CoreOS Clair vs Qualys VMDR comparison

Cancel
You must select at least 2 products to compare!
Red Hat Logo
757 views|606 comparisons
Qualys Logo
2,714 views|1,999 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between CoreOS Clair and Qualys VMDR based on real PeerSpot user reviews.

Find out what your peers are saying about Palo Alto Networks, Wiz, Microsoft and others in Container Security.
To learn more, read our detailed Container Security Report (Updated: March 2024).
765,386 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"CoreOS Clair's best feature is detection accuracy."

More CoreOS Clair Pros →

"I find Qualys VM very robust, and it's very useful for vulnerability management and patch management. The value that it brings to my environment is economies of scale. There is no limitation on adding any endpoints. You go by the rule, and it's added once another endpoint is added to our environment. It's automatically installed, and it's less work from our end. It frees up my license automatically if I don't need an endpoint or if my machine is decommissioned. I like the dashboard displays because I don't see any duplication. The most important part is vulnerability management and prioritization. Unlike Symantec, it shows the kind of vulnerability I would want to patch first. It provides a holistic view of the kind of vulnerabilities and the ones I should remediate first. I don't have to do a scan; it just brings up those critical kinds of vulnerabilities like zero-day vulnerabilities and tells me to prioritize them. You have to prioritize these vulnerabilities first and go on with the rest. The dashboard shows me the ones that have been fixed, so I don't have to complete an aging report. The user experience and the graphical interface are good. As it's user-friendly and understandable on an executive level, it brings real value. We also use this solution because it's robust and flexibile.""Intuitive and easy to use.""The Vulnerability Management and Patch Management features are the most valuable features of this solution.""Qualys VM is very stable.""The most valuable feature is the certificate management.""Qualys has a continuous endpoint monitoring feature for agent-based scanning. Once you deploy the solution, it monitors everything that is happening every 30 minutes. Then, if there are any vulnerabilities, they are reported.""The most valuable feature of Qualys Container Security is the detailed information in the reports and the remediation. This is done to make sure there are no vulnerabilities.""The biggest benefit is from a security operations perspective, where we are able to drive our security posture upwards by remediating any discovered vulnerabilities."

More Qualys VMDR Pros →

Cons
"An area for improvement is that CoreOS Clair doesn't provide information about the location of vulnerabilities it detects."

More CoreOS Clair Cons →

"Endpoint stability and fault resolution could be improved.""The IoT scan is not great.""This solution could be improved by extending the agent capabilities to different operating systems including Mac and Linux. We would also like the capability to easily check for vulnerability in assets in the IOTs.""The ability to manage user accounts and give rights to the operator to know about abnormalities of applications is something that needs improvement.""I would like to see this solution more developed and competitive in the Cloud space.""The reporting in this solution can be improved.""Qualys VM could improve by having more skilled support personnel.""I would like to see this solution simplified to work more easily in a multi-cloud environment."

More Qualys VMDR Cons →

Pricing and Cost Advice
  • "CoreOS Clair is open-source and free of charge."
  • More CoreOS Clair Pricing and Cost Advice →

  • "Usually every implementation is different and the quote is in function of number of assets."
  • "When you want to cover yourself for scalability, you will be charged for the number you place on the scan itself."
  • "It is more expensive than other products on the market."
  • "They have recently changed the pricing model, which is now better than it was before."
  • "It is different for every company, but for us, it's every three years."
  • "Qualys is cheaper and more affordable than other solutions."
  • "The pricing and licensing for Qualys could be improved."
  • "The license is on a yearly basis."
  • More Qualys VMDR Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Container Security solutions are best for your needs.
    765,386 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:CoreOS Clair's best feature is detection accuracy.
    Top Answer:CoreOS Clair is open-source and free of charge.
    Top Answer:An area for improvement is that CoreOS Clair doesn't provide information about the location of vulnerabilities it detects. They should disclose these details immediately in a public database.
    Top Answer:Qualys VM is used for vulnerability scans for the internet and applications using application exchange. There are many applications. We also use the solution for asset management per team, and the… more »
    Top Answer:The process of defining and discovering scans is organized efficiently.
    Top Answer:The product is more expensive than that of any other vendor.
    Ranking
    26th
    out of 59 in Container Security
    Views
    757
    Comparisons
    606
    Reviews
    1
    Average Words per Review
    238
    Rating
    8.0
    11th
    out of 59 in Container Security
    Views
    2,714
    Comparisons
    1,999
    Reviews
    26
    Average Words per Review
    423
    Rating
    8.0
    Comparisons
    Also Known As
    Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security, Qualys Virtual Scanner Appliance
    Learn More
    Overview

    Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers.

    Vulnerability data is continuously imported from a known set of sources and correlated with the indexed contents of container images in order to produce lists of vulnerabilities that threaten a container. When vulnerability data changes upstream, the previous state and new state of the vulnerability along with the images they affect can be sent via webhook to a configured endpoint. All major components can be customized programmatically at compile-time without forking the project.

    With VMDR, enterprises are empowered with visibility and insight into cyber risk exposure - making it easy to prioritize vulnerabilities, assets, or groups of assets based on business risk. Security teams can take action to mitigate risk, helping the business measure its true risk, and track risk reduction over time.

    Qualys VMDR offers an all-inclusive risk-based vulnerability management solution to prioritize vulnerabilities and assets based on risk and business criticality. VMDR seamlessly integrates with configuration management databases (CMDB) and patch management solutions to quickly discover, prioritize, and automatically remediate vulnerabilities at scale to reduce risk. Additionally, it integrates with ITSM solutions such as ServiceNow to automate and operationalize vulnerability management end-to-end.

    Get an all-Inclusive risk-based vulnerability management solution that prioritizes vulnerabilities, misconfigurations and assets based on risk, reduces risk by remediating vulnerabilities at scale, and helps organizations measure security program effectiveness by tracking risk reduction over time.

    Sample Customers
    eBay, Veritas, Verizon, SalesForce
    Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx
    Top Industries
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company16%
    Manufacturing Company13%
    Government7%
    REVIEWERS
    Financial Services Firm18%
    Comms Service Provider16%
    Manufacturing Company16%
    Transportation Company11%
    VISITORS READING REVIEWS
    Educational Organization32%
    Computer Software Company11%
    Financial Services Firm11%
    Manufacturing Company6%
    Company Size
    VISITORS READING REVIEWS
    Small Business18%
    Midsize Enterprise9%
    Large Enterprise73%
    REVIEWERS
    Small Business20%
    Midsize Enterprise12%
    Large Enterprise68%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise41%
    Large Enterprise44%
    Buyer's Guide
    Container Security
    March 2024
    Find out what your peers are saying about Palo Alto Networks, Wiz, Microsoft and others in Container Security. Updated: March 2024.
    765,386 professionals have used our research since 2012.

    CoreOS Clair is ranked 26th in Container Security with 1 review while Qualys VMDR is ranked 11th in Container Security with 76 reviews. CoreOS Clair is rated 8.0, while Qualys VMDR is rated 8.2. The top reviewer of CoreOS Clair writes "Excellent detection accuracy". On the other hand, the top reviewer of Qualys VMDR writes "Good visibility but expensive and needs better support". CoreOS Clair is most compared with Snyk, Red Hat Advanced Cluster Security for Kubernetes, JFrog Xray, Aqua Cloud Security Platform and Tenable.io Container Security, whereas Qualys VMDR is most compared with Tenable Nessus, Tenable Security Center, Rapid7 InsightVM, Microsoft Defender Vulnerability Management and Tenable Vulnerability Management.

    See our list of best Container Security vendors.

    We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.