No more typing reviews! Try our Samantha, our new voice AI agent.

Invicti vs Qualys VMDR comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Container Security
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Invicti
Ranking in Container Security
26th
Average Rating
8.2
Reviews Sentiment
6.8
Number of Reviews
31
Ranking in other categories
Static Application Security Testing (SAST) (12th), Software Composition Analysis (SCA) (10th), API Security (10th), Dynamic Application Security Testing (DAST) (4th), Application Security Posture Management (ASPM) (8th)
Qualys VMDR
Ranking in Container Security
9th
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
96
Ranking in other categories
IT Asset Management (3rd), Vulnerability Management (2nd), Configuration Management Databases (3rd), Risk-Based Vulnerability Management (1st)
 

Mindshare comparison

As of July 2026, in the Container Security category, the mindshare of Qualys TotalCloud is 1.5%, up from 0.9% compared to the previous year. The mindshare of Invicti is 1.0%, up from 0.3% compared to the previous year. The mindshare of Qualys VMDR is 2.1%, down from 2.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security Mindshare Distribution
ProductMindshare (%)
Qualys VMDR2.1%
Qualys TotalCloud1.5%
Invicti1.0%
Other95.4%
Container Security
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Valavan Sivgalingam - PeerSpot reviewer
Senior Manager, Security Engineering at ESS
Dynamic testing regularly identifies web vulnerabilities and has strong false positive confirmations
It has good false positive confirmations, confirmed issues identification, and proof of exploit-related features as part of it. We use Invicti for these things in our portfolios. The solution includes Proof-Based Scanning technology. Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios. For both the API endpoints and web applications, we do regular testing on a monthly basis for all our releases. Invicti does a good job. The only concern is on the performance side, but other than that, we find it really helpful in identifying web vulnerabilities. A full scan takes more time based on your website and other factors, but for us, it takes more than two to three days. The scan performance can be improved upon. When we check with them, they discuss proof-based scanning and related aspects. However, there could be intermittent results that could help us.
Vaibhav Ghule - PeerSpot reviewer
Soc Lead & Edr Administration at Persistent Systems
Continuous risk-based monitoring has strengthened incident response and vulnerability prioritization
I haven't explored Qualys VMDR's vulnerability lifecycle automation yet. One of my analysts mentioned that queries lack grouping operators in Qualys VMDR. From my experience, I would appreciate improvements in the query options in Qualys VMDR, specifically in the query-building process where I would need more features and operators. Additionally, we have been facing issues with Qualys on the cloud level. We cannot download the configuration profile from the cloud agent, and it is showing a pending action for download. During 2025, we noticed outages of Qualys a couple of times. I want to mention that there is an issue with receiving timely RCA deliveries. While this is not necessarily about the tool, it relates to support. The support has not been very responsive, and we are receiving RCAs a little delayed whenever we raise support cases or communicate with the TAMs. Additionally, the UI has a slight latency, which I and my team have experienced. They have also reported this latency issue when navigating through different pages.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Qualys TotalCloud has helped us view our risk structure, vulnerabilities, and security posture."
"One of the features I appreciate is the ability to generate daily reports without relying on anyone else."
"I like the web API security and IoT scanning features the most. The user-friendly design of TotalCloud's interface enables customers to navigate it and use its full potential easily"
"The best part I like is the on-demand scans."
"Qualys TotalCloud's most valuable features are its cloud security posture management, Kubernetes, and container security capabilities."
"TotalCloud's best feature is the integration of cloud accounts. It helps with the risk and security posture management of our cloud infrastructure."
"Qualys TotalCloud's most valuable feature is its agent versatility."
"In my opinion, this is the best tool."
"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."
"The scanner is light on the network and does not impact the network when scans are running."
"Netsparker has valuable features, including the ability to scan our website, an interactive approach, and security data integration."
"The most valuable feature of Invicti is getting baseline scanning and incremental scan."
"I would rate the stability as ten out of ten."
"It has improved the security of our code by scanning it and finding security defects."
"The scanner and the result generator are valuable features for us."
"Netsparker offers some pretty features: Crawling feature: Netsparker has very detail crawling steps and mechanisms, this feature expands the attack surface, Attacking feature: Actually, attacking is not a solo feature, it contains many attack engines, Hawk, and many properties, but Netsparker's attacking mechanism is very flexible, this increases the vulnerability detection rate, also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing, it's very valuable for a vulnerability scanner, and a very useful API for automating the scans."
"The initial setup and onboarding process of Qualys VMDR was quite smooth, as we were able to draft the SOPs from the documentation portal itself and everything was available in the documentation, so it was not a hassle for us to get the integrations done on time."
"The most valuable features of Qualys VMDR include patch management and the use of virtual scanners to scan appliances and devices, especially those provided by vendors where we cannot manage them ourselves."
"The Qualys Agent is most valuable for getting insight into what is happening on what device with all its metadata."
"I find the most valuable features are the continuous monitoring. Even on premises, there is constant monitoring."
"The initial setup was good. We didn't have any problems with it."
"It gives a very good overview of the inventory assessment process, and it can be accessed across our company because it's a global tool."
"The vulnerability management feature is what I used the most. It is a good SaaS product. It is easy to use. It has a nice UI where you can see all the assets and vulnerabilities."
"Once you are set up properly and have proper acceptance from support teams, device owners and senior management you can start to scan your environment much more often which increases your organizations ability to detect vulnerabilities more often reducing your overall vulnerability footprint and corresponding business risk."
 

