Compare Qualys Virtual Scanner Appliance vs. Rapid7 Metasploit

Qualys Virtual Scanner Appliance is ranked 11th in Vulnerability Management with 3 reviews while Rapid7 Metasploit is ranked 8th in Vulnerability Management with 2 reviews. Qualys Virtual Scanner Appliance is rated 8.4, while Rapid7 Metasploit is rated 7.0. The top reviewer of Qualys Virtual Scanner Appliance writes "Threat detection tells us which machines are infected with a vulnerability". On the other hand, the top reviewer of Rapid7 Metasploit writes "The integration between Nmap, the database and Metasploit saves a lot of time. The initial setup was a bit tricky". Qualys Virtual Scanner Appliance is most compared with Microsoft Intune, Kenna Security Platform and Rapid7 InsightVM, whereas Rapid7 Metasploit is most compared with Tenable Nessus, Wireshark and Rapid7 InsightVM. See our Qualys Virtual Scanner Appliance vs. Rapid7 Metasploit report.
Cancel
You must select at least 2 products to compare!
Most Helpful Review
Find out what your peers are saying about Qualys Virtual Scanner Appliance vs. Rapid7 Metasploit and other solutions. Updated: March 2020.
407,845 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
The scalability is good. The scalability is more than good because it can operate both as a standalone and it can be integrated as part of applications. So that really makes it a very, very versatile solution to have.For us, the most valuable aspect of the solution is the log-sequence feature.It can operate both as a standalone and it can be integrated with other applications, which makes it a very versatile solution to have.Our developers can run the attacks directly from their environments, desktops.The vulnerability scanning option for analyzing the security loopholes on the websites is the most valuable feature of this solution.The automated approach to these repetitive discovery attempts would take days to do manually and therefore it helps reduce the time needed to do an assessment.Their technical support has been very active. If I have an issue, I can reach out to them and get an answer pretty quick.We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why.

Read more »

The most valuable feature is the certificate management.They also have threat detection which maps threats. There is a feed that comes from Qualys when a new vulnerability is found. It tells us which machines are infected with that vulnerability.

Read more »

The option to generate phishing emails has proven to be very valuable in understanding the behavior of users.It contains almost all the available exploits and payloads.It's not possible to do penetration testing without being very proficient in Metasploit.

Read more »

Cons
We want to see how much bandwidth usage it consumes. When we monitor traffic we have issues with the consumption and throttling of the traffic.The solution limits the number of scans. It would be much better if we could have unlimited scans.When monitoring the traffic we always have issues with the bandwidth consumption and the throttling of traffic.Tools that would allow us to work more efficiently with the mobile environment, with Android and iOS.In terms of what needs improvement, the way the licensing model is currently is not very convenient for us because initially, when we bought it, the licensing model was very flexible, but now it restricts us.It would be nice to have a feature to "retest" only a single vulnerability that the customer reports as patched, and delete it from the next scans since it has already been patched.You can't actually change your password after you've set it unless you go back into the administration account and you change it there. Thus, if you're locked out and don't remember your password, that's a thing.We have had issues during upgrades where their scans worked on some apps better with previous versions. Then, we had to work with their tech support, who were great, to get it fixed for the next version.

Read more »

The reporting in this solution can be improved.What we have found is that the solution is not closely tied with the patch management. It is okay with newer ones, like Windows 10 machines; it gives the correct patch. But for Windows 7 or Windows Server 2008, it does not give us the correct patch so we have to manually identify the patches. This is a major problem.

Read more »

Metasploit cannot be installed on a machine with an antivirus.It is necessary to add some training materials and a tutorial for beginners.The initial setup was a bit "tweaky" for the open-source version.

Read more »

Pricing and Cost Advice
The costs aren't very expensive. It costs around $3000 or $4000.All things considered, I think it has a good price/value ratio.The pricing and licensing are reasonable to a point. In order to run multiple scans at a time, we are going to have to purchase a 100 count license, which is an overkill. Though, compared to what we were paying for, the cost seems reasonable.When we looked at all other vendors and what they were asking for, to provide a third of what Acunetix was capable of doing, it was an easy decision... But now that it's coming to a cost where it's line with market value, it becomes more of a competition... Acunetix is raising the cost of licensing. It's 3.5 times what we were initially quoted.Acunetix was around the same price as all the other vendors we looked at, nothing special.

Read more »

Information Not Available
It is expensive. Our license expired, and our company is not thinking to renew because of our budget.I use the open-source version of this product. Pricing is not relevant.

Read more »

report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
407,845 professionals have used our research since 2012.
Top Comparisons
Compared 62% of the time.
Compared 12% of the time.
Also Known As
AcuSensorMetasploit
Learn
Acunetix
Qualys
Rapid7
Overview

Acunetix Web Vulnerability Scanner is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross site scripting, and other exploitable vulnerabilities.

Qualys Virtual Scanner Appliance supports the same global scanning capabilities as our physical scanner appliance. The virtual scanner appliance is a stateless, disposable resource which acts as an extension of the Qualys Cloud Platform and is not a separately managed entity. This user guide describes how to get started with using a virtual scanner with your virtualization or cloud platform.

Attackers are always developing new exploits and attack methods—Metasploit penetration testing software helps you use their own weapons against them. Utilizing an ever-growing database of exploits, you can safely simulate real-world attacks on your network to train your security team to spot and stop the real thing.

Offer
Learn more about Acunetix Vulnerability Scanner
Learn more about Qualys Virtual Scanner Appliance
Learn more about Rapid7 Metasploit
Sample Customers
Joomla!, Digicure, Team Random, Credit Suisse, Samsung, Air New Zealand
Information Not Available
City of Corpus Christi, Diebold, Lumenate, Nebraska Public Power District, Prairie North Regional Health, Apptio, Automation Direct, Bob's Stores, Cardinal Innovations Healthcare Solutions, Carnegie Mellon University
Top Industries
REVIEWERS
Financial Services Firm38%
Insurance Company13%
Energy/Utilities Company13%
Comms Service Provider13%
VISITORS READING REVIEWS
Software R&D Company38%
Government11%
Comms Service Provider11%
Media Company9%
No Data Available
VISITORS READING REVIEWS
Software R&D Company37%
Comms Service Provider22%
Media Company6%
Non Profit5%
Find out what your peers are saying about Qualys Virtual Scanner Appliance vs. Rapid7 Metasploit and other solutions. Updated: March 2020.
407,845 professionals have used our research since 2012.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.