• Home
  • Fortinet FortiWeb vs. Qualys VMDR

Fortinet FortiWeb vs Qualys VMDR comparison

Cancel
You must select at least 2 products to compare!
Fortinet Logo
Fortinet FortiWeb
Read 83 Fortinet FortiWeb reviews
9,391 views|6,820 comparisons
88% willing to recommend
Qualys Logo
Qualys VMDR
Read 77 Qualys VMDR reviews
6,806 views|5,195 comparisons
93% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Web Application Firewall (WAF)
May 2024
Executive Summary

We performed a comparison between Fortinet FortiWeb and Qualys VMDR based on real PeerSpot user reviews.

Find out what your peers are saying about Amazon Web Services (AWS), F5, Microsoft and others in Web Application Firewall (WAF).
To learn more, read our detailed Web Application Firewall (WAF) Report (Updated: May 2024).
Download the complete report
772,649 professionals have used our research since 2012.
Featured Review
Blair Griffith-Barwell
It comes with several preconfigured rule sets and templates that make deploying new applications easier
FortiWeb provides an additional layer of security that we didn't have previously. We have a next-generation firewall deployed in our cloud... Read more →
ManojKumar37
Efficient automation feature and provides us with a comprehensive security solution
It has improved our organization in many ways. We needed to have a security solution that focuses on different types of things. We discussed... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"This product is very user-friendly.""If I need something from tech support, I can get it answered within the hour.""The most valuable features are support and security.""Some of the threat detection analytics and the filtering capabilities they give us for filtering a certain type of information that we don't want coming into the site are its valuable features. The analytics are pretty good in terms of being able to see what threats have been detected and mitigated, where they're coming from, and things like that.""The most valuable feature in this solution is the ability to disseminate between the user entering some wrong value to the field, and a suspicious actor trying to exploit some known vulnerability.""The most valuable feature of Fortinet FortiWeb is the ease of integration and configuration.""The ease of configuration is valuable. We have Azure WAF, we have OCI WAF, and we also have Cloud Armor for GCP, but their configuration isn't very easy. It's pretty simple in FortiWeb, and we can enable or configure whatever we want.""One main feature we are very happy about is file security and upload functionality."

More Fortinet FortiWeb Pros →

"Provides great functionality.""I find the most valuable features are the continuous monitoring. Even on premises, there is constant monitoring.""The features that are most valuable are the identification, scan features, and the identification of vulnerabilities.""It is quite easy to implement.""It is very easy to use and there are lots of options. We can usually easily go through it and all of the things we want to configure, and we can configure everything to our specifications very easily.""The solution shows us classic categories, including high, medium, and low risks. It also shows critical items, and that gives us the advantage of prioritizing things.""Monitors workstations and servers for vulnerabilities and creates reports.""The most valuable feature is automation."

More Qualys VMDR Pros →

Cons
"A user interface or dashboard for troubleshooting is needed.""Fortinet FortiWeb is not scalable. You'll need more budget to change the hardware.""We use Kubernetes, so I would like to have a plugin to configure FortiWeb Cloud automatically using Kubernetes Ingress. That would reduce the complexity of setting up an Ingress object in Kubernetes. Some competing solutions help you configure Ingress and Kubernetes automatically.""The Layer 7 DDoS attacks need improvement, it could be better.""The solution is rather complicated. If you know what to do, it's not bad, but it's complicated for a first time user to configure the solution. What I'd like to improve are the custom signatures.""If the price was lower, it would be a bit more attractive, as an option, to the customers.""We have had problems with deployments where we've had to contact technical support to resolve them.""The GUI could be better. It's limited."

More Fortinet FortiWeb Cons →

"There's a need to upgrade or fix the potential vulnerability rate. Around 20,000 potential vulnerabilities were showing in Qualys VMDR, but none of the other tools showed them. When we checked, it wasn't the case. Support explained that even small issues were being counted as vulnerabilities, causing issues in our audit. So, the security features could be improved to identify vulnerabilities accurately.""Finding things in management can be quite difficult.""Make some minimal dashboard improvements.""The solution is a bit expensive if you do not have access to discounts.""The reporting and the GUI need improvements.""Qualys VM could improve by having more skilled support personnel.""Qualys VM's scanner doesn't pick up every vulnerability, so we have to use multiple scanners to cover that gap.""Certain integration factors between different options could be improved."

