Qualys VMDR vs Rapid7 InsightVM comparison

Cancel
You must select at least 2 products to compare!
Qualys Logo
6,663 views|5,110 comparisons
Rapid7 Logo
6,402 views|4,174 comparisons
Comparison Buyer's Guide
Executive Summary
Updated on Sep 20, 2023

We compared Qualys VMDR and Rapid7 InsightVM based on our users reviews in six parameters. After reading the collected data, you can find our conclusion below:

  • Ease of Deployment

    The setup process for Qualys VMDR was considered simple and quick, with users reporting it taking anywhere from a few minutes to a couple of days. However, there were some difficulties mentioned regarding integration and data privacy. Despite these challenges, the overall feedback on the setup was positive. On the other hand, the initial setup for Rapid7 InsightVM had mixed experiences. While some users found it easy and completed it within an hour or a few hours, others faced difficulties and it took them several months, even with professional assistance. The ease of setup was generally rated between three to five out of five.

  • Features

    Qualys VMDR is notable for its effective prioritization system, ongoing monitoring, adaptable dashboard, and extensive vulnerability overview. On the other hand, Rapid7 InsightVM stands out for its efficient scan engine installation, precise scanning, customizable dashboards, and risk scoring.

  • Room for Improvement

    Both Qualys VMDR and Rapid7 InsightVM have areas that could be improved. Qualys VMDR could enhance user experience and UI design, improve SLA tracking and batch prioritization, integrate with other products, and improve reporting. On the other hand, Rapid7 InsightVM needs better integration, enhanced reporting, improved user-friendliness, and stronger customer support.

  • Pricing

    The cost of setting up Qualys VMDR can differ based on required features, with reviewers finding it reasonably priced or competitive. However, there are extra charges for specific features. In contrast, Rapid7 InsightVM is generally considered to be more expensive, but some users find the pricing reasonable because of the flexibility in defining assets and sites.

  • ROI

    Qualys VMDR is praised for its positive impact on ROI, effectively mitigating risks and enhancing cybersecurity. Nonetheless, there are apprehensions regarding rising expenses. On the other hand, Rapid7 InsightVM is highly regarded for its outstanding ROI, effectively thwarting cyber attacks and delivering substantial value. While some reviewers perceive the ROI as satisfactory, others consider it to be moderate.

  • Service and Support

    The customer service for Qualys VMDR has received both positive and negative feedback. Some customers appreciate the convenience of accessing a global team and the implementation of suggested improvements. However, there are concerns about the response time and the expertise of the support personnel. In contrast, Rapid7 InsightVM's support is generally regarded as good, with well-informed technical assistance. Nonetheless, there have been instances of delayed response time.

Comparison Results

Based on the reviews, Qualys VMDR offers a simple and convenient setup process, along with a strong prioritization system and valuable features. However, it requires enhancements in user experience, integration, reporting, and pricing. On the other hand, Rapid7 InsightVM also provides an easy setup, valuable features like scan engines and customizable dashboards. It could benefit from improved integration, reporting, user-friendliness, and customer support. Qualys VMDR seems to have an advantage in prioritization and comprehensive vulnerability management, while Rapid7 InsightVM may excel in scan optimization and remediation management.

To learn more, read our detailed Qualys VMDR vs. Rapid7 InsightVM Report (Updated: March 2024).
765,386 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Technical support is great and we've never really had a problem.""The most valuable feature is that this solution is very lightweight.""The vulnerability management feature is what I used the most. It is a good SaaS product. It is easy to use. It has a nice UI where you can see all the assets and vulnerabilities.""What I like about Qualys VM is the dashboard presentation. It's very good.""It's very configurable to adjust impact to systems.""The features that are most valuable are the identification, scan features, and the identification of vulnerabilities.""The most recent is VMDR, which provides a comprehensive overview of how to detect, patch, and remediate specific vulnerabilities.""The solution is easy to use."

