We performed a comparison between BMC TrueSight Vulnerability Management, Qualys VMDR, and Rapid7 Metasploit based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Wiz, Check Point Software Technologies and others in Vulnerability Management."Takes reports from other vulnerabilities."
"This is one of the best products I have worked with so far. I like the power of Qualys, and it's a better solution because you can scan a compact file, a BIT file, or batch files. The product already knows what's happening inside, and you don't need to expand the package. Tenable will do the same thing, but you need to have a package issuance claim. With Qualys, we can immediately understand the file, even a compact file. If there's some kind of discovery or incident, you will know what happened in the environment."
"Tech support is helpful."
"There are fewer false positives when using this solution."
"Provides great functionality."
"The most valuable feature is the certificate management."
"Performs automated, regular scans in the network."
"The integrations for this solution are very good. I use a different product for virtual patching of vulnerabilities and Qualys integrates well with that product."
"It is a stable solution."
"It is scalable. It's in line with our needs."
"The Search Engineering feature is good."
"Technical support has been helpful and responsive."
"The option to generate phishing emails has proven to be very valuable in understanding the behavior of users."
"The solution is open source and has many small targetted penetration tests that have been written by many people that are useful. You can choose different subjects for the test, such as Oracle databases or Apache servers."
"The most valuable feature for us is the support for testing Linux-based web server components."
"I don't have any other tools like it, and I always use it when I'm doing a pen test. Metasploit is a great solution for penetration testing,"
"It allows us to concentrate solely on identified vulnerabilities without the hassle of additional setup."
"No third-party applications or integrations with additional software solutions."
"The reporting needs improvement. It should generate much more stuff like field reports."
"They should make it accessible for more operating systems."
"The price could be better. Asset view is still a legacy feature. I'm not able to extract the information about the asset with complete details. It would be better if they fixed that in the next release. I know Qualys is already working on it, so I'm hopeful it will be available in the next five or six months. That would be something that's changed where I seek improvement."
"Its integration with ServiceNow and other similar products is complicated and can be improved. It should also have virtual batching. They should support more standards and compliance requirements and more customizations. For policy compliance, they can add the standards required by the countries in the Middle East. Each country generates its own standards and frameworks, and those frameworks should be there in all products, not only in Qualys. The market here is huge, especially in the cybersecurity field. Qatar has a framework for Qatar 2022, and each and every company in the public or private sector has to follow the Qatar 2022 framework."
"It's not very user-friendly at times and requires in-depth understanding. So, a layman or someone new to Qualys won't be able to easily understand it. You need education to use the solution."
"Qualys currently does not have any features for scanning SCADA, IoT, and Industrial Control Systems."
"I would like to see more accuracy in detections, better reporting capabilities, and better dashboard download capabilities."
"The ability to manage user accounts and give rights to the operator to know about abnormalities of applications is something that needs improvement."
"The solution is not user-friendly and has room for improvement."
"The solution should improve the responsiveness of its live technical support."
"Metasploit cannot be installed on a machine with an antivirus."
"The initial setup was a bit "tweaky" for the open-source version."
"At the time I was using it, the graphical user interface needed some improvements."
"If your company's patch is not up to date, but you have other detection or defense solutions such as endpoint detection and response and antivirus software, the product exploit may not work effectively. This is because its exploit database update process is slow and not real-time. For zero-day vulnerabilities or new security threats, relying on Rapid7 Metasploit alone may not be effective."
"We'd like them to offer better coverage of malware."
"The solution is not very scalable, it does not provide any automation to be able to scale it."
Earn 20 points
