Cybersixgill vs Qualys VMDR vs Rapid7 Metasploit comparison

Cybersixgill and Qualys are both solutions in the Vulnerability Management category. Cybersixgill is ranked #60, while Qualys is ranked #2 with an average rating of 8.2. Cybersixgill holds a 0.2% mindshare in VM, compared to Qualys’s 12.8% mindshare. Additionally, 100% of Cybersixgill users are willing to recommend the solution, compared to 94% of Qualys users who would recommend it.

Cybersixgill

Read 4 Cybersixgill reviews

235 Views
107 Comparison Views

100% willing to recommend

Qualys VMDR

Read 85 Qualys VMDR reviews

13,634 Views
10,366 Comparison Views

94% willing to recommend

Rapid7 Metasploit

Read 18 Rapid7 Metasploit reviews

2,739 Views
1,559 Comparison Views

94% willing to recommend

Cybersixgill

Qualys VMDR

Rapid7 Metasploit

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Cybersixgill, Qualys VMDR, and Rapid7 Metasploit based on real PeerSpot user reviews.

Find out what your peers are saying about Tenable, Qualys, Wiz and others in Vulnerability Management.

To learn more, read our detailed Vulnerability Management Report (Updated: September 2024).

Buyer's Guide

Vulnerability Management

September 2024

Download the complete report

Helped 807,366 peers since 2012

Mindshare comparison

As of October 2024, in the Vulnerability Management category, the mindshare of Cybersixgill is 0.2%, up from 0.1% compared to the previous year. The mindshare of Qualys VMDR is 12.8%, down from 13.3% compared to the previous year. The mindshare of Rapid7 Metasploit is 1.8%, down from 1.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Vulnerability Management

Featured Reviews

reviewer1528356

Lead Cyber Threat-Intelligence Analyst at a educational organization with 10,001+ employees

Mar 10, 2021

Provides early detection of imminent attacks, and speeds up addressing of vulnerabilities internally because it makes them real

They're a newer company, so they're working on their UI a lot. Sometimes the UI is a little glitchy. They're working on different things and making efforts, so that's totally forgivable. But regarding their scraping abilities, things could be solidified. There are definitely improvements that could be made on the specificity for setting certain queries. Step-by-step videos would be useful, instead of a book of instructions, because they're a new tool. They're now getting to the point where video training would be useful, or even live training. More digestible video instructions or opportunities for training, so that you actually learn hands-on, would help.

Read full review

Harold Jensen

Senior Cybersecurity Engineer at 3M Health Information Systems

Jul 13, 2023

Good visibility but expensive and needs better support

Support: It's often overseas and often following a script, basically asking us to redo what we opened the case with. Multiple APIs: There seems to be a lack of easy onboarding into Qualys. We had to use manual inputs and some API calls to get items in place. Dashboard: It is very rudimentary with very little customization. The Qualys Scripting Language (QSL) works differently in different Qualys modules, so when you get it working in one area you have to modify the syntax in others. User account management: We often have to give users more rights than needed just to give them what they need. Integration with the various Qualys Modules: You can tell the UI is different based on of the different teams that created them. QSL syntax same in all modules Responsiveness of some of the components: They time out, you get a blank screen, etc. Backend updates between the various modules: You update connectors and information takes a few minutes to show in VMDR or Global Asset View Connectors: Connectors have a throttling issue with AWS which causes them to frequently fail unless you manually run them again.

Read full review

Aqeel Junaid

Junior Executive - Information Security at sunshine holdings

Mar 14, 2024

Helps find vulnerabilities in a system to determine whether the system needs to be upgraded

I've been using Rapid7 Metasploit to create vulnerabilities and test exploits. I can create malicious Word documents through the Rapid7 Metasploit framework for testing purposes. I can create a backdoor through the solution to test a web server or a vulnerable machine The most valuable features…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"To be diligent for the customer, we usually go into Cybersixgill Investigative Portal to analyze and search things. The solution tells us the reputation of cyber threat actors. So, if someone has a reputation of one, it is a really bad idea to care about what that person is saying. However, if you find someone with a reputation of nine, then there is a high probability that we need to address the problem. You can get information about these type of actors in Cybersixgill Investigative Portal. They have a huge collection, which is like having the rules/goals of the dark web and deep web without having to go there. Our analysts avoid going dark web because they have Cybersixgill Investigative Portal and can get the news from their browser, searching wherever they want."

"The solution’s approach of using limited open source intelligence and focusing, instead, on the Deep Web and Dark Web is what seals the deal. That is why I like them. I have other tools that I can aggregate all the open source intelligence from. I value Cybersixgill because it provides access to things that no one else does."

"They also provide some of the greatest notification capabilities. I put in a customer's company name and domain names, or sometimes I put in their IP addresses as a keyword. Once Sixgill collects information that includes those keywords, they then provide us email notifications. That means we can catch information related to our customers as soon as possible."

"The advanced analysis has made our security operations more efficient. It has also potentially given us quicker access to data that we might not have otherwise located."

"It is quite easy to implement."

"It is a simple solution that makes scanning easy. You just give it a scheduled task, and it will do everything for you."

