Try our new research platform with insights from 80,000+ expert users

Ivanti Neurons for RBVM vs Qualys VMDR vs Rapid7 Metasploit comparison

 

Comparison Buyer's Guide

Executive Summary
 

Mindshare comparison

As of December 2024, in the Vulnerability Management category, the mindshare of Ivanti Neurons for RBVM is 0.3%, down from 0.5% compared to the previous year. The mindshare of Qualys VMDR is 11.4%, down from 13.5% compared to the previous year. The mindshare of Rapid7 Metasploit is 1.9%, up from 1.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management
 

Featured Reviews

Anon127 - PeerSpot reviewer
Useful for vulnerability management with many integrations
We use RiskSense for vulnerability management, and we have many integrations.  The solution is deployed on cloud. We use this solution daily. There are more than 200 people using this solution in my organization Most of the features are similar to what other tools have, but the UIs are quite user…
Harold Jensen - PeerSpot reviewer
Good visibility but expensive and needs better support
Support: It's often overseas and often following a script, basically asking us to redo what we opened the case with. Multiple APIs: There seems to be a lack of easy onboarding into Qualys. We had to use manual inputs and some API calls to get items in place. Dashboard: It is very rudimentary with very little customization. The Qualys Scripting Language (QSL) works differently in different Qualys modules, so when you get it working in one area you have to modify the syntax in others. User account management: We often have to give users more rights than needed just to give them what they need. Integration with the various Qualys Modules: You can tell the UI is different based on of the different teams that created them. QSL syntax same in all modules Responsiveness of some of the components: They time out, you get a blank screen, etc. Backend updates between the various modules: You update connectors and information takes a few minutes to show in VMDR or Global Asset View Connectors: Connectors have a throttling issue with AWS which causes them to frequently fail unless you manually run them again.
Aqeel Junaid - PeerSpot reviewer
Helps find vulnerabilities in a system to determine whether the system needs to be upgraded
The solution's exploit development functionality was easy to use and had all the scenarios I could use to run my security assessment. Since the solution has been updated regarding new malware, it gives data protection for security professionals. Rapid7 Metasploit is a good exploit tool, and users need to know what they're doing while using the solution. The solution provides perfect effectiveness in simulating real-world attacks for training purposes. Overall, I rate the solution a nine out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Most of the features are similar to what other tools have, but the UIs are quite user friendly. A beginner could use it."
"Continuous monitoring is a crucial feature that we use more frequently."
"The most recent is VMDR, which provides a comprehensive overview of how to detect, patch, and remediate specific vulnerabilities."
"The prioritization feature is great. I think it has all of the advanced features that we need."
"Overall, the solution is highly rated because of its simplicity and efficiency."
"The platform's most valuable features include its robust vulnerability detection capabilities and automated remediation workflows."
"It allowed us to divide tasks easily among teammates, significantly improving efficiency."
"Vulnerability management is the most valuable one and it’s a must in every organization."
"It gives a very good overview of the inventory assessment process, and it can be accessed across our company because it's a global tool."
"Stability-wise, I rate the solution a nine out of ten...Scalability-wise, I rate the solution a nine out of ten."
"Rapid7 Metasploit is a useful product."
"It contains almost all the available exploits and payloads."
"The most valuable features of the solution are the scripts, the modules, and the tools that the Rapid7 Metasploit framework has."
"The most valuable feature for us is the support for testing Linux-based web server components."
"The option to generate phishing emails has proven to be very valuable in understanding the behavior of users."
"The Search Engineering feature is good."
"The reporting on the solution is good."
 

