• Home
  • Fortinet FortiWeb vs. Qualys VMDR

Fortinet FortiWeb vs Qualys VMDR comparison

Cancel
You must select at least 2 products to compare!
Fortinet Logo
Fortinet FortiWeb
Read 83 Fortinet FortiWeb reviews
9,391 views|6,820 comparisons
88% willing to recommend
Qualys Logo
Qualys VMDR
Read 77 Qualys VMDR reviews
6,806 views|5,195 comparisons
93% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Web Application Firewall (WAF)
May 2024
Executive Summary

We performed a comparison between Fortinet FortiWeb and Qualys VMDR based on real PeerSpot user reviews.

Find out what your peers are saying about Amazon Web Services (AWS), F5, Microsoft and others in Web Application Firewall (WAF).
To learn more, read our detailed Web Application Firewall (WAF) Report (Updated: May 2024).
Download the complete report
772,649 professionals have used our research since 2012.
Featured Review
PawanKumar10
A user-friendly solution that features excellent traffic filtering and reduced false positives
FortiWeb filters a lot of unwanted traffic, which is good for our organization, as it would negatively impact our reputation if this traffic... Read more →
Ruan Kotze
Helped us quickly remediate vulnerabilities thanks to its automation and ease of use
The benefits I've seen are twofold. The biggest benefit is from a security operations perspective, where we are able to drive our security posture... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Also, if you serve files or you accept files with your server, Fortiweb has built-in antivirus. The Fortinet product family also provides good IP intelligence (botnet C&C, etc.).""I like FortiWeb's usability and ease of configuration. It's simple to configure rules and exceptions inside the attack log. We block everything by default. If something isn't working, we ask the system admin to adjust the template and add exceptions.""The most valuable features in Fortinet FortiWeb are sandboxing and threat prevention.""The solution has a very simple deployment.""It is easy to install and to maintain.""The WAF profiles has been effective at mitigating web-based threats.""FortiWeb offers a good price for the marketplace. In the Sri Lankan market, it's hard to find high-end products that can match FortiWeb's pricing. For high-end solutions, the price is always extremely high.""The product has a very user-friendly dashboard."

More Fortinet FortiWeb Pros →

"Monitors workstations and servers for vulnerabilities and creates reports.""Qualys VM had a recent upgrade and the newer version is supporting the cloud.""The most valuable feature is the connection of threat intelligence information with identified vulnerabilities, which means you can prioritize vulnerabilities according to actual attacks.""Performs automated, regular scans in the network.""I find Qualys VM very robust, and it's very useful for vulnerability management and patch management. The value that it brings to my environment is economies of scale. There is no limitation on adding any endpoints. You go by the rule, and it's added once another endpoint is added to our environment. It's automatically installed, and it's less work from our end. It frees up my license automatically if I don't need an endpoint or if my machine is decommissioned. I like the dashboard displays because I don't see any duplication. The most important part is vulnerability management and prioritization. Unlike Symantec, it shows the kind of vulnerability I would want to patch first. It provides a holistic view of the kind of vulnerabilities and the ones I should remediate first. I don't have to do a scan; it just brings up those critical kinds of vulnerabilities like zero-day vulnerabilities and tells me to prioritize them. You have to prioritize these vulnerabilities first and go on with the rest. The dashboard shows me the ones that have been fixed, so I don't have to complete an aging report. The user experience and the graphical interface are good. As it's user-friendly and understandable on an executive level, it brings real value. We also use this solution because it's robust and flexibile.""I find the most valuable features are the continuous monitoring. Even on premises, there is constant monitoring.""It is quite easy to implement.""We also like the flexibility in their licensing."

More Qualys VMDR Pros →

Cons
"Lacks functionalities that are available in other solutions.""The initial setup is complex.""We have had problems with deployments where we've had to contact technical support to resolve them.""They could improve their support a little bit for faster response time.""I know that we have run into some issues with an SSL certificate and how it functions. Sometimes this breaks connectivity or just limits certain websites that are whitelisted.""I would like to see the Application Delivery Control (ADC) and Web Application Firewall (WAF) combined in one device.""The dashboard evaluating the performance of each application connected to the web app's firewall is quite helpful, but the tool is only available in application performance management. So I think if Fortinet could better integrate that particular feature, it would add a lot of value to the product.""HA Architecture needs improvement. I would improve it by working on AP HA."

