• Home
  • Qualys VMDR vs. Rapid7 Metasploit

Qualys VMDR vs Rapid7 Metasploit comparison

Cancel
You must select at least 2 products to compare!
Qualys Logo
Qualys VMDR
Read 77 Qualys VMDR reviews
6,806 views|5,195 comparisons
93% willing to recommend
Rapid7 Logo
Rapid7 Metasploit
Read 18 Rapid7 Metasploit reviews
2,672 views|1,553 comparisons
94% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Qualys VMDR vs. Rapid7 Metasploit
March 2023
Executive Summary

We performed a comparison between Qualys VMDR and Rapid7 Metasploit based on real PeerSpot user reviews.

Find out in this report how the two Risk-Based Vulnerability Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Qualys VMDR vs. Rapid7 Metasploit Report (Updated: March 2023).
Download the complete report
772,649 professionals have used our research since 2012.
Featured Review
PranjalGargava
Helps with vulnerability scanning and understanding of cyber security controls
The product has helped us understand cybersecurity controls.
Aqeel Junaid
Helps find vulnerabilities in a system to determine whether the system needs to be upgraded
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The process of defining and discovering scans is organized efficiently.""The initial setup is straightforward.""I like Qualys because it is a very complete product, more so than Tenable.""The integrations for this solution are very good. I use a different product for virtual patching of vulnerabilities and Qualys integrates well with that product.""The solution shows us classic categories, including high, medium, and low risks. It also shows critical items, and that gives us the advantage of prioritizing things.""It is very easy to use and there are lots of options. We can usually easily go through it and all of the things we want to configure, and we can configure everything to our specifications very easily.""The reporting functionality is great.""I find the most valuable features are the continuous monitoring. Even on premises, there is constant monitoring."

More Qualys VMDR Pros →

"I use Rapid7 Metasploit for payload generation and Post-Exploitation.""It is scalable. It's in line with our needs.""The Search Engineering feature is good.""It contains almost all the available exploits and payloads.""Stability-wise, I rate the solution a nine out of ten...Scalability-wise, I rate the solution a nine out of ten.""The solution is open source and has many small targetted penetration tests that have been written by many people that are useful. You can choose different subjects for the test, such as Oracle databases or Apache servers.""It's not possible to do penetration testing without being very proficient in Metasploit.""The option to generate phishing emails has proven to be very valuable in understanding the behavior of users."

More Rapid7 Metasploit Pros →

Cons
"We face issues while scanning multiple assets.""When you want to cover yourself for scalability, you will be charged for the number you place on the scan itself.""Improve the API speed.""The ability to manage user accounts and give rights to the operator to know about abnormalities of applications is something that needs improvement.""It's not very user-friendly at times and requires in-depth understanding. So, a layman or someone new to Qualys won't be able to easily understand it. You need education to use the solution.""They have integrated with other third parties, but it is still not viable.""Qualys currently does not have any features for scanning SCADA, IoT, and Industrial Control Systems.""Endpoint stability and fault resolution could be improved."

More Qualys VMDR Cons →

"The solution should improve the responsiveness of its live technical support.""Metasploit cannot be installed on a machine with an antivirus.""At the time I was using it, the graphical user interface needed some improvements.""The open-source version has reporting limitations. You need to develop these capabilities yourself. Built-in reporting is an excellent feature for penetration testing, but it isn't a must-have. The solution could also cover more vulnerabilities. Metasploit has around 10,000 exploits in its library, but more is always better.""If your company's patch is not up to date, but you have other detection or defense solutions such as endpoint detection and response and antivirus software, the product exploit may not work effectively. This is because its exploit database update process is slow and not real-time. For zero-day vulnerabilities or new security threats, relying on Rapid7 Metasploit alone may not be effective.""Advanced Infrastructure should be implemented in the next release for better orchestration.""It is necessary to add some training materials and a tutorial for beginners.""Rapid7 Metasploit can add a GUI feature because it is only available online."

More Rapid7 Metasploit Cons →

Pricing and Cost Advice
  • "Usually every implementation is different and the quote is in function of number of assets."
  • "When you want to cover yourself for scalability, you will be charged for the number you place on the scan itself."
  • "It is more expensive than other products on the market."
  • "They have recently changed the pricing model, which is now better than it was before."
  • "It is different for every company, but for us, it's every three years."
  • "Qualys is cheaper and more affordable than other solutions."
  • "The pricing and licensing for Qualys could be improved."
  • "The license is on a yearly basis."

    • More Qualys VMDR Pricing and Cost Advice →

  • "I use the open-source version of this product. Pricing is not relevant."
  • "It is expensive. Our license expired, and our company is not thinking to renew because of our budget."
  • "The great advantage with Rapid7 Metasploit, of course, is that it's free."
  • "There are two versions available, one of which is the Pro version, and the other is the free version."
  • "Rapid7 Metasploit is cheaper than Tenable.io Vulnerability Management."
  • "On a scale of one to ten, where one is cheap and ten is expensive, I rate the product's pricing a six. So it's fairly priced."
  • "The pricing structure involves a one-time purchase cost of approximately twenty thousand dollars or euros for all customers."
  • "We pay monthly. The pricing is reasonable."