"It's also highly customizable, allowing us to tailor it to our needs."

"The integrations for this solution are very good. I use a different product for virtual patching of vulnerabilities and Qualys integrates well with that product."

"The most valuable feature is the vulnerability assessment."

"What I like about Qualys VM is the dashboard presentation. It's very good."

"Performs automated, regular scans in the network."

"It's very configurable to adjust impact to systems."

More Qualys VMDR pros

"It is scalable. It's in line with our needs."

"Stability-wise, I rate the solution a nine out of ten...Scalability-wise, I rate the solution a nine out of ten."

"All of the features are great."

"The tool's most useful feature for penetration testing is its automation capabilities. With the professional edition, you can upload the results from Nessus in the Rapid7 Metasploit solution portal."

"Technical support has been helpful and responsive."

"The most valuable features of the solution are the scripts, the modules, and the tools that the Rapid7 Metasploit framework has."

"The Search Engineering feature is good."

"It allows us to concentrate solely on identified vulnerabilities without the hassle of additional setup."

More Rapid7 Metasploit pros

Cons

"Regarding their scraping abilities, things could be solidified. There are definitely improvements that could be made on the specificity for setting certain queries."

"The breadth of access to data is good, but there are gaps. More data would be my suggestion because the platform is good and I have no complaints about the system. I think it is just a case of always trying to get more data sources."

"Sixgill has strong capabilities based on search queries, but there is some difficulty in using Sixgill. Their querying is very powerful but it can be difficult. It's not hugely complex but you need some skill to use Sixgill querying."

"We need real-time updated information. If we could have this, it would be amazing. For example, if someone was posting something, then ten second later, it was on the platform. Sometimes, it takes a minute or hours right now, depending on the forum."

"I would like to see this solution simplified to work more easily in a multi-cloud environment."

"The solution is a bit expensive if you do not have access to discounts."

"They're still evolving their platform in terms of reporting capabilities."

"Integration could be better. When you think about scanning, it's not used just with this product alone but with other Qualys products. If you think about the bundle, the product itself is good. But integration with other products and packages has space for improvement. They should also offer a better price for bundles."

"The reporting needs improvement. It should generate much more stuff like field reports."

"Could use additional security for the app."

"I would like to see more accuracy in detections, better reporting capabilities, and better dashboard download capabilities."

"It's quite complex on the way it is set up, so it takes a fair bit of time in order to get your head around it in order to deploy it. Once you've deployed it, then you're never confident on the versions of the browsers and the SSL certificates, etc. You have to always go back into Qualys and check."

More Qualys VMDR cons

"Rapid7 Metasploit could be made easier for new users to learn."

"The solution is not very scalable, it does not provide any automation to be able to scale it."

"The initial setup was a bit "tweaky" for the open-source version."

"There are numerous outdated exploits in their database that should be updated."

"The open-source version has reporting limitations. You need to develop these capabilities yourself. Built-in reporting is an excellent feature for penetration testing, but it isn't a must-have. The solution could also cover more vulnerabilities. Metasploit has around 10,000 exploits in its library, but more is always better."

"I think areas with shortcomings that need improvement are more integration and automation."

"It is necessary to add some training materials and a tutorial for beginners."

"At the time I was using it, the graphical user interface needed some improvements."

More Rapid7 Metasploit cons

Pricing and Cost Advice

"The pricing and licensing are good. It is expensive for us because the US dollar is quite strong compared to our dollar. Otherwise, it is quite reasonable for what it is. All the tools in the market are around the same price from my experience."

"Sometimes, Cybersixgill Investigative Portal is cheaper than its competitors."

"The pricing is cheap compared with Recorded Future. Sixgill's cost-effectiveness is very good."

"In Nigerian Naira, we spend about roughly four to five million to use this solution and this is expensive compared to solutions like Nessus."

"We do see over $100,000 in terms of price, for mid-size programs. You likely will pay more than $100,000 without any discount. It is a bit pricey."

"The tool's pricing is expensive and I would rate the pricing a seven out of ten."

"Qualys VM is reasonably priced."

"Usually every implementation is different and the quote is in function of number of assets."

"The solution is reasonably priced for the value it provides."

"It is a high cost product. Compared to the other solutions, it is around 15 to 20% higher in cost."

"The pricing is very competitive."

More Qualys VMDR pricing and cost advice

"The great advantage with Rapid7 Metasploit, of course, is that it's free."

"It is a reasonably priced solution. I would rate it from five out of ten."

"I have used the free version of Rapid7 Metasploit."

"There are two versions available, one of which is the Pro version, and the other is the free version."

"Rapid7 Metasploit is cheaper than Tenable.io Vulnerability Management."

"It is expensive. Our license expired, and our company is not thinking to renew because of our budget."

"The pricing structure involves a one-time purchase cost of approximately twenty thousand dollars or euros for all customers."

"Rapid7 Metasploit is an open-source solution."

More Rapid7 Metasploit pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.

See recommendations

807,366 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

14%

Financial Services Firm

11%

Manufacturing Company

10%

Government

Educational Organization

35%

Computer Software Company

11%

Financial Services Firm

10%

Manufacturing Company

Computer Software Company

17%

Financial Services Firm

11%

Manufacturing Company

Educational Organization

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

Ask a question

Earn 20 points

What is your primary use case for Qualys VM?

