Qualys VMDR vs. Rapid7 InsightVM

Qualys VMDR is best suited for larger companies with a very large IT asset footprint. Qualys VMDR is not suited for businesses that are small and upcoming as the price for the tool is very expensive and could be a budget sink if not used properly. In our organization we use the Qualys VMDR dashboard and reporting in order to collect any vulnerabilities we miss during our routine audits to ensure that our environment is stable and protected for attacks.

Incentivized

Rapid7 InsightVM is perfect for a scenario where IT admin or CISO wants to scan its infrastructure to be sure that there is no vulnerability that could be exploited from outside or inside the company. It also could be used to automate patching and dealing with vulnerabilities. It's also adapted for users that need cloud security management

Incentivized

• vulnerability detection
• updated CVEs and support from product
• Reporting
• Scheduling tasks

Incentivized

• Being a vulnerability scanner tool, its purpose is to scan the systems to find the vulnerabilities. We can define the assets like IP address for the scans and it also allows to either schedule the scan at a preferred time or start the scan immediately. Upon completion of the scan, this tool can result provide the details like host type, OS information, hardware address, along with the vulnerabilities.
• Rapid7 Nexpose has a list of templates to perform the scan. Once the templates are defined then the scans are performed accordingly.
• It also contains an option to add credentials/authentication using passwords, usernames, private keys to perform the credential-based scans which I think is a great feature.

Incentivized

• Front-line technical support
• A little expensive in comparison with other solutions

Incentivized

• In comparison to Tenable SecurityCenter we saw it didn't exactly find the same vulnerabilities which we would assume it should have
• We rely on a ticketing system and not our VM tool to assign tasks so wasn't too useful having that in there
• Filtering capabilities aren't as good as its competitors

Incentivized

This is iron but I am giving it 5 star and I can give more If I can do because they are best in support. So once you own this product they will assign a dedicated support for you and when you are under the weather with anything just connect them with anything call, ping or ticket they will come like Genie.

I gave it a seven due to the functionality and general ease of use after the initial setup headaches, but compared to Qualys, Rapid7 Nexpose falls short on features and ease of use. Their support drags this rating down a point as well. I have gone weeks with no update on semi-critical issues and typically have to make call after call to get a semi-coherent response.

Incentivized

Qualys VMDR was selected against competitors because of the depth of insight the platform provides. When stacked against other competitors, platforms like Syxsense couldn't produce the same level on insight and reporting like how Qualys VMDR does. Qualys VMDR also does a great job at gathering information about the latest security definitions and using those to analyze our environment to alert of any vulnerabilities. Something that Syxsense couldn't.

Incentivized

Nessus Pro does scans, but does not maintain an inventory from scan to scan. There is no history for a specific device, you have to look inside the results of each scan. Search across inventory is non-existent. There are no dashboards for data analysis. This is no tracking for remediation

Incentivized

• Faster patching
• Easy reports for multiple teams to work in coordination
• Solutions to patch vulnerabilities

Incentivized

• Can reduce time to patch most critical vulnerabilities
• Can help to identify who is spending time patching things of lower risk thus keeping the organization in a more vulnerable position
• Easily provides the patch team with a work plan to enhance security more quickly

Incentivized