Qualys VMDR vs Rapid7 Metasploit comparison

Qualys VMDR

Read 77 Qualys VMDR reviews

6,732 Views
5,110 Comparison Views

93% willing to recommend

Rapid7 Metasploit

Read 18 Rapid7 Metasploit reviews

2,627 Views
1,538 Comparison Views

94% willing to recommend

Qualys VMDR

Rapid7 Metasploit

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Qualys VMDR and Rapid7 Metasploit based on real PeerSpot user reviews.

Find out in this report how the two Risk-Based Vulnerability Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Qualys VMDR vs. Rapid7 Metasploit Report (Updated: March 2023).

Buyer's Guide

Qualys VMDR vs. Rapid7 Metasploit

March 2023

Download the complete report

Helped 787,226 peers since 2012

Categories and Ranking

Qualys VMDR

Average Rating

8.2

Number of Reviews

Ranking in other categories

IT Asset Management (7th), Configuration Management Databases (3rd), Container Security (11th), Risk-Based Vulnerability Management (3rd)

Rapid7 Metasploit

Average Rating

7.6

Number of Reviews

Ranking in other categories

Vulnerability Management (13th)

Market share comparison

As of June 2024, in the Risk-Based Vulnerability Management category, the market share of Qualys VMDR is 18.5% and it increased by 3.9% compared to the previous year. The market share of Rapid7 Metasploit is 2.0% and it decreased by 1.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Risk-Based Vulnerability Management

Unique Categories:

IT Asset Management

4.0%

Configuration Management Databases

1.9%

Vulnerability Management

3.6%

Featured Reviews

reviewer1820922

President and CEO at a non-profit with 11-50 employees

Sep 21, 2022

Excellent intelligence and real-time inventory of vulnerabilities

I mainly use Qualys VM for CSAM, to complement vulnerability management on our assets, and to check for intrusions through our email gateways Qualys VM has allowed us to know the vulnerabilities we need to prioritize based on the threat levels and the possible impact if there's an intrusion. It…

Read full review

Aqeel Junaid

Junior Executive - Information Security at sunshine holdings

Mar 14, 2024

Helps find vulnerabilities in a system to determine whether the system needs to be upgraded

I've been using Rapid7 Metasploit to create vulnerabilities and test exploits. I can create malicious Word documents through the Rapid7 Metasploit framework for testing purposes. I can create a backdoor through the solution to test a web server or a vulnerable machine The most valuable features…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most valuable feature is that this solution is very lightweight."

"The initial setup was good. We didn't have any problems with it."

"They also have threat detection which maps threats. There is a feed that comes from Qualys when a new vulnerability is found. It tells us which machines are infected with that vulnerability."

"This is one of the best products I have worked with so far. I like the power of Qualys, and it's a better solution because you can scan a compact file, a BIT file, or batch files. The product already knows what's happening inside, and you don't need to expand the package. Tenable will do the same thing, but you need to have a package issuance claim. With Qualys, we can immediately understand the file, even a compact file. If there's some kind of discovery or incident, you will know what happened in the environment."

"There are fewer false positives when using this solution."

"The reporting functionality is great."

"It's stable and quite reliable."

"The solution shows us classic categories, including high, medium, and low risks. It also shows critical items, and that gives us the advantage of prioritizing things."

More Qualys VMDR pros

"The greatest advantage of Rapid7 Metasploit is that it is the only system that can directly exploit vulnerabilities on the Metasploit platform."

"The option to generate phishing emails has proven to be very valuable in understanding the behavior of users."

"The most valuable feature for us is the support for testing Linux-based web server components."

"It is scalable. It's in line with our needs."

"Technical support has been helpful and responsive."

"Stability-wise, I rate the solution a nine out of ten...Scalability-wise, I rate the solution a nine out of ten."

"It's not possible to do penetration testing without being very proficient in Metasploit."

"The reporting on the solution is good."

More Rapid7 Metasploit pros

Cons

"Qualys could be improved in its overall performance compared to other vulnerability management or scanning tools."

"The disadvantage of working with Qualys is that the graphical interface is quite outdated."

"I would like to see this solution more developed and competitive in the Cloud space."

"Certain integration factors between different options could be improved."

"Make some minimal dashboard improvements."

"The ability to manage user accounts and give rights to the operator to know about abnormalities of applications is something that needs improvement."

"It is a struggle to be able to pull our report and to be able to do onboarding using automated tools."

"I would like to see this solution simplified to work more easily in a multi-cloud environment."

More Qualys VMDR cons

"We'd like them to offer better coverage of malware."

"Advanced Infrastructure should be implemented in the next release for better orchestration."

"Rapid7 Metasploit could be made easier for new users to learn."

"The solution is not user-friendly and has room for improvement."

"Rapid7 Metasploit can add a GUI feature because it is only available online."

"If your company's patch is not up to date, but you have other detection or defense solutions such as endpoint detection and response and antivirus software, the product exploit may not work effectively. This is because its exploit database update process is slow and not real-time. For zero-day vulnerabilities or new security threats, relying on Rapid7 Metasploit alone may not be effective."

"At the time I was using it, the graphical user interface needed some improvements."

"It is necessary to add some training materials and a tutorial for beginners."

More Rapid7 Metasploit cons

Pricing and Cost Advice

"It is different for every company, but for us, it's every three years."

"It's very expensive, especially if you want to use multiple modules of Qualys."

"The license is on a yearly basis."

