We compared Qualys VMDR and Rapid7 InsightVM based on our users reviews in six parameters. After reading the collected data, you can find our conclusion below:
The setup process for Qualys VMDR was considered simple and quick, with users reporting it taking anywhere from a few minutes to a couple of days. However, there were some difficulties mentioned regarding integration and data privacy. Despite these challenges, the overall feedback on the setup was positive. On the other hand, the initial setup for Rapid7 InsightVM had mixed experiences. While some users found it easy and completed it within an hour or a few hours, others faced difficulties and it took them several months, even with professional assistance. The ease of setup was generally rated between three to five out of five.
Qualys VMDR is notable for its effective prioritization system, ongoing monitoring, adaptable dashboard, and extensive vulnerability overview. On the other hand, Rapid7 InsightVM stands out for its efficient scan engine installation, precise scanning, customizable dashboards, and risk scoring.
Both Qualys VMDR and Rapid7 InsightVM have areas that could be improved. Qualys VMDR could enhance user experience and UI design, improve SLA tracking and batch prioritization, integrate with other products, and improve reporting. On the other hand, Rapid7 InsightVM needs better integration, enhanced reporting, improved user-friendliness, and stronger customer support.
The cost of setting up Qualys VMDR can differ based on required features, with reviewers finding it reasonably priced or competitive. However, there are extra charges for specific features. In contrast, Rapid7 InsightVM is generally considered to be more expensive, but some users find the pricing reasonable because of the flexibility in defining assets and sites.
Qualys VMDR is praised for its positive impact on ROI, effectively mitigating risks and enhancing cybersecurity. Nonetheless, there are apprehensions regarding rising expenses. On the other hand, Rapid7 InsightVM is highly regarded for its outstanding ROI, effectively thwarting cyber attacks and delivering substantial value. While some reviewers perceive the ROI as satisfactory, others consider it to be moderate.
The customer service for Qualys VMDR has received both positive and negative feedback. Some customers appreciate the convenience of accessing a global team and the implementation of suggested improvements. However, there are concerns about the response time and the expertise of the support personnel. In contrast, Rapid7 InsightVM's support is generally regarded as good, with well-informed technical assistance. Nonetheless, there have been instances of delayed response time.
Comparison Results
Based on the reviews, Qualys VMDR offers a simple and convenient setup process, along with a strong prioritization system and valuable features. However, it requires enhancements in user experience, integration, reporting, and pricing. On the other hand, Rapid7 InsightVM also provides an easy setup, valuable features like scan engines and customizable dashboards. It could benefit from improved integration, reporting, user-friendliness, and customer support. Qualys VMDR seems to have an advantage in prioritization and comprehensive vulnerability management, while Rapid7 InsightVM may excel in scan optimization and remediation management.
"Performs automated, regular scans in the network."
"They also have threat detection which maps threats. There is a feed that comes from Qualys when a new vulnerability is found. It tells us which machines are infected with that vulnerability."
"What I like about Qualys VM is the dashboard presentation. It's very good."
"The solution is easy to use."
"Vulnerability management is the most valuable one and it’s a must in every organization."
"The reporting is fine."
"The most valuable feature is the certificate management."
"Qualys VM's best feature is vulnerability management."
"When you connect any new device to the network, Rapid7 has the ability to detect the new device immediately. It can scan that device to detect if it has any vulnerability. It tells you what is vulnerable and what has been misconfigured. It also tells you what is the risk of that misconfiguration or lack of patches and how to resolve the problem."
"NeXpose is a pretty good vulnerability scanner... There's a nice dashboard."
"We are very satisfied with the reports, as they provide us with the information that is required for our management."
"We feel the interface is very good. It is very easy to use, even a nontechnical person can use it."
"The cost is what is most valuable. Compared to the other products on the market, the cost is more palatable."
"The discovery and prioritization of vulnerabilities."
"It is stable and scalable."
"You can bring in and get online to do reports fairly quickly,"
"The IoT scan is not great."
"The tool needs to improve the adding assets and report generation features. I would like to see the policy scan of offline appliances in the product's future releases."
"Qualys VM's machine learning and artificial intelligence features could be improved."
"It's too early for me to say if there is any room for improvement since we're in the first couple of months of using this solution."
"Certain integration factors between different options could be improved."
"Make some minimal dashboard improvements."
"Qualys could be improved in its overall performance compared to other vulnerability management or scanning tools."
"Qualys VM's scanner doesn't pick up every vulnerability, so we have to use multiple scanners to cover that gap."
"There are certain limitations because of the product being used on a hybrid model. Rapid7 InsightVM doesn't offer a solution purely in the cloud."
"A definite improvement would be to make it easier to run ad-hoc scans without needing to assign the asset to a site or group."
"This solution integrates with another module in Metasploit, that doesn't exist in the other solutions. It is subscribed to on our roadmap, but we chose to implement both Nexppose and AppSpider."
"I would like to see more integration."
"The solution needs to improve its vulnerability design to include CVC results."
"There was functionality present previously, however, currently, we can't integrate directly with Jira Service Desk - only the cloud version."
"The drawback is that it is still not a fully SaaS solution, so you must deploy a console."
"Their customer support should be improved, and the effectiveness of scans also needs to be improved."
Qualys VMDR is ranked 3rd in Risk-Based Vulnerability Management with 77 reviews while Rapid7 InsightVM is ranked 4th in Risk-Based Vulnerability Management with 55 reviews. Qualys VMDR is rated 8.2, while Rapid7 InsightVM is rated 8.0. The top reviewer of Qualys VMDR writes "Good visibility but expensive and needs better support". On the other hand, the top reviewer of Rapid7 InsightVM writes "You can scan a network, and receive recommendations to address vulnerabilities with the click of a button". Qualys VMDR is most compared with Tenable Nessus, Tenable Security Center, Microsoft Defender Vulnerability Management, Tenable Vulnerability Management and Tanium, whereas Rapid7 InsightVM is most compared with Tenable Nessus, Tenable Security Center, Microsoft Defender Vulnerability Management, Wiz and Rapid7 InsightIDR. See our Qualys VMDR vs. Rapid7 InsightVM report.
See our list of best Risk-Based Vulnerability Management vendors.
We monitor all Risk-Based Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.