BMC TrueSight Vulnerability Management vs Qualys VMDR vs Rapid7 InsightVM comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between BMC TrueSight Vulnerability Management, Qualys VMDR, and Rapid7 InsightVM based on real PeerSpot user reviews.

Find out what your peers are saying about Tenable, Wiz, Check Point Software Technologies and others in Vulnerability Management.
To learn more, read our detailed Vulnerability Management Report (Updated: March 2024).
765,386 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Takes reports from other vulnerabilities."

More BMC TrueSight Vulnerability Management Pros →

"The reporting is fine.""I am impressed with the VMDR feature.""The most valuable feature of the solution is the external channel.""It's stable and quite reliable.""This solution gives us insight into our environment and improves our security. It helps us to maintain a good patching system whereby we know that XYZ is vulnerable within the system.""The Vulnerability Management and Patch Management features are the most valuable features of this solution.""The most valuable feature is the connection of threat intelligence information with identified vulnerabilities, which means you can prioritize vulnerabilities according to actual attacks.""There are fewer false positives when using this solution."

More Qualys VMDR Pros →

"We can create our own templates.""The remediation project is a pretty effective because it allows us, as clients or countries, to choose specific assets and set limitations on them for a certain period which allows us to track and follow up on those limitations. However, when it comes to real-time monitoring and live dashboards, InsightVM doesn't quite fit the bill. It's not a real-time solution and is not instant.""I rate InsightVM eight out of 10 for ease of setup. It takes two or three engineers to deploy. The solution requires some maintenance. It's mainly cleaning up data.""The most valuable features are its reporting capabilities and the host discovery functionality.""InsightVM's most valuable feature is risk scoring, a formula based on different vectors like the ease of exploitation and the availability of the machine.""The feature that I have found most valuable is its dashboards.""Using Rapid7, we can install a scan engine, we can do our VPN connections, and we can conduct internal scans of remote sites. We prefer the web application. It's smarter and more accurate from an application perspective.""I liked the dashboard on it. I could customize my dashboard with different widgets and different heat maps."

More Rapid7 InsightVM Pros →

Cons
"No third-party applications or integrations with additional software solutions."

More BMC TrueSight Vulnerability Management Cons →

"I would like to see more accuracy in detections, better reporting capabilities, and better dashboard download capabilities.""Some of the older features could be polished instead of focusing on releasing new features.""If anything, I would like to see the user interface modernized a bit more.""Improve the user interface.""Qualys VMDR is basically susceptible to false positives, and false negatives.""It is more expensive vs. other products on the market.""The reporting in this solution can be improved.""It's not very user-friendly at times and requires in-depth understanding. So, a layman or someone new to Qualys won't be able to easily understand it. You need education to use the solution."

More Qualys VMDR Cons →

"A definite improvement would be to make it easier to run ad-hoc scans without needing to assign the asset to a site or group.""The reporting is a little bit tricky because it can be difficult to exactly pinpoint some of the assets to filter them and generate a report.""This solution integrates with another module in Metasploit, that doesn't exist in the other solutions. It is subscribed to on our roadmap, but we chose to implement both Nexppose and AppSpider.""We have some issues with how it scans patches.""It is still not a fully cloud-based solution. It will be helpful for customers if it is a complete cloud solution. It is a hybrid solution at the moment.""They should improve the cybersecurity feature of the solution.""There are not enough templates, and the reporting is weak with this solution.""There is room for improvement on its cloud side. In the next release I would like to see better reporting."

More Rapid7 InsightVM Cons →

Pricing and Cost Advice
Information Not Available
  • "Usually every implementation is different and the quote is in function of number of assets."
  • "When you want to cover yourself for scalability, you will be charged for the number you place on the scan itself."
  • "It is more expensive than other products on the market."
  • "They have recently changed the pricing model, which is now better than it was before."
  • "It is different for every company, but for us, it's every three years."
  • "Qualys is cheaper and more affordable than other solutions."
  • "The pricing and licensing for Qualys could be improved."
  • "The license is on a yearly basis."
  • More Qualys VMDR Pricing and Cost Advice →