"When you want to cover yourself for scalability, you will be charged for the number you place on the scan itself."

"The pricing and licensing for Qualys could be improved."

"Qualys Virtual Scanner Appliance isn't expensive right now. But the price for their product bundles could be better."

"The tool's pricing is expensive and I would rate the pricing a seven out of ten."

"The solution is expensive."

More Qualys VMDR pricing and cost advice

"On a scale of one to ten, where one is cheap and ten is expensive, I rate the product's pricing a six. So it's fairly priced."

"The great advantage with Rapid7 Metasploit, of course, is that it's free."

"We pay monthly. The pricing is reasonable."

"Rapid7 Metasploit is cheaper than Tenable.io Vulnerability Management."

"The pricing structure involves a one-time purchase cost of approximately twenty thousand dollars or euros for all customers."

"It is a reasonably priced solution. I would rate it from five out of ten."

"I use the open-source version of this product. Pricing is not relevant."

"Rapid7 Metasploit is an open-source solution."

More Rapid7 Metasploit pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Risk-Based Vulnerability Management solutions are best for your needs.

See recommendations

787,226 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Educational Organization

33%

Computer Software Company

11%

Financial Services Firm

11%

Manufacturing Company

Computer Software Company

18%

Financial Services Firm

Manufacturing Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What is your primary use case for Qualys VM?

Qualys VM is used for vulnerability scans for the internet and applications using application exchange. There are many applications. We also use the solution for asset management per team, and the ...

See all answers

What do you like most about Qualys VMDR?

I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagging system is good for tagging. We can still use QualysAgent task ID tools even ...

See all answers

What is your experience regarding pricing and costs for Qualys VMDR?

We have an annual contract for Qualys VMDR. I believe it's for either two years or five years.

See all answers

What do you like most about Rapid7 Metasploit?

I use Rapid7 Metasploit for payload generation and Post-Exploitation.

See all answers

What is your experience regarding pricing and costs for Rapid7 Metasploit?

I have used the free version of Rapid7 Metasploit.

See all answers

What needs improvement with Rapid7 Metasploit?

Rapid7 Metasploit could be made easier for new users to learn.

See all answers

Comparisons

Tenable Nessus vs Qualys VMDR

Compared 25% of the time

Tenable Security Center vs Qualys VMDR

Compared 10% of the time

Rapid7 InsightVM vs Qualys VMDR

Compared 8% of the time

Microsoft Defender Vulnerability Management vs Qualys VMDR

Compared 6% of the time

Tenable Vulnerability Management vs Qualys VMDR

Compared 5% of the time

More Qualys VMDR Competitors

Tenable Nessus vs Rapid7 Metasploit

Compared 32% of the time

Pentera vs Rapid7 Metasploit

Compared 11% of the time

Acunetix vs Rapid7 Metasploit

Compared 10% of the time

Rapid7 InsightVM vs Rapid7 Metasploit

Compared 8% of the time

Amazon Inspector vs Rapid7 Metasploit

Compared 4% of the time

More Rapid7 Metasploit Competitors

Product Reports

Buyer's Guide

Qualys VMDR

May 2024

Download Qualys VMDR product report

Buyer's Guide

Rapid7 Metasploit

May 2024

Download Rapid7 Metasploit product report

Also Known As

Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security, Qualys Virtual Scanner Appliance

Metasploit

Learn More

Qualys

Rapid7

Overview

Vulnerability Management, Detection, and Response (VMDR) is a cornerstone product of the Qualys TruRisk Platform and a global leader in the enterprise-grade vulnerability management (VM) vendor space. With VMDR, enterprises are empowered with visibility and insight into cyber risk exposure - making it easy to prioritize vulnerabilities, assets, or groups of assets based on business risk. Security teams can take action to mitigate risk, helping the business measure their actual risk exposure over time.

Qualys VMDR offers an all-inclusive risk-based vulnerability management solution to prioritize vulnerabilities and assets based on risk and business criticality. VMDR seamlessly integrates with configuration management databases (CMDB), Qualys Patch Management, Custom Assessment and Remediation (CAR), Qualys TotalCloud and other Qualys and non-Qualys solutions to facilitate vulnerability detection and remediation across the entire enterprise.

With VMDR, users are empowered with actionable risk insights that translate vulnerabilities and exploits into optimized remediation actions based on business impact. Qualys customers can now aggregate and orchestrate data from the Qualys Threat Library, 25+ threat intelligence feeds, and third-party security and IT solutions, empowering organizations to measure, communicate, and eliminate risk across on-premises, hybrid, and cloud environments.

Attackers are always developing new exploits and attack methods—Metasploit penetration testing software helps you use their own weapons against them. Utilizing an ever-growing database of exploits, you can safely simulate real-world attacks on your network to train your security team to spot and stop the real thing.

Sample Customers

Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx

City of Corpus Christi, Diebold, Lumenate, Nebraska Public Power District, Prairie North Regional Health, Apptio, Automation Direct, Bob's Stores, Cardinal Innovations Healthcare Solutions, Carnegie Mellon University

Buyer's Guide

Qualys VMDR vs. Rapid7 Metasploit

March 2023

Free Report: Qualys VMDR vs. Rapid7 Metasploit

Find out what your peers are saying about Qualys VMDR vs. Rapid7 Metasploit and other solutions. Updated: March 2023.

DOWNLOAD NOW

787,226 professionals have used our research since 2012.

See our Qualys VMDR vs. Rapid7 Metasploit report.

We monitor all Risk-Based Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.