More Qualys VMDR Cons →

Pricing and Cost Advice
  • "Cheaper than others."
  • "FortiWeb can be purchased in VM mode for a lower price and the same features."
  • "Keep a loose margin between your actual bandwidth and the product sizing when using hardware appliances. Only virtual machines are upgradable to larger sizes."
  • "​It really pays off to buy licences for multiple years​."
  • "​The pricing is reasonable."
  • "The license cost depends on the size of the box or the size of the solution. It can go from €200 Euros to a few hundred thousand Euros a year depending on your size."
  • "The solution gives us the best price to performance ratio."
  • "The costs are standard. We pay around $1,600 yearly."

    • More Fortinet FortiWeb Pricing and Cost Advice →

  • "Usually every implementation is different and the quote is in function of number of assets."
  • "When you want to cover yourself for scalability, you will be charged for the number you place on the scan itself."
  • "It is more expensive than other products on the market."
  • "They have recently changed the pricing model, which is now better than it was before."
  • "It is different for every company, but for us, it's every three years."
  • "Qualys is cheaper and more affordable than other solutions."
  • "The pricing and licensing for Qualys could be improved."
  • "The license is on a yearly basis."

    • More Qualys VMDR Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
    See Recommendations
    772,649 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about Fortinet FortiWeb?
    Top Answer:The WAF profiles has been effective at mitigating web-based threats.
    Read all 48 answers   →
    What is your experience regarding pricing and costs for Fortinet FortiWeb?
    Top Answer:The pricing is in the middle. I would rate the pricing a five out of ten. It feels like a justified cost for the features, but it might get more expensive in the future. Also, keep in mind that Check… more »
    Read all 38 answers   →
    What needs improvement with Fortinet FortiWeb?
    Top Answer:I'd like more customization. I'm not sure if everyone would agree, as it might add complexity. But for advanced users, it would be really useful to have access and the ability to manipulate packets… more »
    Read all 48 answers   →
    What is your primary use case for Qualys VM?
    Top Answer:Qualys VM is used for vulnerability scans for the internet and applications using application exchange. There are many applications. We also use the solution for asset management per team, and the… more »
    Read all 36 answers   →
    What do you like most about Qualys VMDR?
    Top Answer:I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagging system is good for tagging. We can still use QualysAgent task ID tools even if… more »
    Read all 57 answers   →
    What is your experience regarding pricing and costs for Qualys VMDR?
    Top Answer:We have an annual contract for Qualys VMDR. I believe it's for either two years or five years.
    Read all 34 answers   →
    Ranking
    4th
    out of 82 in Web Application Firewall (WAF)
    Views
    9,391
    Comparisons
    6,820
    Reviews
    22
    Average Words per Review
    754
    Rating
    7.7
    3rd
    out of 39 in Risk-Based Vulnerability Management
    Views
    6,806
    Comparisons
    5,195
    Reviews
    27
    Average Words per Review
    426
    Rating
    8.0
    Comparisons
    Also Known As
    Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security, Qualys Virtual Scanner Appliance
    Learn More
    Fortinet
    Qualys
    Overview

    Fortinet FortiWeb is a Web Application Firewall (WAF) that protects your web applications and APIs from attacks targeting known as well as unknown vulnerabilities. As the surface of your web applications evolves with each change of existing features and deployment of new features, your APIs are left exposed. Fortinet FortiWeb provides the board protection capabilities required to protect web applications without sacrificing performance or manageability.

    Fortinet FortiWeb is an automatic, advanced multi-layer solution that provides secure protection by discerning irregular behavior and distinguishing between malicious and benign anomalies. In addition, the approach delivers powerful bot mitigation capacities which authorize harmless bots to connect while blocking malicious bot activity securely. Regardless of where an application is hosted, Fortinet FortiWeb will safeguard business applications by providing deployment options, such as virtual machines, hardware appliances, and containers that can be deployed in the data center, cloud environments, or in the cloud-native SaaS solution.

    Fortinet FortiWeb Features and Benefits

    APIs and web applications have become integral to the rising demand for business-critical applications. Now more than ever, businesses are in need of an automatic firewall that will provide them with security, without sacrificing performance or reliability. Fortinet FortiWeb offers a variety of features and benefits, including:

    • Security fabric integration: FortiWeb integrates with other Fortinet solutions to provide advanced protection from persistent threats.

    • Proven web application and API protection: FortiWeb safeguards applications from all DDOS attacks, malicious bot attacks, and OWASP Top-10 threats.

    • Advanced visual analytics: FortiWeb offers a unique visual reporting tool that other WAF solutions don’t by providing a detailed analysis of attack elements and sources.

