Qualys VMDR vs Vectra AI comparison

Qualys VMDR
Read 77 Qualys VMDR reviews
  • 6,732 Views
  • 5,110 Comparison Views
93% willing to recommend
Vectra AI
Read 42 Vectra AI reviews
  • 7,149 Views
  • 3,331 Comparison Views
97% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Qualys VMDR and Vectra AI based on real PeerSpot user reviews.

Find out what your peers are saying about Tenable, Qualys, Rapid7 and others in Risk-Based Vulnerability Management.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Risk-Based Vulnerability Management Report (Updated: May 2024).
Buyer's Guide
Risk-Based Vulnerability Management
May 2024
Download the complete report
Helped 787,033 peers since 2012
 

Categories and Ranking

Qualys VMDR
Average Rating
8.2
Number of Reviews
77
Ranking in other categories
IT Asset Management (7th), Configuration Management Databases (3rd), Container Security (11th), Risk-Based Vulnerability Management (3rd)
Vectra AI
Average Rating
8.6
Number of Reviews
42
Ranking in other categories
Intrusion Detection and Prevention Software (IDPS) (2nd), Network Traffic Analysis (NTA) (2nd), Network Detection and Response (NDR) (2nd), Identity Threat Detection and Response (ITDR) (6th)
 

Market share comparison

As of June 2024, in the Risk-Based Vulnerability Management category, the market share of Qualys VMDR is 18.5% and it increased by 3.9% compared to the previous year. The market share of Vectra AI is 0.2% and it decreased by 31.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Risk-Based Vulnerability Management
Unique Categories:
IT Asset Management
4.0%
Configuration Management Databases
1.9%
Intrusion Detection and Prevention Software (IDPS)
14.2%
Network Traffic Analysis (NTA)
22.0%
 

Featured Reviews

Jan Vobruba - PeerSpot reviewer
Oct 3, 2022
Easy to use, well supported with continually improving functionality
If you're not overly experienced and you're looking for something in their management, it can sometimes be quite difficult because they can move buttons around without sending an update. Previously, if you deployed the Cloud Agent, you could define which tech would be under the agent and where it would be deployed. It now requires some text preparation and the Cloud Agent then downloads the specific profile defined without any indication that this might happen. If you are not using vulnerability management, you are not able to create the correct patch process for all applications stored on the system. It would be helpful if Qualys would integrate with more systems like ServiceNow, Jira, and so on, to create some tickets and integrate them into the active directory, because each group works differently and if you need to prepare a ticket, it must be defined to a specific group of people. Qualys just created a kit on ServiceNow, but it doesn't have the correct group of people in the active directory.
Read full review
RM
Mar 7, 2023
Helps us to have more visibility in terms of what happens in our network and the network at large
In terms of valuable features, I like the ability to record the traffic and the metadata in the traffic. I also like the ability to rewind the past and be able to understand what happened. Some of my colleagues like the ability to investigate incidents. Vectra AI has had a positive effect on the productivity of our company's top teams. They use it a lot to understand what's going on. However, we still need to teach people how to use it to its full potential because it's quite a complicated product. The Sidekick MDR service is quite important to our organization’s security monitoring and management. The Sidekick team is able to give us the ins and outs of what's going on with some incidents. They are able to triage and help us to focus on a particular part of detection. They also gave us advice on how to configure some parts of the product. The two people I worked with from the MDR service are really good at what they do, and it's quite nice to work with them.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I find the solution's dashboard interesting...The response time is fine. You can pull up reports without dragging or consuming bandwidth."
"We also like the flexibility in their licensing."
"The features that are most valuable are the identification, scan features, and the identification of vulnerabilities."
"It's very configurable to adjust impact to systems."
"Qualys VM had a recent upgrade and the newer version is supporting the cloud."
"Qualys VM's best feature is vulnerability management."
"Detects new hosts along with vulnerabilities."
"Technical support is fantastic."
More Qualys VMDR pros
"It keeps up with the network traffic, which is a good thing. It provides more context to plain alerts compared to using an older system. So, it helps an analyst reduce the information overload."
"The administrative privilege detection feature is the most valuable feature. The admin accounts are often highly accessible to the high-risk component of the environment. If those accounts are compromised or are being used in a suspicious manner, that's high-fidelity events for us to look into."
"It has helped us to organize our security. We get a better overview on what is happening on the network, which has helped us get quicker responses to users. If we see malicious activity, then we can quickly take action on it. Previously, we weren't getting an overview as fast as we are now, so we can now provide a quicker response."
"The packet-capturing feature is very useful."
"It's important for us that the user interface is easy to understand and that is the biggest benefit we see from Vectra AI."
"Vectra is very compatible with various cloud providers, such as Amazon and Azure AD. This is helpful as customers often migrate their network infrastructure to the cloud."
"One of the things that we didn't expect to happen was that our network team also jumped on it faster than we thought. In most cases, if it's a security tool that's working on the network part, they can also use it to find out certain flaws that have been in the system. Certain flaws, related to some legacy stuff, were already there for quite a few years, which they couldn't explain at first, but we could explain them based on the timing of certain things."
"It's easy to manage, and I love the UX. It's very well designed. When we are looking for something, it's quite easy to find it."
More Vectra AI pros
 

