We performed a comparison between Qualys VMDR and Rapid7 Metasploit based on real PeerSpot user reviews.
Find out in this report how the two Risk-Based Vulnerability Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Qualys VM had a recent upgrade and the newer version is supporting the cloud."
"This is one of the best products I have worked with so far. I like the power of Qualys, and it's a better solution because you can scan a compact file, a BIT file, or batch files. The product already knows what's happening inside, and you don't need to expand the package. Tenable will do the same thing, but you need to have a package issuance claim. With Qualys, we can immediately understand the file, even a compact file. If there's some kind of discovery or incident, you will know what happened in the environment."
"Intuitive and easy to use."
"It is a stable solution."
"The most valuable feature of the solution is the external channel."
"Qualys has a continuous endpoint monitoring feature for agent-based scanning. Once you deploy the solution, it monitors everything that is happening every 30 minutes. Then, if there are any vulnerabilities, they are reported."
"It is a simple solution that makes scanning easy. You just give it a scheduled task, and it will do everything for you."
"The most recent is VMDR, which provides a comprehensive overview of how to detect, patch, and remediate specific vulnerabilities."
"Technical support has been helpful and responsive."
"It is scalable. It's in line with our needs."
"The greatest advantage of Rapid7 Metasploit is that it is the only system that can directly exploit vulnerabilities on the Metasploit platform."
"The option to generate phishing emails has proven to be very valuable in understanding the behavior of users."
"The Search Engineering feature is good."
"The solution is open source and has many small targetted penetration tests that have been written by many people that are useful. You can choose different subjects for the test, such as Oracle databases or Apache servers."
"All of the features are great."
"I use Rapid7 Metasploit for payload generation and Post-Exploitation."
"Qualys could be improved in its overall performance compared to other vulnerability management or scanning tools."
"The solution is a bit expensive if you do not have access to discounts."
"Qualys VM's vulnerability scan could be improved, especially the number of CVE numbers it can manage at a time."
"Qualys does have an on-prem solution, but it is very expensive."
"Qualys Container Security can improve the interface. It could be easier to navigate and be enriched."
"One of the biggest issues from the clients' perspective is that all Qualys computing is on the cloud."
"Qualys VM's machine learning and artificial intelligence features could be improved."
"Reports were lacking somewhat on the customization side."
"The solution should improve the responsiveness of its live technical support."
"Rapid7 Metasploit could be made easier for new users to learn."
"The open-source version has reporting limitations. You need to develop these capabilities yourself. Built-in reporting is an excellent feature for penetration testing, but it isn't a must-have. The solution could also cover more vulnerabilities. Metasploit has around 10,000 exploits in its library, but more is always better."
"I think areas with shortcomings that need improvement are more integration and automation."
"Rapid7 Metasploit can add a GUI feature because it is only available online."
"I would like to see more capabilities, more functions, and more features. More types of attack vectors."
"The initial setup was a bit "tweaky" for the open-source version."
"There are numerous outdated exploits in their database that should be updated."
Qualys VMDR is ranked 3rd in Risk-Based Vulnerability Management with 77 reviews while Rapid7 Metasploit is ranked 11th in Vulnerability Management with 18 reviews. Qualys VMDR is rated 8.2, while Rapid7 Metasploit is rated 7.6. The top reviewer of Qualys VMDR writes "Good visibility but expensive and needs better support". On the other hand, the top reviewer of Rapid7 Metasploit writes "Helps find vulnerabilities in a system to determine whether the system needs to be upgraded". Qualys VMDR is most compared with Tenable Nessus, Tenable Security Center, Rapid7 InsightVM, Microsoft Defender Vulnerability Management and Tenable Vulnerability Management, whereas Rapid7 Metasploit is most compared with Tenable Nessus, Pentera, Acunetix, Rapid7 InsightVM and PortSwigger Burp Suite Enterprise Edition. See our Qualys VMDR vs. Rapid7 Metasploit report.
We monitor all Risk-Based Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.