More Qualys VMDR Pros →

"This solution is very easy to use and easy to install.""We can create our own templates.""Rapid7 have a good distribution network with good support and market presence.""This solution is much more user-friendly than past solutions I have used.""InsightVM offers a robust platform for identifying, prioritizing, and addressing vulnerabilities across an organization's IT infrastructure.""The assessment is most valuable.""It is a stable solution.""The remediation project is a pretty effective because it allows us, as clients or countries, to choose specific assets and set limitations on them for a certain period which allows us to track and follow up on those limitations. However, when it comes to real-time monitoring and live dashboards, InsightVM doesn't quite fit the bill. It's not a real-time solution and is not instant."

More Rapid7 InsightVM Pros →

Cons
"This solution could be improved by extending the agent capabilities to different operating systems including Mac and Linux. We would also like the capability to easily check for vulnerability in assets in the IOTs.""They should make it accessible for more operating systems.""Its integration with ServiceNow and other similar products is complicated and can be improved. It should also have virtual batching. They should support more standards and compliance requirements and more customizations. For policy compliance, they can add the standards required by the countries in the Middle East. Each country generates its own standards and frameworks, and those frameworks should be there in all products, not only in Qualys. The market here is huge, especially in the cybersecurity field. Qatar has a framework for Qatar 2022, and each and every company in the public or private sector has to follow the Qatar 2022 framework.""Qualys Container Security can improve the interface. It could be easier to navigate and be enriched.""The disadvantage of working with Qualys is that the graphical interface is quite outdated.""Improve the API speed.""When you want to cover yourself for scalability, you will be charged for the number you place on the scan itself.""The price could be better. Asset view is still a legacy feature. I'm not able to extract the information about the asset with complete details. It would be better if they fixed that in the next release. I know Qualys is already working on it, so I'm hopeful it will be available in the next five or six months. That would be something that's changed where I seek improvement."

More Qualys VMDR Cons →

"Some difficulties with the online reporting and lack of integrations.""The solution needs to improve its vulnerability design to include CVC results.""Patch management is the only missing feature I can think of. Rapid7 detects vulnerabilities, but it should also help you manage patches.""In order to be able to properly test the solution and make a decision, I would like to receive the test license code instantly and eliminate the wait time.""There should be containerization within the VM.""Rapid7 could be easier to manage.""Rapid7 InsightVM, has impressive capabilities, especially when it comes to managing video equipment. However, we've noticed that Rapid7 also offers a cloud solution called CloudSec, and we don't have that. We think it would be better if InsightVM had all the features for both on-premise and cloud management.""I would like to see more integration."

More Rapid7 InsightVM Cons →

Pricing and Cost Advice
  • "Usually every implementation is different and the quote is in function of number of assets."
  • "When you want to cover yourself for scalability, you will be charged for the number you place on the scan itself."
  • "It is more expensive than other products on the market."
  • "They have recently changed the pricing model, which is now better than it was before."
  • "It is different for every company, but for us, it's every three years."
  • "Qualys is cheaper and more affordable than other solutions."
  • "The pricing and licensing for Qualys could be improved."
  • "The license is on a yearly basis."
  • More Qualys VMDR Pricing and Cost Advice →