More Fortinet FortiWeb Cons →

"There's a need to upgrade or fix the potential vulnerability rate. Around 20,000 potential vulnerabilities were showing in Qualys VMDR, but none of the other tools showed them. When we checked, it wasn't the case. Support explained that even small issues were being counted as vulnerabilities, causing issues in our audit. So, the security features could be improved to identify vulnerabilities accurately.""This solution could be improved by extending the agent capabilities to different operating systems including Mac and Linux. We would also like the capability to easily check for vulnerability in assets in the IOTs.""It's not very user-friendly at times and requires in-depth understanding. So, a layman or someone new to Qualys won't be able to easily understand it. You need education to use the solution.""I would like to have CSPM, a continuous scan-like cloud added to the solution.""They should make it accessible for more operating systems.""Could use additional security for the app.""Improve the user interface.""The reporting in this solution can be improved."

More Qualys VMDR Cons →

Pricing and Cost Advice
  • "Cheaper than others."
  • "FortiWeb can be purchased in VM mode for a lower price and the same features."
  • "Keep a loose margin between your actual bandwidth and the product sizing when using hardware appliances. Only virtual machines are upgradable to larger sizes."
  • "​It really pays off to buy licences for multiple years​."
  • "​The pricing is reasonable."
  • "The license cost depends on the size of the box or the size of the solution. It can go from €200 Euros to a few hundred thousand Euros a year depending on your size."
  • "The solution gives us the best price to performance ratio."
  • "The costs are standard. We pay around $1,600 yearly."

    • More Fortinet FortiWeb Pricing and Cost Advice →

  • "Usually every implementation is different and the quote is in function of number of assets."
  • "When you want to cover yourself for scalability, you will be charged for the number you place on the scan itself."
  • "It is more expensive than other products on the market."
  • "They have recently changed the pricing model, which is now better than it was before."
  • "It is different for every company, but for us, it's every three years."
  • "Qualys is cheaper and more affordable than other solutions."
  • "The pricing and licensing for Qualys could be improved."
  • "The license is on a yearly basis."

    • More Qualys VMDR Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
    See Recommendations
    772,649 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about Fortinet FortiWeb?
    Top Answer:The WAF profiles has been effective at mitigating web-based threats.
    Read all 48 answers   →
    What is your experience regarding pricing and costs for Fortinet FortiWeb?
    Top Answer:The pricing is in the middle. I would rate the pricing a five out of ten. It feels like a justified cost for the features, but it might get more expensive in the future. Also, keep in mind that Check… more »
    Read all 38 answers   →
    What needs improvement with Fortinet FortiWeb?
    Top Answer:I'd like more customization. I'm not sure if everyone would agree, as it might add complexity. But for advanced users, it would be really useful to have access and the ability to manipulate packets… more »
    Read all 48 answers   →
    What is your primary use case for Qualys VM?
    Top Answer:Qualys VM is used for vulnerability scans for the internet and applications using application exchange. There are many applications. We also use the solution for asset management per team, and the… more »
    Read all 36 answers   →
    What do you like most about Qualys VMDR?
    Top Answer:I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagging system is good for tagging. We can still use QualysAgent task ID tools even if… more »
    Read all 57 answers   →
    What is your experience regarding pricing and costs for Qualys VMDR?
    Top Answer:We have an annual contract for Qualys VMDR. I believe it's for either two years or five years.
    Read all 34 answers   →
    Ranking
    4th
    out of 82 in Web Application Firewall (WAF)
    Views
    9,391
    Comparisons
    6,820
    Reviews
    22
    Average Words per Review
    754
    Rating
    7.7
    3rd
    out of 39 in Risk-Based Vulnerability Management
    Views
    6,806
    Comparisons
    5,195
    Reviews
    27
    Average Words per Review
    426
    Rating
    8.0
    Comparisons
    Also Known As
    Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security, Qualys Virtual Scanner Appliance
    Learn More
    Fortinet
    Qualys
    Overview

    Fortinet FortiWeb is a Web Application Firewall (WAF) that protects your web applications and APIs from attacks targeting known as well as unknown vulnerabilities. As the surface of your web applications evolves with each change of existing features and deployment of new features, your APIs are left exposed. Fortinet FortiWeb provides the board protection capabilities required to protect web applications without sacrificing performance or manageability.

    Fortinet FortiWeb is an automatic, advanced multi-layer solution that provides secure protection by discerning irregular behavior and distinguishing between malicious and benign anomalies. In addition, the approach delivers powerful bot mitigation capacities which authorize harmless bots to connect while blocking malicious bot activity securely. Regardless of where an application is hosted, Fortinet FortiWeb will safeguard business applications by providing deployment options, such as virtual machines, hardware appliances, and containers that can be deployed in the data center, cloud environments, or in the cloud-native SaaS solution.

    Fortinet FortiWeb Features and Benefits

    APIs and web applications have become integral to the rising demand for business-critical applications. Now more than ever, businesses are in need of an automatic firewall that will provide them with security, without sacrificing performance or reliability. Fortinet FortiWeb offers a variety of features and benefits, including:

    • Security fabric integration: FortiWeb integrates with other Fortinet solutions to provide advanced protection from persistent threats.

