Cybersixgill vs Qualys VMDR vs Rapid7 Metasploit comparison

Cybersixgill and Qualys are both solutions in the Vulnerability Management category. Cybersixgill is ranked #60, while Qualys is ranked #2 with an average rating of 8.2. Cybersixgill holds a 0.2% mindshare in VM, compared to Qualys’s 12.8% mindshare. Additionally, 100% of Cybersixgill users are willing to recommend the solution, compared to 94% of Qualys users who would recommend it.

Cybersixgill

Read 4 Cybersixgill reviews

235 Views
107 Comparison Views

100% willing to recommend

Qualys VMDR

Read 85 Qualys VMDR reviews

13,634 Views
10,366 Comparison Views

94% willing to recommend

Rapid7 Metasploit

Read 18 Rapid7 Metasploit reviews

2,739 Views
1,559 Comparison Views

94% willing to recommend

Cybersixgill

Qualys VMDR

Rapid7 Metasploit

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Cybersixgill, Qualys VMDR, and Rapid7 Metasploit based on real PeerSpot user reviews.

Find out what your peers are saying about Tenable, Qualys, Wiz and others in Vulnerability Management.

To learn more, read our detailed Vulnerability Management Report (Updated: September 2024).

Buyer's Guide

Vulnerability Management

September 2024

Download the complete report

Helped 807,366 peers since 2012

Mindshare comparison

As of October 2024, in the Vulnerability Management category, the mindshare of Cybersixgill is 0.2%, up from 0.1% compared to the previous year. The mindshare of Qualys VMDR is 12.8%, down from 13.3% compared to the previous year. The mindshare of Rapid7 Metasploit is 1.8%, down from 1.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Vulnerability Management

Featured Reviews

reviewer1528356

Lead Cyber Threat-Intelligence Analyst at a educational organization with 10,001+ employees

Mar 10, 2021

Provides early detection of imminent attacks, and speeds up addressing of vulnerabilities internally because it makes them real

They're a newer company, so they're working on their UI a lot. Sometimes the UI is a little glitchy. They're working on different things and making efforts, so that's totally forgivable. But regarding their scraping abilities, things could be solidified. There are definitely improvements that could be made on the specificity for setting certain queries. Step-by-step videos would be useful, instead of a book of instructions, because they're a new tool. They're now getting to the point where video training would be useful, or even live training. More digestible video instructions or opportunities for training, so that you actually learn hands-on, would help.

Read full review

Harold Jensen

Senior Cybersecurity Engineer at 3M Health Information Systems

Jul 13, 2023

Good visibility but expensive and needs better support

Support: It's often overseas and often following a script, basically asking us to redo what we opened the case with. Multiple APIs: There seems to be a lack of easy onboarding into Qualys. We had to use manual inputs and some API calls to get items in place. Dashboard: It is very rudimentary with very little customization. The Qualys Scripting Language (QSL) works differently in different Qualys modules, so when you get it working in one area you have to modify the syntax in others. User account management: We often have to give users more rights than needed just to give them what they need. Integration with the various Qualys Modules: You can tell the UI is different based on of the different teams that created them. QSL syntax same in all modules Responsiveness of some of the components: They time out, you get a blank screen, etc. Backend updates between the various modules: You update connectors and information takes a few minutes to show in VMDR or Global Asset View Connectors: Connectors have a throttling issue with AWS which causes them to frequently fail unless you manually run them again.

Read full review

Aqeel Junaid

Junior Executive - Information Security at sunshine holdings

Mar 14, 2024

Helps find vulnerabilities in a system to determine whether the system needs to be upgraded

I've been using Rapid7 Metasploit to create vulnerabilities and test exploits. I can create malicious Word documents through the Rapid7 Metasploit framework for testing purposes. I can create a backdoor through the solution to test a web server or a vulnerable machine The most valuable features…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The solution’s approach of using limited open source intelligence and focusing, instead, on the Deep Web and Dark Web is what seals the deal. That is why I like them. I have other tools that I can aggregate all the open source intelligence from. I value Cybersixgill because it provides access to things that no one else does."

