Qualys VMDR vs Rapid7 Metasploit comparison

Cancel
You must select at least 2 products to compare!
Qualys Logo
6,663 views|5,110 comparisons
Rapid7 Logo
2,709 views|1,596 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Qualys VMDR and Rapid7 Metasploit based on real PeerSpot user reviews.

Find out in this report how the two Risk-Based Vulnerability Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Qualys VMDR vs. Rapid7 Metasploit Report (Updated: March 2023).
765,234 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"I am impressed with the VMDR feature.""Vulnerability management is the most valuable one and it’s a must in every organization.""It is a stable solution.""The initial setup was good. We didn't have any problems with it.""Technical support is fantastic.""It is very easy to use and there are lots of options. We can usually easily go through it and all of the things we want to configure, and we can configure everything to our specifications very easily.""The most valuable feature is the ability to run different capabilities with the same agent. With only one agent, we can have EDR, vulnerability management, compliance and some basic SaaS security capabilities.""The most valuable feature is that this solution is very lightweight."

More Qualys VMDR Pros →

"The most valuable features of the solution are the scripts, the modules, and the tools that the Rapid7 Metasploit framework has.""All of the features are great.""Stability-wise, I rate the solution a nine out of ten...Scalability-wise, I rate the solution a nine out of ten.""The reporting on the solution is good.""The option to generate phishing emails has proven to be very valuable in understanding the behavior of users.""Rapid7 Metasploit is a useful product.""I use Rapid7 Metasploit for payload generation and Post-Exploitation.""The most valuable feature for us is the support for testing Linux-based web server components."

More Rapid7 Metasploit Pros →

Cons
"I do not like that all of the data is stored on the cloud.""Qualys VM's scanner doesn't pick up every vulnerability, so we have to use multiple scanners to cover that gap.""The reporting and the GUI need improvements.""The disadvantage of working with Qualys is that the graphical interface is quite outdated.""The reporting and dashboards could improve in Qualys VM. However, they have improved since the previous versions.""The only improvement I can think of is on the implementation side. At times it is a bit slow.""It's quite complex on the way it is set up, so it takes a fair bit of time in order to get your head around it in order to deploy it. Once you've deployed it, then you're never confident on the versions of the browsers and the SSL certificates, etc. You have to always go back into Qualys and check.""Qualys does have an on-prem solution, but it is very expensive."

More Qualys VMDR Cons →

"Rapid7 Metasploit can add a GUI feature because it is only available online.""The initial setup was a bit "tweaky" for the open-source version.""The open-source version has reporting limitations. You need to develop these capabilities yourself. Built-in reporting is an excellent feature for penetration testing, but it isn't a must-have. The solution could also cover more vulnerabilities. Metasploit has around 10,000 exploits in its library, but more is always better.""The solution is not very scalable, it does not provide any automation to be able to scale it.""Metasploit cannot be installed on a machine with an antivirus.""We'd like them to offer better coverage of malware.""I would like to see more capabilities, more functions, and more features. More types of attack vectors.""Better automation capabilities would be an improvement."

More Rapid7 Metasploit Cons →

Pricing and Cost Advice
  • "Usually every implementation is different and the quote is in function of number of assets."
  • "When you want to cover yourself for scalability, you will be charged for the number you place on the scan itself."
  • "It is more expensive than other products on the market."
  • "They have recently changed the pricing model, which is now better than it was before."
  • "It is different for every company, but for us, it's every three years."
  • "Qualys is cheaper and more affordable than other solutions."
  • "The pricing and licensing for Qualys could be improved."
  • "The license is on a yearly basis."
  • More Qualys VMDR Pricing and Cost Advice →

