had some small problems when I was upgrading firmware. After the upgrade, some of my certificates were deleted.​""The reporting could be optimized.""For advanced users, it would be really useful to have access and the ability to manipulate packets. If we can access and manipulate the contents of packets, even encrypted packets... that would be powerful. Since we're looking at packets arriving at our network, we would have the private key to access those packets and their information."

More Fortinet FortiWeb Cons →

"It's quite complex on the way it is set up, so it takes a fair bit of time in order to get your head around it in order to deploy it. Once you've deployed it, then you're never confident on the versions of the browsers and the SSL certificates, etc. You have to always go back into Qualys and check.""The price could be better. Asset view is still a legacy feature. I'm not able to extract the information about the asset with complete details. It would be better if they fixed that in the next release. I know Qualys is already working on it, so I'm hopeful it will be available in the next five or six months. That would be something that's changed where I seek improvement.""The customer support is very bad.""It is a struggle to be able to pull our report and to be able to do onboarding using automated tools.""Qualys VM's scanner doesn't pick up every vulnerability, so we have to use multiple scanners to cover that gap.""The reporting needs improvement. It should generate much more stuff like field reports.""Qualys VMDR is basically susceptible to false positives, and false negatives.""Sometimes the scanning can get overwhelmed and start to drag when a lot of users are trying to scan at once."

More Qualys VMDR Cons →

Pricing and Cost Advice
  • "Cheaper than others."
  • "FortiWeb can be purchased in VM mode for a lower price and the same features."
  • "Keep a loose margin between your actual bandwidth and the product sizing when using hardware appliances. Only virtual machines are upgradable to larger sizes."
  • "​It really pays off to buy licences for multiple years​."
  • "​The pricing is reasonable."
  • "The license cost depends on the size of the box or the size of the solution. It can go from €200 Euros to a few hundred thousand Euros a year depending on your size."
  • "The solution gives us the best price to performance ratio."
  • "The costs are standard. We pay around $1,600 yearly."

    • More Fortinet FortiWeb Pricing and Cost Advice →

  • "Usually every implementation is different and the quote is in function of number of assets."
  • "When you want to cover yourself for scalability, you will be charged for the number you place on the scan itself."
  • "It is more expensive than other products on the market."
  • "They have recently changed the pricing model, which is now better than it was before."
  • "It is different for every company, but for us, it's every three years."
  • "Qualys is cheaper and more affordable than other solutions."
  • "The pricing and licensing for Qualys could be improved."
  • "The license is on a yearly basis."

    • More Qualys VMDR Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
    See Recommendations
    772,679 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about Fortinet FortiWeb?
    Top Answer:The WAF profiles has been effective at mitigating web-based threats.
    Read all 48 answers   →
    What is your experience regarding pricing and costs for Fortinet FortiWeb?
    Top Answer:The pricing is in the middle. I would rate the pricing a five out of ten. It feels like a justified cost for the features, but it might get more expensive in the future. Also, keep in mind that Check… more »
    Read all 38 answers   →
    What needs improvement with Fortinet FortiWeb?
    Top Answer:I'd like more customization. I'm not sure if everyone would agree, as it might add complexity. But for advanced users, it would be really useful to have access and the ability to manipulate packets… more »
    Read all 48 answers   →
    What is your primary use case for Qualys VM?
    Top Answer:Qualys VM is used for vulnerability scans for the internet and applications using application exchange. There are many applications. We also use the solution for asset management per team, and the… more »
    Read all 36 answers   →
    What do you like most about Qualys VMDR?
    Top Answer:I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagging system is good for tagging. We can still use QualysAgent task ID tools even if… more »
    Read all 57 answers   →
    What is your experience regarding pricing and costs for Qualys VMDR?
    Top Answer:We have an annual contract for Qualys VMDR. I believe it's for either two years or five years.
    Read all 34 answers   →
    Ranking
    4th
    out of 82 in Web Application Firewall (WAF)
    Views
    9,313
    Comparisons
    6,665
    Reviews
    22
    Average Words per Review
    754
    Rating
    7.7
    3rd
    out of 42 in Risk-Based Vulnerability Management
    Views
    6,732
    Comparisons
    5,110
    Reviews
    23
    Average Words per Review
    446
    Rating
    7.9
    Comparisons
    Also Known As
    Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security, Qualys Virtual Scanner Appliance
    Learn More
    Fortinet
    Qualys
    Overview

    Fortinet FortiWeb is a Web Application Firewall (WAF) that protects your web applications and APIs from attacks targeting known as well as unknown vulnerabilities. As the surface of your web applications evolves with each change of existing features and deployment of new features, your APIs are left exposed. Fortinet FortiWeb provides the board protection capabilities required to protect web applications without sacrificing performance or manageability.

    Fortinet FortiWeb is an automatic, advanced multi-layer solution that provides secure protection by discerning irregular behavior and distinguishing between malicious and benign anomalies. In addition, the approach delivers powerful bot mitigation capacities which authorize harmless bots to connect while blocking malicious bot activity securely. Regardless of where an application is hosted, Fortinet FortiWeb will safeguard business applications by providing deployment options, such as virtual machines, hardware appliances, and containers that can be deployed in the data center, cloud environments, or in the cloud-native SaaS solution.