"To be diligent for the customer, we usually go into Cybersixgill Investigative Portal to analyze and search things. The solution tells us the reputation of cyber threat actors. So, if someone has a reputation of one, it is a really bad idea to care about what that person is saying. However, if you find someone with a reputation of nine, then there is a high probability that we need to address the problem. You can get information about these type of actors in Cybersixgill Investigative Portal. They have a huge collection, which is like having the rules/goals of the dark web and deep web without having to go there. Our analysts avoid going dark web because they have Cybersixgill Investigative Portal and can get the news from their browser, searching wherever they want."

"They also provide some of the greatest notification capabilities. I put in a customer's company name and domain names, or sometimes I put in their IP addresses as a keyword. Once Sixgill collects information that includes those keywords, they then provide us email notifications. That means we can catch information related to our customers as soon as possible."

"The advanced analysis has made our security operations more efficient. It has also potentially given us quicker access to data that we might not have otherwise located."

"There are fewer false positives when using this solution."

"The process of defining and discovering scans is organized efficiently."

"Qualys VM has allowed us to know the vulnerabilities we need to prioritize based on the threat levels and the possible impact if there's an intrusion."

"Qualys VM's best features are vulnerability management and customizable scoring."

"The most valuable features of Qualys VMDR include patch management and the use of virtual scanners to scan appliances and devices, especially those provided by vendors where we cannot manage them ourselves."

"Provides great functionality."

"The most recent is VMDR, which provides a comprehensive overview of how to detect, patch, and remediate specific vulnerabilities."

"Performs automated, regular scans in the network."

More Qualys VMDR pros

"Technical support has been helpful and responsive."

"The greatest advantage of Rapid7 Metasploit is that it is the only system that can directly exploit vulnerabilities on the Metasploit platform."

"The reporting on the solution is good."

"I don't have any other tools like it, and I always use it when I'm doing a pen test. Metasploit is a great solution for penetration testing,"

"It is scalable. It's in line with our needs."

"The Search Engineering feature is good."

"The most valuable feature for us is the support for testing Linux-based web server components."

"Rapid7 Metasploit is a useful product."

More Rapid7 Metasploit pros

Cons

"We need real-time updated information. If we could have this, it would be amazing. For example, if someone was posting something, then ten second later, it was on the platform. Sometimes, it takes a minute or hours right now, depending on the forum."

"The breadth of access to data is good, but there are gaps. More data would be my suggestion because the platform is good and I have no complaints about the system. I think it is just a case of always trying to get more data sources."

"Sixgill has strong capabilities based on search queries, but there is some difficulty in using Sixgill. Their querying is very powerful but it can be difficult. It's not hugely complex but you need some skill to use Sixgill querying."

"Regarding their scraping abilities, things could be solidified. There are definitely improvements that could be made on the specificity for setting certain queries."

"I do not like that all of the data is stored on the cloud."

"I would like to see this solution more developed and competitive in the Cloud space."

"Qualys should improve their customer experience. They need to improve the tech support experience and the turnaround time."

"Qualys VM's scanner doesn't pick up every vulnerability, so we have to use multiple scanners to cover that gap."

"The IoT scan is not great."

"I would like to have CSPM, a continuous scan-like cloud added to the solution."

"We are moving away from Qualys to Defender ATP because I find that Defender ATP is much better at prioritizing the vulnerabilities that I should be looking at."

"They have integrated with other third parties, but it is still not viable."

More Qualys VMDR cons

"At the time I was using it, the graphical user interface needed some improvements."

"If your company's patch is not up to date, but you have other detection or defense solutions such as endpoint detection and response and antivirus software, the product exploit may not work effectively. This is because its exploit database update process is slow and not real-time. For zero-day vulnerabilities or new security threats, relying on Rapid7 Metasploit alone may not be effective."