  • "The price of the solution is less than the competitors."
  • "I do not have experience with the pricing of the solution."
  • "This solution is expensive, but it's fine for us as we have an open budget for security solutions. Protection and having the system secured is more important."
  • "The license is IP based. How many IPs you are using to scan is the amount of the license you have to buy. The number of users doesn't matter; many users can use it or only person. It depends on the culture of the organization."
  • "Our licensing costs are somewhere around $40,000 annually. There are no additional fees."
  • "The licensing is asset-based and very straightforward."
  • "Its price is too high. My only concern or issue with Rapid7 is its pricing."
  • "Comparing the price with the value that we receive, I am not happy with it."
  • More Rapid7 InsightVM Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
    765,386 professionals have used our research since 2012.
    Questions from the Community
    Ask a question

    Earn 20 points

    Top Answer:Qualys VM is used for vulnerability scans for the internet and applications using application exchange. There are many… more »
    Top Answer:The process of defining and discovering scans is organized efficiently.
    Top Answer:The product is more expensive than that of any other vendor.
    Top Answer:You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. You… more »
    Top Answer:The remediation project is a pretty effective because it allows us, as clients or countries, to choose specific assets… more »
    Top Answer:The solution’s pricing is good because the value proposition delivers a report box. It is not very costly.
    Ranking
    46th
    Views
    177
    Comparisons
    130
    Reviews
    0
    Average Words per Review
    0
    Rating
    N/A
    Views
    6,663
    Comparisons
    5,110
    Reviews
    26
    Average Words per Review
    423
    Rating
    8.0
    Views
    6,402
    Comparisons
    4,174
    Reviews
    20
    Average Words per Review
    351
    Rating
    8.2
    Comparisons
    Also Known As
    TrueSight Vulnerability Management, SecOps Response Service, BladeLogic Threat Director
    Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security, Qualys Virtual Scanner Appliance
    InsightVM, NeXpose
    Learn More
    Overview

    Helps security and IT operations teams prioritize and remediate risks based on potential impact to the business.

    • Powerful dashboards highlight vulnerability data, performance trends, and SLA compliance for quick prioritization of remediation tasks
    • Streamlined workflows combine scan verification and remediation tasks, leveraging BladeLogic Server Automation and Microsoft SCCM systems management
    • Blindspot awareness enables you to identify areas of your infrastructure which are not being monitored, leaving you exposed
    • Rapid import lets you quickly consume vulnerability scanning reports with native integration to Qualys, Tenable, and Rapid 7
    • Data export enables deep analysis and custom reports to help meet audit requirements and fuel process improvements

    With VMDR, enterprises are empowered with visibility and insight into cyber risk exposure - making it easy to prioritize vulnerabilities, assets, or groups of assets based on business risk. Security teams can take action to mitigate risk, helping the business measure its true risk, and track risk reduction over time.

    Qualys VMDR offers an all-inclusive risk-based vulnerability management solution to prioritize vulnerabilities and assets based on risk and business criticality. VMDR seamlessly integrates with configuration management databases (CMDB) and patch management solutions to quickly discover, prioritize, and automatically remediate vulnerabilities at scale to reduce risk. Additionally, it integrates with ITSM solutions such as ServiceNow to automate and operationalize vulnerability management end-to-end.

    Get an all-Inclusive risk-based vulnerability management solution that prioritizes vulnerabilities, misconfigurations and assets based on risk, reduces risk by remediating vulnerabilities at scale, and helps organizations measure security program effectiveness by tracking risk reduction over time.

    Rapid7 InsightVM is a comprehensive vulnerability management platform that protects your systems from attackers and is easy to scale. The solution provides easy access to vulnerability management, application security, detection and response, external threat intelligence, orchestration and automation, and more. Rapid7 InsightVM is ideal for security, IT, and DevOps teams, helping them reduce risk by enabling them to detect and respond to attacks quickly.

