We performed a comparison between Fortinet FortiWeb and Qualys VMDR based on real PeerSpot user reviews.
Find out what your peers are saying about Amazon Web Services (AWS), F5, Microsoft and others in Web Application Firewall (WAF)."Also, if you serve files or you accept files with your server, Fortiweb has built-in antivirus. The Fortinet product family also provides good IP intelligence (botnet C&C, etc.)."
"I like FortiWeb's usability and ease of configuration. It's simple to configure rules and exceptions inside the attack log. We block everything by default. If something isn't working, we ask the system admin to adjust the template and add exceptions."
"The most valuable features in Fortinet FortiWeb are sandboxing and threat prevention."
"The solution has a very simple deployment."
"It is easy to install and to maintain."
"The WAF profiles has been effective at mitigating web-based threats."
"FortiWeb offers a good price for the marketplace. In the Sri Lankan market, it's hard to find high-end products that can match FortiWeb's pricing. For high-end solutions, the price is always extremely high."
"The product has a very user-friendly dashboard."
"Monitors workstations and servers for vulnerabilities and creates reports."
"Qualys VM had a recent upgrade and the newer version is supporting the cloud."
"The most valuable feature is the connection of threat intelligence information with identified vulnerabilities, which means you can prioritize vulnerabilities according to actual attacks."
"Performs automated, regular scans in the network."
"I find Qualys VM very robust, and it's very useful for vulnerability management and patch management. The value that it brings to my environment is economies of scale. There is no limitation on adding any endpoints. You go by the rule, and it's added once another endpoint is added to our environment. It's automatically installed, and it's less work from our end. It frees up my license automatically if I don't need an endpoint or if my machine is decommissioned. I like the dashboard displays because I don't see any duplication. The most important part is vulnerability management and prioritization. Unlike Symantec, it shows the kind of vulnerability I would want to patch first. It provides a holistic view of the kind of vulnerabilities and the ones I should remediate first. I don't have to do a scan; it just brings up those critical kinds of vulnerabilities like zero-day vulnerabilities and tells me to prioritize them. You have to prioritize these vulnerabilities first and go on with the rest. The dashboard shows me the ones that have been fixed, so I don't have to complete an aging report. The user experience and the graphical interface are good. As it's user-friendly and understandable on an executive level, it brings real value. We also use this solution because it's robust and flexibile."
"I find the most valuable features are the continuous monitoring. Even on premises, there is constant monitoring."
"It is quite easy to implement."
"We also like the flexibility in their licensing."
"Lacks functionalities that are available in other solutions."
"The initial setup is complex."
"We have had problems with deployments where we've had to contact technical support to resolve them."
"They could improve their support a little bit for faster response time."
"I know that we have run into some issues with an SSL certificate and how it functions. Sometimes this breaks connectivity or just limits certain websites that are whitelisted."
"I would like to see the Application Delivery Control (ADC) and Web Application Firewall (WAF) combined in one device."
"The dashboard evaluating the performance of each application connected to the web app's firewall is quite helpful, but the tool is only available in application performance management. So I think if Fortinet could better integrate that particular feature, it would add a lot of value to the product."
"HA Architecture needs improvement. I would improve it by working on AP HA."
"There's a need to upgrade or fix the potential vulnerability rate. Around 20,000 potential vulnerabilities were showing in Qualys VMDR, but none of the other tools showed them. When we checked, it wasn't the case. Support explained that even small issues were being counted as vulnerabilities, causing issues in our audit. So, the security features could be improved to identify vulnerabilities accurately."
"This solution could be improved by extending the agent capabilities to different operating systems including Mac and Linux. We would also like the capability to easily check for vulnerability in assets in the IOTs."
"It's not very user-friendly at times and requires in-depth understanding. So, a layman or someone new to Qualys won't be able to easily understand it. You need education to use the solution."
"I would like to have CSPM, a continuous scan-like cloud added to the solution."
"They should make it accessible for more operating systems."
"Could use additional security for the app."
"Improve the user interface."
"The reporting in this solution can be improved."
Fortinet FortiWeb is ranked 4th in Web Application Firewall (WAF) with 83 reviews while Qualys VMDR is ranked 3rd in Risk-Based Vulnerability Management with 77 reviews. Fortinet FortiWeb is rated 8.0, while Qualys VMDR is rated 8.2. The top reviewer of Fortinet FortiWeb writes "Cost-effective, easy to configure, and works very well as a single solution for multiple environments". On the other hand, the top reviewer of Qualys VMDR writes "Good visibility but expensive and needs better support". Fortinet FortiWeb is most compared with F5 Advanced WAF, Fortinet FortiADC, AWS WAF, Azure Web Application Firewall and Imperva Web Application Firewall, whereas Qualys VMDR is most compared with Tenable Nessus, Tenable Security Center, Rapid7 InsightVM, Microsoft Defender Vulnerability Management and Tenable Vulnerability Management.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.