Cons

"It's quite complex on the way it is set up, so it takes a fair bit of time in order to get your head around it in order to deploy it. Once you've deployed it, then you're never confident on the versions of the browsers and the SSL certificates, etc. You have to always go back into Qualys and check."
"Certain integration factors between different options could be improved."
"Finding things in management can be quite difficult."
"Qualys could be improved in its overall performance compared to other vulnerability management or scanning tools."
"Its integration with ServiceNow and other similar products is complicated and can be improved. It should also have virtual batching. They should support more standards and compliance requirements and more customizations. For policy compliance, they can add the standards required by the countries in the Middle East. Each country generates its own standards and frameworks, and those frameworks should be there in all products, not only in Qualys. The market here is huge, especially in the cybersecurity field. Qatar has a framework for Qatar 2022, and each and every company in the public or private sector has to follow the Qatar 2022 framework."
"I would like to have CSPM, a continuous scan-like cloud added to the solution."
"I would like to see more accuracy in detections, better reporting capabilities, and better dashboard download capabilities."
"There seems to be a lack of easy onboarding into Qualys."
More Qualys VMDR cons
"It does a little bit of packet capture on alert so you can look at the packet capture activity going on, but it doesn't collect a whole lot of data. Sometimes it's only one or two frames, sometimes it does collect more. That's why they have the addition of their Recall platform, because that really does help expand the capability."
"One area where there's room for improvement is the absence of a comprehensive TCP recording and replay feature."
"The rules for threats are not always precise and Vectra AI should improve this."
"What is most important for us is to have one place where we can manage a few brains because we are based on a zero-trust network. As a result, each customer needs to have a separate brain. For the SOC team, we need to have one place where the SOC analyst can go to visit the website and from that site manage all of the customers. Right now, Vectra AI doesn't have this capability, and I would really like to have this feature."
"The reporting from Cognito Detect is very limited and doesn't give you too many options. If I want to prepare a customized report on a particular host, even though I see the data, I have to manually prepare the report. The reporting features that are built into the tool are not very helpful."
"In education as a sector, we are looking at AI a lot in terms of how it can be used as part of the teaching and learning side of things. It would be great to have Vectra AI look at a better way to enhance the security posture related to the AI tools in our portfolio."
"Vectra Recall could be utilized much more, and I'm seeing some indications of that today with the investigative components. I use the Visualize feature to visualize components and dashboards a lot. I'm interested in new ways to build automated searches or having them leveraged already from Vectra."
"You are always limited with visibility on the host due to the fact that it is a network based tool. It gives you visibility on certain elements of the attack path, but it doesn't necessarily give you visibility on everything. Specifically, the initial intrusion side of things that doesn't necessarily see the initial compromise. It doesn't see stuff that goes on the host, such as where scripts are run. Even though you are seeing traffic, it doesn't necessarily see the malicious payload. Therefore, it's very difficult for it to identify these type of host-driven complex attacks."
More Vectra AI cons
 