    • Proven web application and API protection: FortiWeb safeguards applications from all DDOS attacks, malicious bot attacks, and OWASP Top-10 threats.

    • Advanced visual analytics: FortiWeb offers a unique visual reporting tool that other WAF solutions don’t by providing a detailed analysis of attack elements and sources.

    • Hardware-based acceleration: With fast and secure traffic encryption and decryption, FortiWeb provides best-in-class WAF protection.

    • ML-based threat detection: FortiWeb delivers multi-layer machine learning defense protection to defend against zero-day attacks and reduce false positives.

    • False positive mitigation tools: Reduce daily management of policies through advanced tools to guarantee only unwanted traffic is blocked.

    Reviews from Real Users

    Fortinet FortiWeb offers an industry-leading Web Application Firewall, and users are satisfied with it for a number of reasons, including the ability to control everything from the dashboard and the PCI-compliant reports it offers.

    Carlos P., director of business and digital transformation at SERNIVEL3, notes, "You have the ability to control everything from one single dashboard."

    A director at a tech service company, says, "Banks have to be compliant with PCI and other things, and FortiWeb is absolutely amazing in terms of providing these reports. Otherwise, they will have to spend a lot of time on them."

    Vulnerability Management, Detection, and Response (VMDR) is a cornerstone product of the Qualys TruRisk Platform and a global leader in the enterprise-grade vulnerability management (VM) vendor space. With VMDR, enterprises are empowered with visibility and insight into cyber risk exposure - making it easy to prioritize vulnerabilities, assets, or groups of assets based on business risk. Security teams can take action to mitigate risk, helping the business measure their actual risk exposure over time. 

    Qualys VMDR offers an all-inclusive risk-based vulnerability management solution to prioritize vulnerabilities and assets based on risk and business criticality. VMDR seamlessly integrates with configuration management databases (CMDB), Qualys Patch Management, Custom Assessment and Remediation (CAR), Qualys TotalCloud and other Qualys and non-Qualys solutions to facilitate vulnerability detection and remediation across the entire enterprise.

    With VMDR, users are empowered with actionable risk insights that translate vulnerabilities and exploits into optimized remediation actions based on business impact. Qualys customers can now aggregate and orchestrate data from the Qualys Threat Library, 25+ threat intelligence feeds, and third-party security and IT solutions, empowering organizations to measure, communicate, and eliminate risk across on-premises, hybrid, and cloud environments.

    Sample Customers
    Lush, Barnabas Health, Options, Riverside Healthcare, Hillsbourough County Schools, Columbia Public Schools, Schiller AG
    Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx
    Top Industries
    REVIEWERS
    Financial Services Firm24%
    Comms Service Provider20%
    Computer Software Company17%
    Government10%
    VISITORS READING REVIEWS
    Educational Organization38%
    Computer Software Company12%
    Financial Services Firm7%
    Comms Service Provider6%
    REVIEWERS
    Financial Services Firm19%
    Comms Service Provider15%
    Manufacturing Company15%
    Transportation Company11%
    VISITORS READING REVIEWS
    Educational Organization33%
    Computer Software Company11%
    Financial Services Firm11%
    Manufacturing Company6%
    Company Size
    REVIEWERS
    Small Business49%
    Midsize Enterprise22%
    Large Enterprise28%
    VISITORS READING REVIEWS
    Small Business18%
    Midsize Enterprise48%
    Large Enterprise34%
    REVIEWERS
    Small Business19%
    Midsize Enterprise12%
    Large Enterprise69%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise41%
    Large Enterprise43%
    Buyer's Guide
    Web Application Firewall (WAF)
    May 2024
    Download Free Report
    Find out what your peers are saying about Amazon Web Services (AWS), F5, Microsoft and others in Web Application Firewall (WAF). Updated: May 2024.
    DOWNLOAD NOW
    772,649 professionals have used our research since 2012.

    Fortinet FortiWeb is ranked 4th in Web Application Firewall (WAF) with 83 reviews while Qualys VMDR is ranked 3rd in Risk-Based Vulnerability Management with 77 reviews. Fortinet FortiWeb is rated 8.0, while Qualys VMDR is rated 8.2. The top reviewer of Fortinet FortiWeb writes "Cost-effective, easy to configure, and works very well as a single solution for multiple environments". On the other hand, the top reviewer of Qualys VMDR writes "Good visibility but expensive and needs better support". Fortinet FortiWeb is most compared with F5 Advanced WAF, Fortinet FortiADC, AWS WAF, Azure Web Application Firewall and Imperva Web Application Firewall, whereas Qualys VMDR is most compared with Tenable Nessus, Tenable Security Center, Rapid7 InsightVM, Microsoft Defender Vulnerability Management and Tenable Vulnerability Management.

    We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.