"The open-source version has reporting limitations. You need to develop these capabilities yourself. Built-in reporting is an excellent feature for penetration testing, but it isn't a must-have. The solution could also cover more vulnerabilities. Metasploit has around 10,000 exploits in its library, but more is always better."

"The solution should improve the responsiveness of its live technical support."

"Rapid7 Metasploit can add a GUI feature because it is only available online."

"The initial setup was a bit "tweaky" for the open-source version."

"It is necessary to add some training materials and a tutorial for beginners."

"The solution is not very scalable, it does not provide any automation to be able to scale it."

More Rapid7 Metasploit cons

Pricing and Cost Advice

"Sometimes, Cybersixgill Investigative Portal is cheaper than its competitors."

"The pricing is cheap compared with Recorded Future. Sixgill's cost-effectiveness is very good."

"The pricing and licensing are good. It is expensive for us because the US dollar is quite strong compared to our dollar. Otherwise, it is quite reasonable for what it is. All the tools in the market are around the same price from my experience."

"The solution is reasonably priced for the value it provides."

"We do see over $100,000 in terms of price, for mid-size programs. You likely will pay more than $100,000 without any discount. It is a bit pricey."

"There is a license for the use of this solution. We pay annually instead of monthly to receive a better discount on the price."

"There are no additional fees in addition to the standard licensing fees."

"Qualys is a pay-as-you-go model, so there's flexibility to the pricing."

"It is different for every company, but for us, it's every three years."

"The pricing is very competitive."

"Qualys VM is quite expensive. It's a subscription-based license, and it's yearly. Right now, it's open for me, and I don't have any limitations or caps on the licenses. They are seeing if the product is viable for 4500 users. I can add as much as I want, and at the end of the subscription, they'll let me know how many licenses were actually used and bill me accordingly. On a scale from one to five, I would give their pricing a three. It's still expensive."

More Qualys VMDR pricing and cost advice

"It is expensive. Our license expired, and our company is not thinking to renew because of our budget."

"There are two versions available, one of which is the Pro version, and the other is the free version."

"The pricing structure involves a one-time purchase cost of approximately twenty thousand dollars or euros for all customers."

"I use the open-source version of this product. Pricing is not relevant."

"Rapid7 Metasploit is cheaper than Tenable.io Vulnerability Management."

"The great advantage with Rapid7 Metasploit, of course, is that it's free."

"We pay monthly. The pricing is reasonable."

"It is a reasonably priced solution. I would rate it from five out of ten."

More Rapid7 Metasploit pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.

See recommendations

807,366 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

14%

Financial Services Firm

11%

Manufacturing Company

10%

Government

Educational Organization

35%

Computer Software Company

11%

Financial Services Firm

10%

Manufacturing Company

Computer Software Company

17%

Financial Services Firm

11%

Manufacturing Company

Educational Organization

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

Ask a question

Earn 20 points

What is your primary use case for Qualys VM?

Qualys VM is used for vulnerability scans for the internet and applications using application exchange. There are man...

See all answers

What do you like most about Qualys VMDR?

I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagg...

See all answers

What is your experience regarding pricing and costs for Qualys VMDR?

The solution is reasonably priced for the value it provides. Our contract renewal was approximately 2.5 million ZAR f...

See all answers

What do you like most about Rapid7 Metasploit?

I use Rapid7 Metasploit for payload generation and Post-Exploitation.

See all answers

What is your experience regarding pricing and costs for Rapid7 Metasploit?

I have used the free version of Rapid7 Metasploit.

See all answers

What needs improvement with Rapid7 Metasploit?

Rapid7 Metasploit could be made easier for new users to learn.