Pricing and Cost Advice

"The pricing and licensing for Qualys could be improved."
"An annual license for a single scanner costs around $3,000."
"In Nigerian Naira, we spend about roughly four to five million to use this solution and this is expensive compared to solutions like Nessus."
"It's very expensive, especially if you want to use multiple modules of Qualys."
"Qualys VM is quite expensive. It's a subscription-based license, and it's yearly. Right now, it's open for me, and I don't have any limitations or caps on the licenses. They are seeing if the product is viable for 4500 users. I can add as much as I want, and at the end of the subscription, they'll let me know how many licenses were actually used and bill me accordingly. On a scale from one to five, I would give their pricing a three. It's still expensive."
"The solution is expensive."
"Usually every implementation is different and the quote is in function of number of assets."
"When you want to cover yourself for scalability, you will be charged for the number you place on the scan itself."
More Qualys VMDR pricing and cost advice
"Vectra's pricing is too high. All schools will not be able to afford it. Vectra will only end up targeting higher education and higher value independence purely because of the price. A lot of schools would love to have a product like Vectra AI, but they simply can't because they struggle to even pay the high E5 licensing from Microsoft. When you're up against that, Vectra AI is never going to be within the sector's price range."
"Vectra AI's pricing is cheaper than that of Darktrace."
"Their licensing model is antiquated. I'm not a fan of their licensing model. We have to pay for licensing based on four different things. You have to pay based on the number of unique IPs, the number of logs that we send through Recall and Stream, and the size of our environment. They need to simplify their licensing down to just one thing. It should be based on the amount of data, the number of devices, or something else, but there should be just one thing for everything. That's what they need to base their licensing on. Cost-wise, they're not cheap. They were definitely the most expensive option, but you get what you pay for. They're not the cheapest option."
"The licensing is on an annual basis."
"At the time of purchase, we found the pricing acceptable. We had an urgency to get something in place because we had a minor breach that occurred at the tail end of 2016 to the beginning of 2017. This indicated we had a lack of ability to detect things on the network. Hence, why we moved quickly to get into the tool in place. We found things like Bitcoin mining and botnets which we closed quickly. In that regard, it was worth the money."
"The solution's pricing was 50 percent lower than the other vendors shortlisted."
"It is an expensive solution, but it's not the most expensive we've seen. We also know how much we're going to pay, unlike with some other providers where all of a sudden our license explodes."
"Vectra AI is not a cheap solution."
More Vectra AI pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Risk-Based Vulnerability Management solutions are best for your needs.
See recommendations
787,033 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
33%
Computer Software Company
11%
Financial Services Firm
11%
Manufacturing Company
6%
Computer Software Company
16%
Financial Services Firm
12%
Government
7%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What is your primary use case for Qualys VM?
Qualys VM is used for vulnerability scans for the internet and applications using application exchange. There are many applications. We also use the solution for asset management per team, and the ...
See all answers
What do you like most about Qualys VMDR?
I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagging system is good for tagging. We can still use QualysAgent task ID tools even ...
See all answers
What is your experience regarding pricing and costs for Qualys VMDR?
We have an annual contract for Qualys VMDR. I believe it's for either two years or five years.
See all answers
What is the biggest difference between Corelight and Vectra AI?
The two platforms take a fundamentally different approach to NDR. Corelight is limited to use cases that require the eventual forwarding of events and parsed data logs to a security team’s SIEM or ...
See all answers
What do you like most about Vectra AI?
The solution is currently used as a central threat detection and response system.
See all answers
What is your experience regarding pricing and costs for Vectra AI?
The licensing is on annual basis.
See all answers
 

Comparisons

Tenable Nessus vs Qualys VMDR Logo
Tenable Nessus vs Qualys VMDR
Compared 25% of the time
Tenable Security Center vs Qualys VMDR Logo
Tenable Security Center vs Qualys VMDR
Compared 10% of the time
Rapid7 InsightVM vs Qualys VMDR Logo
Rapid7 InsightVM vs Qualys VMDR
Compared 8% of the time
Microsoft Defender Vulnerability Management vs Qualys VMDR Logo
Microsoft Defender Vulnerability Management vs Qualys VMDR
Compared 6% of the time
Tenable Vulnerability Management vs Qualys VMDR Logo
Tenable Vulnerability Management vs Qualys VMDR
Compared 5% of the time
More Qualys VMDR Competitors
Darktrace vs Vectra AI Logo
Darktrace vs Vectra AI
Compared 36% of the time
ExtraHop Reveal(x) vs Vectra AI Logo
ExtraHop Reveal(x) vs Vectra AI
Compared 11% of the time
Cisco Secure Network Analytics vs Vectra AI Logo
Cisco Secure Network Analytics vs Vectra AI
Compared 7% of the time
Arista NDR vs Vectra AI Logo
Arista NDR vs Vectra AI
Compared 6% of the time
Corelight vs Vectra AI Logo
Corelight vs Vectra AI
Compared 4% of the time
More Vectra AI Competitors
 

Product Reports

Buyer's Guide
Qualys VMDR
May 2024
Qualys VMDR reportDownload Qualys VMDR product report
Buyer's Guide
Vectra AI
May 2024
Vectra AI reportDownload Vectra AI product report
 

Also Known As

Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security, Qualys Virtual Scanner Appliance
Vectra Networks, Vectra AI NDR
 

Learn More

Qualys
Vectra AI
 

Overview

Vulnerability Management, Detection, and Response (VMDR) is a cornerstone product of the Qualys TruRisk Platform and a global leader in the enterprise-grade vulnerability management (VM) vendor space. With VMDR, enterprises are empowered with visibility and insight into cyber risk exposure - making it easy to prioritize vulnerabilities, assets, or groups of assets based on business risk. Security teams can take action to mitigate risk, helping the business measure their actual risk exposure over time. 

