Try our new research platform with insights from 80,000+ expert users

Qualys VMDR vs Rapid7 Metasploit comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Ranking in Vulnerability Management
27th
Average Rating
9.6
Reviews Sentiment
8.1
Number of Reviews
2
Ranking in other categories
Continuous Threat Exposure Management (CTEM) (6th)
Qualys VMDR
Ranking in Vulnerability Management
2nd
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
93
Ranking in other categories
IT Asset Management (5th), Configuration Management Databases (2nd), Container Security (12th), Risk-Based Vulnerability Management (2nd)
Rapid7 Metasploit
Ranking in Vulnerability Management
20th
Average Rating
7.8
Reviews Sentiment
7.1
Number of Reviews
21
Ranking in other categories
No ranking in other categories
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
Harold Jensen - PeerSpot reviewer
Good visibility but expensive and needs better support
Support: It's often overseas and often following a script, basically asking us to redo what we opened the case with. Multiple APIs: There seems to be a lack of easy onboarding into Qualys. We had to use manual inputs and some API calls to get items in place. Dashboard: It is very rudimentary with very little customization. The Qualys Scripting Language (QSL) works differently in different Qualys modules, so when you get it working in one area you have to modify the syntax in others. User account management: We often have to give users more rights than needed just to give them what they need. Integration with the various Qualys Modules: You can tell the UI is different based on of the different teams that created them. QSL syntax same in all modules Responsiveness of some of the components: They time out, you get a blank screen, etc. Backend updates between the various modules: You update connectors and information takes a few minutes to show in VMDR or Global Asset View Connectors: Connectors have a throttling issue with AWS which causes them to frequently fail unless you manually run them again.
Mani Bommisetty - PeerSpot reviewer
Comprehensive insights with robust vulnerability detection and streamlined alert management
Rapid7 has a significant advantage in providing a clear picture of my environment. It provides insight and incident detection response capabilities. When deployed with the same agent in servers or endpoints, it identifies vulnerabilities and monitors data transmission to external sources. Rapid7 offers comprehensive features within one platform, eliminating the need to integrate multiple tools to see all alerts in one place.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran has become an indispensable tool in our cybersecurity arsenal."
"Zafran is an excellent tool."
"The initial setup is straightforward."
"Qualys VM is very stable."
"This solution gives us insight into our environment and improves our security. It helps us to maintain a good patching system whereby we know that XYZ is vulnerable within the system."
"The integrations for this solution are very good. I use a different product for virtual patching of vulnerabilities and Qualys integrates well with that product."
"The reporting is fine."
"Qualys VM's most valuable feature is automatic detection."
"The biggest benefit is from a security operations perspective, where we are able to drive our security posture upwards by remediating any discovered vulnerabilities."
"It's really beneficial for scanning and interacting with the agent."
"When I compare Metasploit with Nessus, I find that Metasploit is faster and it does not burden the system as much."
"Rapid7 Metasploit is a useful product."
"It is scalable. It's in line with our needs."
"I don't have any other tools like it, and I always use it when I'm doing a pen test. Metasploit is a great solution for penetration testing,"
"The Search Engineering feature is good."
"The most valuable features of the solution are the scripts, the modules, and the tools that the Rapid7 Metasploit framework has."
"I would definitely recommend Metasploit to others."
"The most valuable features of Metasploit include its powerful capabilities for exploitation and scanning."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"Make some minimal dashboard improvements."
"They should make it accessible for more operating systems."
"Integration could be better. When you think about scanning, it's not used just with this product alone but with other Qualys products. If you think about the bundle, the product itself is good. But integration with other products and packages has space for improvement. They should also offer a better price for bundles."
"If anything, I would like to see the user interface modernized a bit more."
"The ability to manage user accounts and give rights to the operator to know about abnormalities of applications is something that needs improvement."
"There's a need to upgrade or fix the potential vulnerability rate. Around 20,000 potential vulnerabilities were showing in Qualys VMDR, but none of the other tools showed them. When we checked, it wasn't the case. Support explained that even small issues were being counted as vulnerabilities, causing issues in our audit. So, the security features could be improved to identify vulnerabilities accurately."
"This solution could be improved by extending the agent capabilities to different operating systems including Mac and Linux. We would also like the capability to easily check for vulnerability in assets in the IOTs."
"Qualys could improve the inbuilt dashboards."
"I think areas with shortcomings that need improvement are more integration and automation."
"Rapid7 Metasploit can add a GUI feature because it is only available online."
"Support is another area where improvement is needed, particularly for assisting non-security users."
"We'd like them to offer better coverage of malware."
"It is necessary to add some training materials and a tutorial for beginners."
"The reporting feature needs improvement."
"There are numerous outdated exploits in their database that should be updated."
"The solution should improve the responsiveness of its live technical support."
 