    Fortinet FortiWeb Features and Benefits

    APIs and web applications have become integral to the rising demand for business-critical applications. Now more than ever, businesses are in need of an automatic firewall that will provide them with security, without sacrificing performance or reliability. Fortinet FortiWeb offers a variety of features and benefits, including:

    • Security fabric integration: FortiWeb integrates with other Fortinet solutions to provide advanced protection from persistent threats.

    • Proven web application and API protection: FortiWeb safeguards applications from all DDOS attacks, malicious bot attacks, and OWASP Top-10 threats.

    • Advanced visual analytics: FortiWeb offers a unique visual reporting tool that other WAF solutions don’t by providing a detailed analysis of attack elements and sources.

    • Hardware-based acceleration: With fast and secure traffic encryption and decryption, FortiWeb provides best-in-class WAF protection.

    • ML-based threat detection: FortiWeb delivers multi-layer machine learning defense protection to defend against zero-day attacks and reduce false positives.

    • False positive mitigation tools: Reduce daily management of policies through advanced tools to guarantee only unwanted traffic is blocked.

    Reviews from Real Users

    Fortinet FortiWeb offers an industry-leading Web Application Firewall, and users are satisfied with it for a number of reasons, including the ability to control everything from the dashboard and the PCI-compliant reports it offers.

    Carlos P., director of business and digital transformation at SERNIVEL3, notes, "You have the ability to control everything from one single dashboard."

    A director at a tech service company, says, "Banks have to be compliant with PCI and other things, and FortiWeb is absolutely amazing in terms of providing these reports. Otherwise, they will have to spend a lot of time on them."

    Vulnerability Management, Detection, and Response (VMDR) is a cornerstone product of the Qualys TruRisk Platform and a global leader in the enterprise-grade vulnerability management (VM) vendor space. With VMDR, enterprises are empowered with visibility and insight into cyber risk exposure - making it easy to prioritize vulnerabilities, assets, or groups of assets based on business risk. Security teams can take action to mitigate risk, helping the business measure their actual risk exposure over time. 

    Qualys VMDR offers an all-inclusive risk-based vulnerability management solution to prioritize vulnerabilities and assets based on risk and business criticality. VMDR seamlessly integrates with configuration management databases (CMDB), Qualys Patch Management, Custom Assessment and Remediation (CAR), Qualys TotalCloud and other Qualys and non-Qualys solutions to facilitate vulnerability detection and remediation across the entire enterprise.

    With VMDR, users are empowered with actionable risk insights that translate vulnerabilities and exploits into optimized remediation actions based on business impact. Qualys customers can now aggregate and orchestrate data from the Qualys Threat Library, 25+ threat intelligence feeds, and third-party security and IT solutions, empowering organizations to measure, communicate, and eliminate risk across on-premises, hybrid, and cloud environments.

    Sample Customers
    Lush, Barnabas Health, Options, Riverside Healthcare, Hillsbourough County Schools, Columbia Public Schools, Schiller AG
    Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx
    Top Industries
    REVIEWERS
    Financial Services Firm24%
    Comms Service Provider20%
    Computer Software Company17%
    Government10%
    VISITORS READING REVIEWS
    Educational Organization38%
    Computer Software Company12%
    Financial Services Firm7%
    Comms Service Provider6%
    REVIEWERS
    Financial Services Firm19%
    Comms Service Provider15%
    Manufacturing Company15%
    Transportation Company11%
    VISITORS READING REVIEWS
    Educational Organization33%
    Computer Software Company11%
    Financial Services Firm11%
    Manufacturing Company6%
    Company Size
    REVIEWERS
    Small Business49%
    Midsize Enterprise22%
    Large Enterprise28%
    VISITORS READING REVIEWS
    Small Business18%
    Midsize Enterprise48%
    Large Enterprise34%
    REVIEWERS
    Small Business19%
    Midsize Enterprise12%
    Large Enterprise69%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise41%
    Large Enterprise43%
    Buyer's Guide
    Web Application Firewall (WAF)
    May 2024
    Download Free Report
    Find out what your peers are saying about Amazon Web Services (AWS), F5, Microsoft and others in Web Application Firewall (WAF). Updated: May 2024.
    DOWNLOAD NOW
    772,679 professionals have used our research since 2012.

    Fortinet FortiWeb is ranked 4th in Web Application Firewall (WAF) with 83 reviews while Qualys VMDR is ranked 3rd in Risk-Based Vulnerability Management with 77 reviews. Fortinet FortiWeb is rated 8.0, while Qualys VMDR is rated 8.2. The top reviewer of Fortinet FortiWeb writes "Cost-effective, easy to configure, and works very well as a single solution for multiple environments". On the other hand, the top reviewer of Qualys VMDR writes "Good visibility but expensive and needs better support". Fortinet FortiWeb is most compared with F5 Advanced WAF, Fortinet FortiADC, AWS WAF, Azure Web Application Firewall and Imperva Web Application Firewall, whereas Qualys VMDR is most compared with Tenable Nessus, Tenable Security Center, Rapid7 InsightVM, Microsoft Defender Vulnerability Management and Tenable Vulnerability Management.

    We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.