    Rapid7 InsightVM Features

    Rapid7 InsightVM has many valuable key features. Some of the most useful ones include:

    • Automated containment: With this feature, you can decrease exposure from vulnerabilities by automatically implementing temporary (or permanent) compensating controls via your network access control (NAC) systems, firewalls, and endpoint detection and response tools.
    • Policy assessment: Rapid7 InsightVM offers pre-built scan templates for common compliance requirements. The solution helps you take clear, actionable steps to compliance once you have assessed your risk posture. In addition, Rapid7 InsightVM’s Custom Policy Builder allows you to modify existing benchmarks or create new policies from scratch.
    • REST API: Rapid7 InsightVM REST API is easy to use and was built to easily automate virtually any aspect of vulnerability management, from data collection to risk analysis.
    • Live dashboards: Rapid7 InsightVM includes dashboards that are live and interactive by nature. The live dashboards enable you to create custom cards and full dashboards for anyone in your organization and allow you to track progress of your security program.
    • Automation-assisted patching: Rapid7 InsightVM’s automation-assisted patching gives you the autonomy to make key decisions in your patching process, such as your approval to apply certain patches to certain vulnerabilities.
    • Real risk prioritization: Rapid7 InsightVM makes it simple to know which vulnerabilities need to be prioritized and where your riskiest assets lie.
    • Goals and SLA’s: This feature enables you to make and track progress toward your goals and service level agreements (SLAs) at an appropriate pace.

    Rapid7 InsightVM Benefits

    There are many benefits to implementing Rapid7 InsightVM. Some of the biggest advantages the solution offers include:

    • Attack surface monitoring for maintained visibility: By leveraging attack surface monitoring with Project Sonar (a Rapid7 research project that regularly scans the internet to gain insights into global exposure to common vulnerabilities), you can gain more control of all of your external-facing assets, both known and unknown.
    • Container security: Rapid7 InsightVM integrates with your CI/CD tools, public container repositories, and private repositories to assess container images for vulnerabilities during the build process even before they are deployed.
    • Lightweight endpoint agent: Rapid7 InsightVM unifies data so you only need to install a single agent for continuous vulnerability assessment, incident detection, and log data collection.
    • Easily assign and track remediation duties: Using Rapid7 InsightVM, IT and security teams can assign as well as track remediation duties without having to deal with remediation reports, complex spreadsheets, or back-and-forth email tags.
    • Integration with cloud services and virtual infrastructure: Rapid7 InsightVM provides full visibility into risk across your physical, virtual, and cloud infrastructure.
    • Integrated threat feeds: Rapid7 InsightVM is designed with integrated threat feeds, giving you a dynamic view that shows you which threats are most relevant to your environment, enabling you to better protect against current, impending threats so you can react quickly to critical vulnerabilities.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by PeerSpot users currently using the Rapid7 InsightVM solution.

    An owner at a tech services company says, "I liked the dashboard on it. I could customize my dashboard with different widgets and different heat maps."

    PeerSpot user Kimeang S., Technical Consultant at Yip Intsoi, mentions, "The most important aspect of the solution is that it rarely gives false positives, especially compared to other products. It provides very clear reports for our IT teams to look at."

    A Director of Information Technology at a government explains, "The main functionality of identifying item endpoints that weren't properly patched or had vulnerabilities is the solution's most valuable feature."

    Sample Customers
    Online Business Systems
    Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx
    ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM
    Top Industries
    VISITORS READING REVIEWS
    Financial Services Firm20%
    Computer Software Company13%
    Government11%
    Wholesaler/Distributor11%
    REVIEWERS
    Financial Services Firm18%
    Comms Service Provider16%
    Manufacturing Company16%
    Transportation Company11%
    VISITORS READING REVIEWS
    Educational Organization32%
    Computer Software Company11%
    Financial Services Firm11%
    Manufacturing Company6%
    REVIEWERS
    Computer Software Company17%
    Financial Services Firm13%
    Comms Service Provider10%
    Energy/Utilities Company10%
    VISITORS READING REVIEWS
    Educational Organization33%
    Computer Software Company12%
    Financial Services Firm7%
    Manufacturing Company6%
    Company Size
    VISITORS READING REVIEWS
    Small Business29%
    Midsize Enterprise13%
    Large Enterprise58%
    REVIEWERS
    Small Business20%
    Midsize Enterprise12%
    Large Enterprise68%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise41%
    Large Enterprise44%
    REVIEWERS
    Small Business44%
    Midsize Enterprise20%
    Large Enterprise35%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise43%
    Large Enterprise42%
    Buyer's Guide
    Vulnerability Management
    March 2024
    Find out what your peers are saying about Tenable, Wiz, Check Point Software Technologies and others in Vulnerability Management. Updated: March 2024.
    765,386 professionals have used our research since 2012.