Cons

"In my opinion, what can be improved in Qualys TotalCloud includes pricing and container scanning."
"There should be improvement from a dashboard perspective when collecting and showcasing data to lead management."
"In a future release, I suggest that zero-day vulnerabilities should be predicted in advance using AI technologies. The system is not 100% secure yet, so proactive threat hunting could be enhanced to be more proactive than the current system."
"It is already perfect, but they can bring some newer dashboards and customization options for the dashboard. It would be great to be able to include on-prem assets on the dashboard."
"The response part of the Cloud Detection and Response (CDR) module can be improved."
"Qualys TotalCloud has the potential to improve by integrating a hybrid platform for comprehensive management of both on-premises and cloud infrastructures."
"The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed."
"Overall, we are satisfied with it. However, the response part of the Cloud Detection and Response (CDR) module can be improved. It is not yet in place according to requirements; it is not completely available even though the module has been released."
"Netsparker doesn't provide the source code of the static application security testing."
"The support's response time could be faster since we are in different time zones."
"The license could be better. It would help if they could allow us to scan multiple URLs on the same license. It's a major hindrance that we are facing while scanning applications, and we have to be sure that the URLs are the same and not different so that we do not end up consuming another license for it. Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted. If you have a URL that you scanned once, like a website, you cannot retry that same license. If you are scanning the same website but in a different domain or different URL, you might end up paying for a second license. It would also be better if they provided proper support for multi-factor authentications. In the next release, I would like them to include good multi-factor authentication support."
"Maybe the ability to make a good reporting format is needed."
"Maybe supported clients can be improved. It still does not search vulnerabilities in DB2 databases, for example."
"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
"The solution needs to make a more specific report."
"Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted."
"I felt hindered sometimes within reports in that they were lacking somewhat on the customization side in terms of making use of the data."
"What we have found is that the solution is not closely tied with the patch management. It is okay with newer ones, like Windows 10 machines; it gives the correct patch. But for Windows 7 or Windows Server 2008, it does not give us the correct patch so we have to manually identify the patches. This is a major problem."
"The only improvement I can think of is on the implementation side, otherwise the operation is fine."
"Qualys should improve their customer experience. They need to improve the tech support experience and the turnaround time."
"Every time they make a change, it's not always super smooth, and it's a little quirky with bugs sometimes."
"One area of the product that could be improved is the management of vulnerabilities detected on disabled applications."
"There needs to be better documentation. Maybe their price scheduler could be made simpler. It's expensive."
"I would like to see this solution more developed and competitive in the Cloud space."
 

Pricing and Cost Advice

"Qualys TotalCloud is expensive."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"TotalCloud's price is about right where I would expect it to be."
"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."
"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."
"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."
"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
"The price should be 20% lower"
"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
"OWASP Zap is free and it has live updates, so that's a big plus."
"We never had any issues with the licensing; the price was within our assigned limits."
"It is competitive in the security market."
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."
"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"There are no additional fees in addition to the standard licensing fees."
"Qualys Virtual Scanner Appliance isn't expensive right now. But the price for their product bundles could be better."
"The pricing is very competitive."
"The solution is costly."
"An annual license for a single scanner costs around $3,000."
"We have an annual contract for Qualys VMDR. I believe it's for either two years or five years."
"Usually every implementation is different and the quote is in function of number of assets."
"The tool's pricing is expensive and I would rate the pricing a seven out of ten."
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Financial Services Firm
16%
Manufacturing Company
9%
Construction Company
7%
Computer Software Company
7%
Financial Services Firm
16%
Manufacturing Company
7%
Computer Software Company
7%
Construction Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
By reviewers
Company SizeCount
Small Business14
Midsize Enterprise4
Large Enterprise13
By reviewers
Company SizeCount
Small Business20
Midsize Enterprise12
Large Enterprise70
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
The setup cost is pretty competitive. For example, if you want to talk about the SAST license, it comes to about $150...
What needs improvement with Invicti?
At this time, there is nothing that comes to mind. However, most of the products in the market are pretty much neck-t...
What is your primary use case for Invicti?
I have worked on a couple of products, specifically in web application security. I have worked on Invicti, and with r...
What is your experience regarding pricing and costs for Qualys VMDR?
My experience with pricing, setup cost, and licensing shows that we can consider both time and money saved.
What needs improvement with Qualys VMDR?
I haven't explored Qualys VMDR's vulnerability lifecycle automation yet. One of my analysts mentioned that queries la...
What advice do you have for others considering Qualys VMDR?
I have some understanding about PeerSpot, and I have visited the website. PeerSpot is similar to TrustRadius. It take...
 

Also Known As

Qualys TotalCloud with FlexScan
Netsparker
Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security
 

Overview

 

Sample Customers

Information Not Available
Samsung, The Walt Disney Company, T-Systems, ING Bank
Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx
Find out what your peers are saying about Invicti vs. Qualys VMDR and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.