IT Central Station is now PeerSpot: Here's why

Qualys VM vs Rapid7 InsightVM comparison

You must select at least 2 products to compare!
Qualys Logo
13,194 views|10,651 comparisons
Rapid7 Logo
14,353 views|10,504 comparisons
Featured Review
Buyer's Guide
Qualys VM vs. Rapid7 InsightVM
July 2022
Find out what your peers are saying about Qualys VM vs. Rapid7 InsightVM and other solutions. Updated: July 2022.
621,327 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"Technical support is great and we've never really had a problem.""The most recent is VMDR, which provides a comprehensive overview of how to detect, patch, and remediate specific vulnerabilities.""Qualys VM's most valuable feature is automatic detection.""I find Qualys VM very robust, and it's very useful for vulnerability management and patch management. The value that it brings to my environment is economies of scale. There is no limitation on adding any endpoints. You go by the rule, and it's added once another endpoint is added to our environment. It's automatically installed, and it's less work from our end. It frees up my license automatically if I don't need an endpoint or if my machine is decommissioned. I like the dashboard displays because I don't see any duplication. The most important part is vulnerability management and prioritization. Unlike Symantec, it shows the kind of vulnerability I would want to patch first. It provides a holistic view of the kind of vulnerabilities and the ones I should remediate first. I don't have to do a scan; it just brings up those critical kinds of vulnerabilities like zero-day vulnerabilities and tells me to prioritize them. You have to prioritize these vulnerabilities first and go on with the rest. The dashboard shows me the ones that have been fixed, so I don't have to complete an aging report. The user experience and the graphical interface are good. As it's user-friendly and understandable on an executive level, it brings real value. We also use this solution because it's robust and flexibile.""Intuitive and easy to use.""The most valuable feature is the connection of threat intelligence information with identified vulnerabilities, which means you can prioritize vulnerabilities according to actual attacks.""Great web application security for scanning.""Qualys VM had a recent upgrade and the newer version is supporting the cloud."

More Qualys VM Pros →

"One of the most valuable features is it's graphical dashboard feature. It is quite easy to manage the widgets, and we can customize those according to our queries.""InsightVM's most valuable feature is risk scoring, a formula based on different vectors like the ease of exploitation and the availability of the machine.""The discovery and prioritization of vulnerabilities.""When you connect any new device to the network, Rapid7 has the ability to detect the new device immediately. It can scan that device to detect if it has any vulnerability. It tells you what is vulnerable and what has been misconfigured. It also tells you what is the risk of that misconfiguration or lack of patches and how to resolve the problem.""It's a relevant management tool.""The feature that I have found most valuable is its dashboards.""The most valuable features of Rapid7 InsightVM are the accurate level of scanning and the workflows are good.""When it comes to the process, installation is very easy and does not take long."

More Rapid7 InsightVM Pros →

"Qualys VM could improve by having more skilled support personnel.""Qualys currently does not have any features for scanning SCADA, IoT, and Industrial Control Systems.""Some of the older features could be polished instead of focusing on releasing new features.""Sometimes the scanning can get overwhelmed and start to drag when a lot of users are trying to scan at once.""The price could be better. Asset view is still a legacy feature. I'm not able to extract the information about the asset with complete details. It would be better if they fixed that in the next release. I know Qualys is already working on it, so I'm hopeful it will be available in the next five or six months. That would be something that's changed where I seek improvement.""I would like to see more accuracy in detections, better reporting capabilities, and better dashboard download capabilities.""Endpoint stability and fault resolution could be improved.""The solution is a bit expensive if you do not have access to discounts."

More Qualys VM Cons →

"Their customer support should be improved, and the effectiveness of scans also needs to be improved.""Rapid7 could be easier to manage.""InsightVM is getting a little stale and is in danger of falling behind its competitors.""The product does not have the capability to do dynamic scanning of non-web applications.""We'd like the agent to cover more compliance issues.""Some of our customers want to be completely cloud based, and Rapid7 doesn't offer this as an option.""Within InsightVM, there is no feature to assign a ticket. If we can have more API calls, we can do that from InsightVM.""There are end-user needs and expectations that are being overlooked in the development that could be addressed by appointing a customer advisory board."