    • More Rapid7 Metasploit Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Risk-Based Vulnerability Management solutions are best for your needs.
    See Recommendations
    772,649 professionals have used our research since 2012.
    Questions from the Community
    What is your primary use case for Qualys VM?
    Top Answer:Qualys VM is used for vulnerability scans for the internet and applications using application exchange. There are many applications. We also use the solution for asset management per team, and the… more »
    Read all 36 answers   →
    What do you like most about Qualys VMDR?
    Top Answer:I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagging system is good for tagging. We can still use QualysAgent task ID tools even if… more »
    Read all 57 answers   →
    What is your experience regarding pricing and costs for Qualys VMDR?
    Top Answer:We have an annual contract for Qualys VMDR. I believe it's for either two years or five years.
    Read all 34 answers   →
    What do you like most about Rapid7 Metasploit?
    Top Answer:I use Rapid7 Metasploit for payload generation and Post-Exploitation.
    Read all 16 answers   →
    What is your experience regarding pricing and costs for Rapid7 Metasploit?
    Top Answer:I have used the free version of Rapid7 Metasploit.
    Read all 13 answers   →
    What needs improvement with Rapid7 Metasploit?
    Top Answer:Rapid7 Metasploit could be made easier for new users to learn.
    Read all 14 answers   →
    Ranking
    3rd
    out of 39 in Risk-Based Vulnerability Management
    Views
    6,806
    Comparisons
    5,195
    Reviews
    27
    Average Words per Review
    426
    Rating
    8.0
    12th
    out of 111 in Vulnerability Management
    Views
    2,672
    Comparisons
    1,553
    Reviews
    7
    Average Words per Review
    402
    Rating
    7.9
    Comparisons
    Also Known As
    Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security, Qualys Virtual Scanner Appliance
    Metasploit
    Learn More
    Qualys
    Rapid7
    Overview

    Vulnerability Management, Detection, and Response (VMDR) is a cornerstone product of the Qualys TruRisk Platform and a global leader in the enterprise-grade vulnerability management (VM) vendor space. With VMDR, enterprises are empowered with visibility and insight into cyber risk exposure - making it easy to prioritize vulnerabilities, assets, or groups of assets based on business risk. Security teams can take action to mitigate risk, helping the business measure their actual risk exposure over time. 

    Qualys VMDR offers an all-inclusive risk-based vulnerability management solution to prioritize vulnerabilities and assets based on risk and business criticality. VMDR seamlessly integrates with configuration management databases (CMDB), Qualys Patch Management, Custom Assessment and Remediation (CAR), Qualys TotalCloud and other Qualys and non-Qualys solutions to facilitate vulnerability detection and remediation across the entire enterprise.

    With VMDR, users are empowered with actionable risk insights that translate vulnerabilities and exploits into optimized remediation actions based on business impact. Qualys customers can now aggregate and orchestrate data from the Qualys Threat Library, 25+ threat intelligence feeds, and third-party security and IT solutions, empowering organizations to measure, communicate, and eliminate risk across on-premises, hybrid, and cloud environments.

    Attackers are always developing new exploits and attack methods—Metasploit penetration testing software helps you use their own weapons against them. Utilizing an ever-growing database of exploits, you can safely simulate real-world attacks on your network to train your security team to spot and stop the real thing.

    Sample Customers
    Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx
    City of Corpus Christi, Diebold, Lumenate, Nebraska Public Power District, Prairie North Regional Health, Apptio, Automation Direct, Bob's Stores, Cardinal Innovations Healthcare Solutions, Carnegie Mellon University
    Top Industries
    REVIEWERS
    Financial Services Firm19%
    Comms Service Provider15%
    Manufacturing Company15%
    Transportation Company11%
    VISITORS READING REVIEWS
    Educational Organization33%
    Computer Software Company11%
    Financial Services Firm11%
    Manufacturing Company6%
    REVIEWERS
    Comms Service Provider36%
    Financial Services Firm18%
    Integrator9%
    Computer Software Company9%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Manufacturing Company10%
    Government7%
    Company Size
    REVIEWERS
    Small Business19%
    Midsize Enterprise12%
    Large Enterprise69%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise41%
    Large Enterprise43%
    REVIEWERS
    Small Business26%
    Midsize Enterprise26%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business24%
    Midsize Enterprise18%
    Large Enterprise58%
    Buyer's Guide
    Qualys VMDR vs. Rapid7 Metasploit
    March 2023
    Free Report: Qualys VMDR vs. Rapid7 Metasploit
    Find out what your peers are saying about Qualys VMDR vs. Rapid7 Metasploit and other solutions. Updated: March 2023.
    DOWNLOAD NOW
    772,649 professionals have used our research since 2012.

    Qualys VMDR is ranked 3rd in Risk-Based Vulnerability Management with 77 reviews while Rapid7 Metasploit is ranked 12th in Vulnerability Management with 18 reviews. Qualys VMDR is rated 8.2, while Rapid7 Metasploit is rated 7.6. The top reviewer of Qualys VMDR writes "Good visibility but expensive and needs better support". On the other hand, the top reviewer of Rapid7 Metasploit writes "Helps find vulnerabilities in a system to determine whether the system needs to be upgraded". Qualys VMDR is most compared with Tenable Nessus, Tenable Security Center, Rapid7 InsightVM, Microsoft Defender Vulnerability Management and Tenable Vulnerability Management, whereas Rapid7 Metasploit is most compared with Tenable Nessus, Pentera, Acunetix, Rapid7 InsightVM and Amazon Inspector. See our Qualys VMDR vs. Rapid7 Metasploit report.

    We monitor all Risk-Based Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.