Qualys VM is used for vulnerability scans for the internet and applications using application exchange. There are man...

See all answers

What do you like most about Qualys VMDR?

I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagg...

See all answers

What is your experience regarding pricing and costs for Qualys VMDR?

The solution is reasonably priced for the value it provides. Our contract renewal was approximately 2.5 million ZAR f...

See all answers

What do you like most about Rapid7 Metasploit?

I use Rapid7 Metasploit for payload generation and Post-Exploitation.

See all answers

What is your experience regarding pricing and costs for Rapid7 Metasploit?

I have used the free version of Rapid7 Metasploit.

See all answers

What needs improvement with Rapid7 Metasploit?

Rapid7 Metasploit could be made easier for new users to learn.

See all answers

Comparisons

Recorded Future vs Cybersixgill

Compared 73% of the time

Digital Shadows vs Cybersixgill

Compared 10% of the time

CyberInt Argos vs Cybersixgill

Compared 9% of the time

ZeroFOX vs Cybersixgill

Compared 8% of the time

More Cybersixgill Competitors

Tenable Nessus vs Qualys VMDR

Compared 20% of the time

Rapid7 InsightVM vs Qualys VMDR

Compared 9% of the time

Tenable Security Center vs Qualys VMDR

Compared 8% of the time

Microsoft Defender Vulnerability Management vs Qualys VMDR

Compared 8% of the time

Wiz vs Qualys VMDR

Compared 5% of the time

More Qualys VMDR Competitors

Tenable Nessus vs Rapid7 Metasploit

Compared 31% of the time

Acunetix vs Rapid7 Metasploit

Compared 13% of the time

Pentera vs Rapid7 Metasploit

Compared 10% of the time

Rapid7 InsightVM vs Rapid7 Metasploit

Compared 6% of the time

Nucleus vs Rapid7 Metasploit

Compared 5% of the time

More Rapid7 Metasploit Competitors

Product Reports

Buyer's Guide

Cybersixgill

September 2024

Download Cybersixgill product report

Buyer's Guide

Qualys VMDR

September 2024

Download Qualys VMDR product report

Buyer's Guide

Rapid7 Metasploit

September 2024

Download Rapid7 Metasploit product report

Also Known As

No data available

Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security, Qualys Virtual Scanner Appliance

Metasploit

Learn More

Cybersixgill

Qualys

Rapid7

Overview

Sixgill’s fully automated threat intelligence solutions help organizations fight cyber crime, detect phishing, data leaks, fraud and vulnerabilities as well as amplify incident response in real-time.

Sixgill Investigative Portal empowers security teams with contextual and actionable alerts, along with the ability to conduct real-time, covert investigations:

Powered by the largest data lake of deep and dark web activity
Real-time actionable alerts customized to your organization
Quick deep dive into any escalation in real-time and gain a complete picture to understand the context.
Research threat actors profile, MO and history. Review and analyze across languages, sites, timeframes, types of products, topics, entities and more

Vulnerability Management, Detection, and Response (VMDR) is a cornerstone product of the Qualys TruRisk Platform and a global leader in the enterprise-grade vulnerability management (VM) vendor space. With VMDR, enterprises are empowered with visibility and insight into cyber risk exposure - making it easy to prioritize vulnerabilities, assets, or groups of assets based on business risk. Security teams can take action to mitigate risk, helping the business measure their actual risk exposure over time.

Qualys VMDR offers an all-inclusive risk-based vulnerability management solution to prioritize vulnerabilities and assets based on risk and business criticality. VMDR seamlessly integrates with configuration management databases (CMDB), Qualys Patch Management, Custom Assessment and Remediation (CAR), Qualys TotalCloud and other Qualys and non-Qualys solutions to facilitate vulnerability detection and remediation across the entire enterprise.

With VMDR, users are empowered with actionable risk insights that translate vulnerabilities and exploits into optimized remediation actions based on business impact. Qualys customers can now aggregate and orchestrate data from the Qualys Threat Library, 25+ threat intelligence feeds, and third-party security and IT solutions, empowering organizations to measure, communicate, and eliminate risk across on-premises, hybrid, and cloud environments.

Attackers are always developing new exploits and attack methods—Metasploit penetration testing software helps you use their own weapons against them. Utilizing an ever-growing database of exploits, you can safely simulate real-world attacks on your network to train your security team to spot and stop the real thing.

Sample Customers

Current customers include large enterprises, financial services, manufacturing, GSIs, MSSPs, government and law enforcement entities.

Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx

City of Corpus Christi, Diebold, Lumenate, Nebraska Public Power District, Prairie North Regional Health, Apptio, Automation Direct, Bob's Stores, Cardinal Innovations Healthcare Solutions, Carnegie Mellon University

Buyer's Guide

Vulnerability Management

September 2024

Download Free Report

Find out what your peers are saying about Tenable, Qualys, Wiz and others in Vulnerability Management. Updated: September 2024.

DOWNLOAD NOW

807,366 professionals have used our research since 2012.