More Rapid7 InsightVM Cons →

Pricing and Cost Advice
  • "They have recently changed the pricing model, which is now better than it was before."
  • "It is different for every company, but for us, it's every three years."
  • "Qualys is cheaper and more affordable than other solutions."
  • "The pricing and licensing for Qualys could be improved."
  • "We do see over $100,000 in terms of price, for mid-size programs. You likely will pay more than $100,000 without any discount. It is a bit pricey."
  • "I used to work there, so I never paid for the product. As an employee, we get a lifetime license for personal use, and that's what I'm using. It is a comprehensive platform, so there is a lot more to it. There could be other solutions that are probably a little bit cheaper, but it depends on what people need. Different people have different needs. It offers many things on the same platform. If you add all the things up, it should be cheaper, but I have not done any analysis specifically."
  • "There is a license for the use of this solution. We pay annually instead of monthly to receive a better discount on the price."
  • "Qualys VM is better suited for medium to large companies because the price can be too much for smaller customers."
  • More Qualys VM Pricing and Cost Advice →

  • "The licensing is asset-based and very straightforward."
  • "Its price is too high. My only concern or issue with Rapid7 is its pricing."
  • "Comparing the price with the value that we receive, I am not happy with it."
  • "The license is annual and this is the optimal approach when it comes to most software."
  • "In some cases, we procure the licenses. In some cases, the customers directly buy the license from Rapid7."
  • "Licensing fees are paid on a yearly basis."
  • "We have an annual license to use Rapid7 InsightVM and if we want to extend it, we will possibly choose more than one year."
  • "Pricing is reasonable because we pay according to asset usage. We can define our assets and sites according to our preference."
  • More Rapid7 InsightVM Pricing and Cost Advice →

    Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
    621,327 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Qualys has a continuous endpoint monitoring feature for agent-based scanning. Once you deploy the solution, it monitors everything that is happening every 30 minutes. Then, if there are any… more »
    Top Answer:Qualys is a pay-as-you-go model, so there's flexibility to the pricing.
    Top Answer:They have everything covered as far as features are concerned, but Qualys should improve their customer experience. They need to improve the tech support experience and the turnaround time.
    Top Answer:You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. You can easily prioritize vulnerabilities using attacker analytics. Overall, Rapid7… more »
    Top Answer:InsightVM's most valuable feature is risk scoring, a formula based on different vectors like the ease of exploitation and the availability of the machine.
    Top Answer:InsightVM's licensing starts at a minimum of 128 IPs and can scale up to over 1,000.
    Average Words per Review
    Average Words per Review
    Also Known As
    QualysGuard VM
    InsightVM, NeXpose
    Learn More

    Qualys Vulnerability Management (VM) is a cloud-based service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest Internet threats and how to protect them. It helps you to continuously identify threats and monitor unexpected changes in your network before they turn into breaches.

    Rapid7 InsightVM is a comprehensive vulnerability management platform that protects your systems from attackers and is easy to scale. The solution provides easy access to vulnerability management, application security, detection and response, external threat intelligence, orchestration and automation, and more. Rapid7 InsightVM is ideal for security, IT, and DevOps teams, helping them reduce risk by enabling them to detect and respond to attacks quickly.

    Rapid7 InsightVM Features

    Rapid7 InsightVM has many valuable key features. Some of the most useful ones include:

    • Automated containment: With this feature, you can decrease exposure from vulnerabilities by automatically implementing temporary (or permanent) compensating controls via your network access control (NAC) systems, firewalls, and endpoint detection and response tools.
    • Policy assessment: Rapid7 InsightVM offers pre-built scan templates for common compliance requirements. The solution helps you take clear, actionable steps to compliance once you have assessed your risk posture. In addition, Rapid7 InsightVM’s Custom Policy Builder allows you to modify existing benchmarks or create new policies from scratch.
    • REST API: Rapid7 InsightVM REST API is easy to use and was built to easily automate virtually any aspect of vulnerability management, from data collection to risk analysis.
    • Live dashboards: Rapid7 InsightVM includes dashboards that are live and interactive by nature. The live dashboards enable you to create custom cards and full dashboards for anyone in your organization and allow you to track progress of your security program.
    • Automation-assisted patching: Rapid7 InsightVM’s automation-assisted patching gives you the autonomy to make key decisions in your patching process, such as your approval to apply certain patches to certain vulnerabilities.
    • Real risk prioritization: Rapid7 InsightVM makes it simple to know which vulnerabilities need to be prioritized and where your riskiest assets lie.
    • Goals and SLA’s: This feature enables you to make and track progress toward your goals and service level agreements (SLAs) at an appropriate pace.