    • Hardware-based acceleration: With fast and secure traffic encryption and decryption, FortiWeb provides best-in-class WAF protection.

    • ML-based threat detection: FortiWeb delivers multi-layer machine learning defense protection to defend against zero-day attacks and reduce false positives.

    • False positive mitigation tools: Reduce daily management of policies through advanced tools to guarantee only unwanted traffic is blocked.

    Reviews from Real Users

    Fortinet FortiWeb offers an industry-leading Web Application Firewall, and users are satisfied with it for a number of reasons, including the ability to control everything from the dashboard and the PCI-compliant reports it offers.

    Carlos P., director of business and digital transformation at SERNIVEL3, notes, "You have the ability to control everything from one single dashboard."

    A director at a tech service company, says, "Banks have to be compliant with PCI and other things, and FortiWeb is absolutely amazing in terms of providing these reports. Otherwise, they will have to spend a lot of time on them."

    Vulnerability Management, Detection, and Response (VMDR) is a cornerstone product of the Qualys TruRisk Platform and a global leader in the enterprise-grade vulnerability management (VM) vendor space. With VMDR, enterprises are empowered with visibility and insight into cyber risk exposure - making it easy to prioritize vulnerabilities, assets, or groups of assets based on business risk. Security teams can take action to mitigate risk, helping the business measure their actual risk exposure over time. 

    Qualys VMDR offers an all-inclusive risk-based vulnerability management solution to prioritize vulnerabilities and assets based on risk and business criticality. VMDR seamlessly integrates with configuration management databases (CMDB), Qualys Patch Management, Custom Assessment and Remediation (CAR), Qualys TotalCloud and other Qualys and non-Qualys solutions to facilitate vulnerability detection and remediation across the entire enterprise.

    With VMDR, users are empowered with actionable risk insights that translate vulnerabilities and exploits into optimized remediation actions based on business impact. Qualys customers can now aggregate and orchestrate data from the Qualys Threat Library, 25+ threat intelligence feeds, and third-party security and IT solutions, empowering organizations to measure, communicate, and eliminate risk across on-premises, hybrid, and cloud environments.

    Sample Customers
    Lush, Barnabas Health, Options, Riverside Healthcare, Hillsbourough County Schools, Columbia Public Schools, Schiller AG
    Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx
    Top Industries
    REVIEWERS
    Financial Services Firm24%
    Comms Service Provider20%
    Computer Software Company17%
    Government10%
    VISITORS READING REVIEWS
    Educational Organization38%
    Computer Software Company12%
    Financial Services Firm7%
    Comms Service Provider6%
    REVIEWERS
    Financial Services Firm19%
    Comms Service Provider15%
    Manufacturing Company15%
    Transportation Company11%
    VISITORS READING REVIEWS
    Educational Organization33%
    Computer Software Company11%
    Financial Services Firm11%
    Manufacturing Company6%
    Company Size
    REVIEWERS
    Small Business49%
    Midsize Enterprise22%
    Large Enterprise28%
    VISITORS READING REVIEWS
    Small Business18%
    Midsize Enterprise48%
    Large Enterprise34%
    REVIEWERS
    Small Business19%
    Midsize Enterprise12%
    Large Enterprise69%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise41%
    Large Enterprise43%
    Buyer's Guide
    Web Application Firewall (WAF)
    May 2024
    Download Free Report
    Find out what your peers are saying about Amazon Web Services (AWS), F5, Microsoft and others in Web Application Firewall (WAF). Updated: May 2024.
    DOWNLOAD NOW
    772,649 professionals have used our research since 2012.

    Fortinet FortiWeb is ranked 4th in Web Application Firewall (WAF) with 83 reviews while Qualys VMDR is ranked 3rd in Risk-Based Vulnerability Management with 77 reviews. Fortinet FortiWeb is rated 8.0, while Qualys VMDR is rated 8.2. The top reviewer of Fortinet FortiWeb writes "Cost-effective, easy to configure, and works very well as a single solution for multiple environments". On the other hand, the top reviewer of Qualys VMDR writes "Good visibility but expensive and needs better support". Fortinet FortiWeb is most compared with F5 Advanced WAF, Fortinet FortiADC, AWS WAF, Azure Web Application Firewall and Imperva Web Application Firewall, whereas Qualys VMDR is most compared with Tenable Nessus, Tenable Security Center, Rapid7 InsightVM, Microsoft Defender Vulnerability Management and Tenable Vulnerability Management.

    We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.