See all answers

Comparisons

Recorded Future vs Cybersixgill

Compared 73% of the time

Digital Shadows vs Cybersixgill

Compared 10% of the time

CyberInt Argos vs Cybersixgill

Compared 9% of the time

ZeroFOX vs Cybersixgill

Compared 8% of the time

More Cybersixgill Competitors

Tenable Nessus vs Qualys VMDR

Compared 20% of the time

Rapid7 InsightVM vs Qualys VMDR

Compared 9% of the time

Tenable Security Center vs Qualys VMDR

Compared 8% of the time

Microsoft Defender Vulnerability Management vs Qualys VMDR

Compared 8% of the time

Wiz vs Qualys VMDR

Compared 5% of the time

More Qualys VMDR Competitors

Tenable Nessus vs Rapid7 Metasploit

Compared 31% of the time

Acunetix vs Rapid7 Metasploit

Compared 13% of the time

Pentera vs Rapid7 Metasploit

Compared 10% of the time

Rapid7 InsightVM vs Rapid7 Metasploit

Compared 6% of the time

Nucleus vs Rapid7 Metasploit

Compared 5% of the time

More Rapid7 Metasploit Competitors

Product Reports

Buyer's Guide

Cybersixgill

September 2024

Download Cybersixgill product report

Buyer's Guide

Qualys VMDR

September 2024

Download Qualys VMDR product report

Buyer's Guide

Rapid7 Metasploit

September 2024

Download Rapid7 Metasploit product report

Also Known As

No data available

Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security, Qualys Virtual Scanner Appliance

Metasploit

Learn More

Cybersixgill

Qualys

Rapid7

Overview

Sixgill’s fully automated threat intelligence solutions help organizations fight cyber crime, detect phishing, data leaks, fraud and vulnerabilities as well as amplify incident response in real-time.

Sixgill Investigative Portal empowers security teams with contextual and actionable alerts, along with the ability to conduct real-time, covert investigations:

Powered by the largest data lake of deep and dark web activity
Real-time actionable alerts customized to your organization
Quick deep dive into any escalation in real-time and gain a complete picture to understand the context.
Research threat actors profile, MO and history. Review and analyze across languages, sites, timeframes, types of products, topics, entities and more

Vulnerability Management, Detection, and Response (VMDR) is a cornerstone product of the Qualys TruRisk Platform and a global leader in the enterprise-grade vulnerability management (VM) vendor space. With VMDR, enterprises are empowered with visibility and insight into cyber risk exposure - making it easy to prioritize vulnerabilities, assets, or groups of assets based on business risk. Security teams can take action to mitigate risk, helping the business measure their actual risk exposure over time.

Qualys VMDR offers an all-inclusive risk-based vulnerability management solution to prioritize vulnerabilities and assets based on risk and business criticality. VMDR seamlessly integrates with configuration management databases (CMDB), Qualys Patch Management, Custom Assessment and Remediation (CAR), Qualys TotalCloud and other Qualys and non-Qualys solutions to facilitate vulnerability detection and remediation across the entire enterprise.

With VMDR, users are empowered with actionable risk insights that translate vulnerabilities and exploits into optimized remediation actions based on business impact. Qualys customers can now aggregate and orchestrate data from the Qualys Threat Library, 25+ threat intelligence feeds, and third-party security and IT solutions, empowering organizations to measure, communicate, and eliminate risk across on-premises, hybrid, and cloud environments.

Attackers are always developing new exploits and attack methods—Metasploit penetration testing software helps you use their own weapons against them. Utilizing an ever-growing database of exploits, you can safely simulate real-world attacks on your network to train your security team to spot and stop the real thing.

Sample Customers

Current customers include large enterprises, financial services, manufacturing, GSIs, MSSPs, government and law enforcement entities.

Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx

City of Corpus Christi, Diebold, Lumenate, Nebraska Public Power District, Prairie North Regional Health, Apptio, Automation Direct, Bob's Stores, Cardinal Innovations Healthcare Solutions, Carnegie Mellon University

Buyer's Guide

Vulnerability Management

September 2024

Download Free Report

Find out what your peers are saying about Tenable, Qualys, Wiz and others in Vulnerability Management. Updated: September 2024.

DOWNLOAD NOW

807,366 professionals have used our research since 2012.