  • "The price of the solution is less than the competitors."
  • "I do not have experience with the pricing of the solution."
  • "This solution is expensive, but it's fine for us as we have an open budget for security solutions. Protection and having the system secured is more important."
  • "The license is IP based. How many IPs you are using to scan is the amount of the license you have to buy. The number of users doesn't matter; many users can use it or only person. It depends on the culture of the organization."
  • "Our licensing costs are somewhere around $40,000 annually. There are no additional fees."
  • "The licensing is asset-based and very straightforward."
  • "Its price is too high. My only concern or issue with Rapid7 is its pricing."
  • "Comparing the price with the value that we receive, I am not happy with it."
  • More Rapid7 InsightVM Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Risk-Based Vulnerability Management solutions are best for your needs.
    765,386 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Qualys VM is used for vulnerability scans for the internet and applications using application exchange. There are many applications. We also use the solution for asset management per team, and the… more »
    Top Answer:The process of defining and discovering scans is organized efficiently.
    Top Answer:The product is more expensive than that of any other vendor.
    Top Answer:You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. You can easily prioritize vulnerabilities using attacker analytics. Overall, Rapid7… more »
    Top Answer:The remediation project is a pretty effective because it allows us, as clients or countries, to choose specific assets and set limitations on them for a certain period which allows us to track and… more »
    Top Answer:The solution’s pricing is good because the value proposition delivers a report box. It is not very costly.
    Ranking
    Views
    6,663
    Comparisons
    5,110
    Reviews
    26
    Average Words per Review
    423
    Rating
    8.0
    Views
    6,402
    Comparisons
    4,174
    Reviews
    20
    Average Words per Review
    351
    Rating
    8.2
    Comparisons
    Also Known As
    Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security, Qualys Virtual Scanner Appliance
    InsightVM, NeXpose
    Learn More
    Overview

    With VMDR, enterprises are empowered with visibility and insight into cyber risk exposure - making it easy to prioritize vulnerabilities, assets, or groups of assets based on business risk. Security teams can take action to mitigate risk, helping the business measure its true risk, and track risk reduction over time.

    Qualys VMDR offers an all-inclusive risk-based vulnerability management solution to prioritize vulnerabilities and assets based on risk and business criticality. VMDR seamlessly integrates with configuration management databases (CMDB) and patch management solutions to quickly discover, prioritize, and automatically remediate vulnerabilities at scale to reduce risk. Additionally, it integrates with ITSM solutions such as ServiceNow to automate and operationalize vulnerability management end-to-end.

    Get an all-Inclusive risk-based vulnerability management solution that prioritizes vulnerabilities, misconfigurations and assets based on risk, reduces risk by remediating vulnerabilities at scale, and helps organizations measure security program effectiveness by tracking risk reduction over time.

    Rapid7 InsightVM is a comprehensive vulnerability management platform that protects your systems from attackers and is easy to scale. The solution provides easy access to vulnerability management, application security, detection and response, external threat intelligence, orchestration and automation, and more. Rapid7 InsightVM is ideal for security, IT, and DevOps teams, helping them reduce risk by enabling them to detect and respond to attacks quickly.

    Rapid7 InsightVM Features

    Rapid7 InsightVM has many valuable key features. Some of the most useful ones include:

    • Automated containment: With this feature, you can decrease exposure from vulnerabilities by automatically implementing temporary (or permanent) compensating controls via your network access control (NAC) systems, firewalls, and endpoint detection and response tools.
    • Policy assessment: Rapid7 InsightVM offers pre-built scan templates for common compliance requirements. The solution helps you take clear, actionable steps to compliance once you have assessed your risk posture. In addition, Rapid7 InsightVM’s Custom Policy Builder allows you to modify existing benchmarks or create new policies from scratch.
    • REST API: Rapid7 InsightVM REST API is easy to use and was built to easily automate virtually any aspect of vulnerability management, from data collection to risk analysis.
    • Live dashboards: Rapid7 InsightVM includes dashboards that are live and interactive by nature. The live dashboards enable you to create custom cards and full dashboards for anyone in your organization and allow you to track progress of your security program.
    • Automation-assisted patching: Rapid7 InsightVM’s automation-assisted patching gives you the autonomy to make key decisions in your patching process, such as your approval to apply certain patches to certain vulnerabilities.
    • Real risk prioritization: Rapid7 InsightVM makes it simple to know which vulnerabilities need to be prioritized and where your riskiest assets lie.
    • Goals and SLA’s: This feature enables you to make and track progress toward your goals and service level agreements (SLAs) at an appropriate pace.