  • "I use the open-source version of this product. Pricing is not relevant."
  • "It is expensive. Our license expired, and our company is not thinking to renew because of our budget."
  • "The great advantage with Rapid7 Metasploit, of course, is that it's free."
  • "There are two versions available, one of which is the Pro version, and the other is the free version."
  • "Rapid7 Metasploit is cheaper than Tenable.io Vulnerability Management."
  • "On a scale of one to ten, where one is cheap and ten is expensive, I rate the product's pricing a six. So it's fairly priced."
  • "The pricing structure involves a one-time purchase cost of approximately twenty thousand dollars or euros for all customers."
  • "We pay monthly. The pricing is reasonable."
  • More Rapid7 Metasploit Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Risk-Based Vulnerability Management solutions are best for your needs.
    765,234 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Qualys VM is used for vulnerability scans for the internet and applications using application exchange. There are many applications. We also use the solution for asset management per team, and the… more »
    Top Answer:The process of defining and discovering scans is organized efficiently.
    Top Answer:The product is more expensive than that of any other vendor.
    Top Answer:The tool's most useful feature for penetration testing is its automation capabilities. With the professional edition, you can upload the results from Nessus in the Rapid7 Metasploit solution portal.
    Top Answer:We have paid for three years of licensing. We will not be renewing it. My company is in search of an alternative. Other tools are better than Rapid7 Metasploit, and it's important to evaluate EDR for… more »
    Top Answer:If your company's patch is not up to date, but you have other detection or defense solutions such as endpoint detection and response and antivirus software, the product exploit may not work… more »
    Ranking
    Views
    6,663
    Comparisons
    5,110
    Reviews
    26
    Average Words per Review
    423
    Rating
    8.0
    14th
    Views
    2,709
    Comparisons
    1,596
    Reviews
    5
    Average Words per Review
    465
    Rating
    7.6
    Comparisons
    Also Known As
    Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security, Qualys Virtual Scanner Appliance
    Metasploit
    Learn More
    Overview

    With VMDR, enterprises are empowered with visibility and insight into cyber risk exposure - making it easy to prioritize vulnerabilities, assets, or groups of assets based on business risk. Security teams can take action to mitigate risk, helping the business measure its true risk, and track risk reduction over time.

    Qualys VMDR offers an all-inclusive risk-based vulnerability management solution to prioritize vulnerabilities and assets based on risk and business criticality. VMDR seamlessly integrates with configuration management databases (CMDB) and patch management solutions to quickly discover, prioritize, and automatically remediate vulnerabilities at scale to reduce risk. Additionally, it integrates with ITSM solutions such as ServiceNow to automate and operationalize vulnerability management end-to-end.

    Get an all-Inclusive risk-based vulnerability management solution that prioritizes vulnerabilities, misconfigurations and assets based on risk, reduces risk by remediating vulnerabilities at scale, and helps organizations measure security program effectiveness by tracking risk reduction over time.

    Attackers are always developing new exploits and attack methods—Metasploit penetration testing software helps you use their own weapons against them. Utilizing an ever-growing database of exploits, you can safely simulate real-world attacks on your network to train your security team to spot and stop the real thing.

    Sample Customers
    Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx
    City of Corpus Christi, Diebold, Lumenate, Nebraska Public Power District, Prairie North Regional Health, Apptio, Automation Direct, Bob's Stores, Cardinal Innovations Healthcare Solutions, Carnegie Mellon University
    Top Industries
    REVIEWERS
    Financial Services Firm18%
    Comms Service Provider16%
    Manufacturing Company16%
    Transportation Company11%
    VISITORS READING REVIEWS
    Educational Organization32%
    Computer Software Company11%
    Financial Services Firm11%
    Manufacturing Company6%
    REVIEWERS
    Comms Service Provider33%
    Financial Services Firm17%
    Integrator8%
    Computer Software Company8%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm9%
    Manufacturing Company9%
    Government8%
    Company Size
    REVIEWERS
    Small Business20%
    Midsize Enterprise12%
    Large Enterprise68%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise41%
    Large Enterprise44%
    REVIEWERS
    Small Business21%
    Midsize Enterprise26%
    Large Enterprise53%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise18%
    Large Enterprise57%
    Buyer's Guide
    Qualys VMDR vs. Rapid7 Metasploit
    March 2023
    Find out what your peers are saying about Qualys VMDR vs. Rapid7 Metasploit and other solutions. Updated: March 2023.
    765,234 professionals have used our research since 2012.

    Qualys VMDR is ranked 3rd in Risk-Based Vulnerability Management with 76 reviews while Rapid7 Metasploit is ranked 14th in Vulnerability Management with 18 reviews. Qualys VMDR is rated 8.2, while Rapid7 Metasploit is rated 7.6. The top reviewer of Qualys VMDR writes "Good visibility but expensive and needs better support". On the other hand, the top reviewer of Rapid7 Metasploit writes "Directly exploit vulnerabilities, is stable, and scalable". Qualys VMDR is most compared with Tenable Nessus, Tenable Security Center, Rapid7 InsightVM, Microsoft Defender Vulnerability Management and Tenable Vulnerability Management, whereas Rapid7 Metasploit is most compared with Tenable Nessus, Pentera, Rapid7 InsightVM, Acunetix and Wireshark. See our Qualys VMDR vs. Rapid7 Metasploit report.

    We monitor all Risk-Based Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.