Pricing and Cost Advice

Information not available
"Qualys is cheaper and more affordable than other solutions."
"There are no additional fees in addition to the standard licensing fees."
"Qualys VM is reasonably priced."
"The solution is expensive."
"The tool's pricing is expensive and I would rate the pricing a seven out of ten."
"Qualys is a pay-as-you-go model, so there's flexibility to the pricing."
"It's very expensive, especially if you want to use multiple modules of Qualys."
"Qualys VM is better suited for medium to large companies because the price can be too much for smaller customers."
"The great advantage with Rapid7 Metasploit, of course, is that it's free."
"There are two versions available, one of which is the Pro version, and the other is the free version."
"I have used the free version of Rapid7 Metasploit."
"The cost is approximately $15 per device."
"Rapid7 Metasploit is cheaper than Tenable.io Vulnerability Management."
"The pricing structure involves a one-time purchase cost of approximately twenty thousand dollars or euros for all customers."
"It is expensive. Our license expired, and our company is not thinking to renew because of our budget."
"I use the open-source version of this product. Pricing is not relevant."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
12%
Manufacturing Company
6%
Retailer
6%
Educational Organization
36%
Financial Services Firm
10%
Computer Software Company
10%
Manufacturing Company
5%
Computer Software Company
18%
Financial Services Firm
10%
Manufacturing Company
10%
Educational Organization
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
Pricing for Zafran Security is not expensive. We have a contract for five years, and the cost is lower than other too...
What needs improvement with Zafran Security?
I would like to see an integration with Check Point firewalls. It's essential for us and they are currently working o...
What is your primary use case for Zafran Security?
We use Zafran Security for threat prioritization. We establish priority to understand which risks should be patched o...
What do you like most about Qualys VMDR?
I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagg...
What is your experience regarding pricing and costs for Qualys VMDR?
Qualys offers better pricing and is feature-packed compared to other tools.
What needs improvement with Qualys VMDR?
They can tweak their UI since the new version seems a bit jumbled up, and the old UI was more user-friendly.
What do you like most about Rapid7 Metasploit?
I use Rapid7 Metasploit for payload generation and Post-Exploitation.
What is your experience regarding pricing and costs for Rapid7 Metasploit?
Metasploit is cheaper than Nessus and offers a more robust community edition that provides a good experience for stud...
What needs improvement with Rapid7 Metasploit?
While Metasploit excels in vulnerability assessment, it could improve in vulnerability management. Nessus currently h...
 

Also Known As

No data available
Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security
Metasploit
 

Overview

 

Sample Customers

Information Not Available
Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx
City of Corpus Christi, Diebold, Lumenate, Nebraska Public Power District, Prairie North Regional Health, Apptio, Automation Direct, Bob's Stores, Cardinal Innovations Healthcare Solutions, Carnegie Mellon University
Find out what your peers are saying about Qualys VMDR vs. Rapid7 Metasploit and other solutions. Updated: March 2025.
845,040 professionals have used our research since 2012.