    Rapid7 InsightVM Benefits

    There are many benefits to implementing Rapid7 InsightVM. Some of the biggest advantages the solution offers include:

    • Attack surface monitoring for maintained visibility: By leveraging attack surface monitoring with Project Sonar (a Rapid7 research project that regularly scans the internet to gain insights into global exposure to common vulnerabilities), you can gain more control of all of your external-facing assets, both known and unknown.
    • Container security: Rapid7 InsightVM integrates with your CI/CD tools, public container repositories, and private repositories to assess container images for vulnerabilities during the build process even before they are deployed.
    • Lightweight endpoint agent: Rapid7 InsightVM unifies data so you only need to install a single agent for continuous vulnerability assessment, incident detection, and log data collection.
    • Easily assign and track remediation duties: Using Rapid7 InsightVM, IT and security teams can assign as well as track remediation duties without having to deal with remediation reports, complex spreadsheets, or back-and-forth email tags.
    • Integration with cloud services and virtual infrastructure: Rapid7 InsightVM provides full visibility into risk across your physical, virtual, and cloud infrastructure.
    • Integrated threat feeds: Rapid7 InsightVM is designed with integrated threat feeds, giving you a dynamic view that shows you which threats are most relevant to your environment, enabling you to better protect against current, impending threats so you can react quickly to critical vulnerabilities.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by PeerSpot users currently using the Rapid7 InsightVM solution.

    An owner at a tech services company says, "I liked the dashboard on it. I could customize my dashboard with different widgets and different heat maps."

    PeerSpot user Kimeang S., Technical Consultant at Yip Intsoi, mentions, "The most important aspect of the solution is that it rarely gives false positives, especially compared to other products. It provides very clear reports for our IT teams to look at."

    A Director of Information Technology at a government explains, "The main functionality of identifying item endpoints that weren't properly patched or had vulnerabilities is the solution's most valuable feature."

    Sample Customers
    Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx
    ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM
    Top Industries
    REVIEWERS
    Financial Services Firm18%
    Comms Service Provider16%
    Manufacturing Company16%
    Transportation Company11%
    VISITORS READING REVIEWS
    Educational Organization32%
    Computer Software Company11%
    Financial Services Firm11%
    Manufacturing Company6%
    REVIEWERS
    Computer Software Company17%
    Financial Services Firm13%
    Comms Service Provider10%
    Energy/Utilities Company10%
    VISITORS READING REVIEWS
    Educational Organization33%
    Computer Software Company12%
    Financial Services Firm7%
    Manufacturing Company6%
    Company Size
    REVIEWERS
    Small Business20%
    Midsize Enterprise12%
    Large Enterprise68%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise41%
    Large Enterprise44%
    REVIEWERS
    Small Business44%
    Midsize Enterprise20%
    Large Enterprise35%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise43%
    Large Enterprise42%
    Buyer's Guide
    Qualys VMDR vs. Rapid7 InsightVM
    March 2024
    Find out what your peers are saying about Qualys VMDR vs. Rapid7 InsightVM and other solutions. Updated: March 2024.
    765,386 professionals have used our research since 2012.

    Qualys VMDR is ranked 3rd in Risk-Based Vulnerability Management with 76 reviews while Rapid7 InsightVM is ranked 4th in Risk-Based Vulnerability Management with 54 reviews. Qualys VMDR is rated 8.2, while Rapid7 InsightVM is rated 8.0. The top reviewer of Qualys VMDR writes "Good visibility but expensive and needs better support". On the other hand, the top reviewer of Rapid7 InsightVM writes "You can scan a network, and receive recommendations to address vulnerabilities with the click of a button". Qualys VMDR is most compared with Tenable Nessus, Tenable Security Center, Microsoft Defender Vulnerability Management, Tenable Vulnerability Management and Microsoft Defender for Cloud Apps, whereas Rapid7 InsightVM is most compared with Tenable Nessus, Tenable Security Center, Microsoft Defender Vulnerability Management, Rapid7 InsightIDR and Wiz. See our Qualys VMDR vs. Rapid7 InsightVM report.

    See our list of best Risk-Based Vulnerability Management vendors.

    We monitor all Risk-Based Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.