    Rapid7 InsightVM Benefits

    There are many benefits to implementing Rapid7 InsightVM. Some of the biggest advantages the solution offers include:

    • Attack surface monitoring for maintained visibility: By leveraging attack surface monitoring with Project Sonar (a Rapid7 research project that regularly scans the internet to gain insights into global exposure to common vulnerabilities), you can gain more control of all of your external-facing assets, both known and unknown.
    • Container security: Rapid7 InsightVM integrates with your CI/CD tools, public container repositories, and private repositories to assess container images for vulnerabilities during the build process even before they are deployed.
    • Lightweight endpoint agent: Rapid7 InsightVM unifies data so you only need to install a single agent for continuous vulnerability assessment, incident detection, and log data collection.
    • Easily assign and track remediation duties: Using Rapid7 InsightVM, IT and security teams can assign as well as track remediation duties without having to deal with remediation reports, complex spreadsheets, or back-and-forth email tags.
    • Integration with cloud services and virtual infrastructure: Rapid7 InsightVM provides full visibility into risk across your physical, virtual, and cloud infrastructure.
    • Integrated threat feeds: Rapid7 InsightVM is designed with integrated threat feeds, giving you a dynamic view that shows you which threats are most relevant to your environment, enabling you to better protect against current, impending threats so you can react quickly to critical vulnerabilities.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by PeerSpot users currently using the Rapid7 InsightVM solution.

    An owner at a tech services company says, "I liked the dashboard on it. I could customize my dashboard with different widgets and different heat maps."

    PeerSpot user Kimeang S., Technical Consultant at Yip Intsoi, mentions, "The most important aspect of the solution is that it rarely gives false positives, especially compared to other products. It provides very clear reports for our IT teams to look at."

    A Director of Information Technology at a government explains, "The main functionality of identifying item endpoints that weren't properly patched or had vulnerabilities is the solution's most valuable feature."

    Learn more about Qualys VM
    Learn more about Rapid7 InsightVM
    Sample Customers
    Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx
    ACS, Acosta, AllianceData,, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM
    Top Industries
    Financial Services Firm21%
    Comms Service Provider18%
    Manufacturing Company11%
    Healthcare Company11%
    Computer Software Company25%
    Comms Service Provider16%
    Financial Services Firm9%
    Financial Services Firm16%
    Computer Software Company16%
    Insurance Company11%
    Comms Service Provider11%
    Computer Software Company22%
    Comms Service Provider17%
    Insurance Company7%
    Company Size
    Small Business21%
    Midsize Enterprise16%
    Large Enterprise63%
    Small Business20%
    Midsize Enterprise18%
    Large Enterprise62%
    Small Business39%
    Midsize Enterprise22%
    Large Enterprise39%
    Small Business21%
    Midsize Enterprise18%
    Large Enterprise61%
    Buyer's Guide
    Qualys VM vs. Rapid7 InsightVM
    July 2022
    Find out what your peers are saying about Qualys VM vs. Rapid7 InsightVM and other solutions. Updated: July 2022.
    621,327 professionals have used our research since 2012.

    Qualys VM is ranked 3rd in Vulnerability Management with 24 reviews while Rapid7 InsightVM is ranked 5th in Vulnerability Management with 22 reviews. Qualys VM is rated 8.2, while Rapid7 InsightVM is rated 7.4. The top reviewer of Qualys VM writes "Excellent continuous monitoring, helpful technical support, easy to scale, and simple to install". On the other hand, the top reviewer of Rapid7 InsightVM writes "Broad capabilities make this scanning solution able to cover a lot of ground". Qualys VM is most compared with Tenable Nessus, Tenable SC, Microsoft Defender for Cloud Apps, Vulnerability Management and Darktrace, whereas Rapid7 InsightVM is most compared with Tenable Nessus, Tenable SC, Vulnerability Management, Microsoft Intune and Rapid7 InsightIDR. See our Qualys VM vs. Rapid7 InsightVM report.

    See our list of best Vulnerability Management vendors.

    We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.