Qualys VMDR offers an all-inclusive risk-based vulnerability management solution to prioritize vulnerabilities and assets based on risk and business criticality. VMDR seamlessly integrates with configuration management databases (CMDB), Qualys Patch Management, Custom Assessment and Remediation (CAR), Qualys TotalCloud and other Qualys and non-Qualys solutions to facilitate vulnerability detection and remediation across the entire enterprise.

With VMDR, users are empowered with actionable risk insights that translate vulnerabilities and exploits into optimized remediation actions based on business impact. Qualys customers can now aggregate and orchestrate data from the Qualys Threat Library, 25+ threat intelligence feeds, and third-party security and IT solutions, empowering organizations to measure, communicate, and eliminate risk across on-premises, hybrid, and cloud environments.

Vectra threat detection and response is a complete cybersecurity platform that collects, detects, and prioritizes security alerts. The Cognito platform for Network Detection and Response (NDR) detects and responds to attacks inside cloud, data center, Internet of Things, and enterprise networks. The platform also provides automated response capabilities for low-level threats and escalates more severe anomalies to security personnel.

Cognito captures data for multiple relevant sources and enriches it with context and security insights. It starts by deploying sensors across different networks in datacenters, IoT, or enterprise networks. The algorithm extracts relevant metadata from network and cloud traffic. The information can also be non-security information that can help investigation. 

The data is enriched with security context to support critical use cases, such as threat detection, investigation, hunting and compliance. The platform is machine learning-based, which enables it to adapt to any new and current threat scenario. It detects, clusters, prioritizes, and anticipates attacks by using identity and host-level enforcement. 

With the Vectra platform, a person can investigate 50 threats in just two hours. By prioritizing alerts and leveraging threat intelligence, it provides faster results.Vectra solves today’s security challenges for network detection and response. 

One of Vectra’s best features is the emphasis they put in pairing research and data science for security insights. It offers behavior codification with unsupervised, supervised, and deep learning models. 

The pricing is according to a subscription model with a free trial available.Vectra is available for Office 365, Azure AD and AWS Brain.

Features of Vectra AI

  • AI-based threat detection and response. 
  • Detects attacks in real time with behavior-based threat detection. 
  • Consolidates and correlates thousands of events, detecting threats. 
  • Enriches threat investigation with a chain of evidence and data science security insights. 
  • Machine learning techniques, including deep learning and neural networks. 
  • Gives visibility into cyberattackers and analyzes all network traffic. 
  • Continuous updates with new threat detection algorithms. 
  • Provides encryption at rest and in transit. For the AWS version, it offers AES-256 encryption via AWS Key Management Service. 
  • Guaranteed availability according to the SLA of the service selected. 
  • Does not connect to public sector networks. 

Benefits of Vectra AI

  • Behavioral models use AI to find unknown attackers. 
  • Context increases the accuracy of threat hunting. 
  • Allows for proactive action by prioritizing the most relevant information. 
  • Provides a clear picture and extensive context for investigations. 
  • Aids decision-making in the incident response process. 
  • Helps working with large datasets by capturing metadata at scale. 
  • Automates time-consuming analysis. 
  • Reduces the security analysts’ workloads on threat investigations. 

Other advantages of Vectra services include that they can be deployed in the public, private, or hybrid cloud. Support is available via email or online ticketing with an average of 4 hours of response. Phone support is available 24/7. 

Vectra provides full on-site and online training and documentation. Regarding the user interface, it supports several types of web browsers, such as Internet Explorer, Microsoft Edge, Firefox, Chrome, Safari and Opera. However, it is not available for mobile devices.

Reviews from Real Users

Here’s what PeerSpot users of Vectra AI have to say about it:

"One of the core features is that Vectra AI triages threats and correlates them with compromised host devices. From a visibility perspective, we can better track the threat across the network. Instead of us potentially finding one device that has been impacted without Vectra AI, it will give us the visibility of everywhere that threat went. Therefore, visibility has increased for us." - Dave W., Operations Manager at a healthcare company

"It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low.” - T.S., Senior Security Engineer at a manufacturing company

 

Sample Customers

Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx
Tribune Media Group, Barry University, Aruba Networks, Good Technology, Riverbed, Santa Clara University, Securities Exchange, Tri-State Generation and Transmission Association
Buyer's Guide
Risk-Based Vulnerability Management
May 2024
Download Free Report
Find out what your peers are saying about Tenable, Qualys, Rapid7 and others in Risk-Based Vulnerability Management. Updated: May 2024.
DOWNLOAD NOW
787,033 professionals have used our research since 2012.

We monitor all Risk-Based Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.