Cons

"I would also like to see more integrations, plugins, and user-friendly automation, similar to the multiple integration scripts that Rapid7 has."
"Sometimes the scanning can get overwhelmed and start to drag when a lot of users are trying to scan at once."
"The price could be better. Asset view is still a legacy feature. I'm not able to extract the information about the asset with complete details. It would be better if they fixed that in the next release. I know Qualys is already working on it, so I'm hopeful it will be available in the next five or six months. That would be something that's changed where I seek improvement."
"They have integrated with other third parties, but it is still not viable."
"Qualys VMDR identifies vulnerabilities and suggests fixes. However, it does not automate patching unless the patch management module is purchased separately."
"I do not like that all of the data is stored on the cloud."
"They're still evolving their platform in terms of reporting capabilities."
"Some of the older features could be polished instead of focusing on releasing new features."
"The reporting and dashboards could improve in Qualys VM. However, they have improved since the previous versions."
"If your company's patch is not up to date, but you have other detection or defense solutions such as endpoint detection and response and antivirus software, the product exploit may not work effectively. This is because its exploit database update process is slow and not real-time. For zero-day vulnerabilities or new security threats, relying on Rapid7 Metasploit alone may not be effective."
"The open-source version has reporting limitations. You need to develop these capabilities yourself. Built-in reporting is an excellent feature for penetration testing, but it isn't a must-have. The solution could also cover more vulnerabilities. Metasploit has around 10,000 exploits in its library, but more is always better."
"The solution is not very scalable, it does not provide any automation to be able to scale it."
"The initial setup was a bit "tweaky" for the open-source version."
"The solution is not user-friendly and has room for improvement."
"It is necessary to add some training materials and a tutorial for beginners."
"Metasploit cannot be installed on a machine with an antivirus."
"Better automation capabilities would be an improvement."
 

Pricing and Cost Advice

Information not available
"In Nigerian Naira, we spend about roughly four to five million to use this solution and this is expensive compared to solutions like Nessus."
"I used to work there, so I never paid for the product. As an employee, we get a lifetime license for personal use, and that's what I'm using. It is a comprehensive platform, so there is a lot more to it. There could be other solutions that are probably a little bit cheaper, but it depends on what people need. Different people have different needs. It offers many things on the same platform. If you add all the things up, it should be cheaper, but I have not done any analysis specifically."
"They have recently changed the pricing model, which is now better than it was before."
"Qualys is a pay-as-you-go model, so there's flexibility to the pricing."
"Qualys is cheaper and more affordable than other solutions."
"It is different for every company, but for us, it's every three years."
"Qualys VM is quite expensive. It's a subscription-based license, and it's yearly. Right now, it's open for me, and I don't have any limitations or caps on the licenses. They are seeing if the product is viable for 4500 users. I can add as much as I want, and at the end of the subscription, they'll let me know how many licenses were actually used and bill me accordingly. On a scale from one to five, I would give their pricing a three. It's still expensive."
"It is more expensive than other products on the market."
"It is a reasonably priced solution. I would rate it from five out of ten."
"I use the open-source version of this product. Pricing is not relevant."
"We pay monthly. The pricing is reasonable."
"Rapid7 Metasploit is an open-source solution."
"The great advantage with Rapid7 Metasploit, of course, is that it's free."
"I have used the free version of Rapid7 Metasploit."
"The pricing structure involves a one-time purchase cost of approximately twenty thousand dollars or euros for all customers."
"It is expensive. Our license expired, and our company is not thinking to renew because of our budget."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
824,168 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Manufacturing Company
13%
Financial Services Firm
9%
Healthcare Company
7%
Educational Organization
36%
Computer Software Company
11%
Financial Services Firm
10%
Manufacturing Company
6%
Computer Software Company
19%
Financial Services Firm
10%
Manufacturing Company
9%
Educational Organization
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Ask a question
Earn 20 points
What is your primary use case for Qualys VM?
Qualys VM is used for vulnerability scans for the internet and applications using application exchange. There are man...
What do you like most about Qualys VMDR?
I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagg...
What is your experience regarding pricing and costs for Qualys VMDR?
For smaller enterprises, the pricing is on the pricier side. However, for larger enterprises, it's considered okay. I...
What do you like most about Rapid7 Metasploit?
I use Rapid7 Metasploit for payload generation and Post-Exploitation.
What is your experience regarding pricing and costs for Rapid7 Metasploit?
I am not very sure about the pricing. It falls into an intermediate range. However, I am not involved with the partit...
What needs improvement with Rapid7 Metasploit?
The database is not always updated with the latest vulnerabilities or zero-day exploits. If a vulnerability arises a ...
 

Also Known As

RiskSense
Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security, Qualys Virtual Scanner Appliance
Metasploit
 

Overview

 

Sample Customers

Care First, City of Alburquerque, Electric Company El Paso, State of Arizona, Washington Gas
Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx
City of Corpus Christi, Diebold, Lumenate, Nebraska Public Power District, Prairie North Regional Health, Apptio, Automation Direct, Bob's Stores, Cardinal Innovations Healthcare Solutions, Carnegie Mellon University
Find out what your peers are saying about Tenable, Qualys, Wiz and others in Vulnerability Management. Updated: November 2024.
824,168 professionals have used our research since 2012.