We performed a comparison between Qualys VMDR and Vectra AI based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Qualys, Rapid7 and others in Risk-Based Vulnerability Management."Qualys VM's most valuable feature is automatic detection."
"The initial setup is straightforward."
"The biggest benefit is from a security operations perspective, where we are able to drive our security posture upwards by remediating any discovered vulnerabilities."
"Great web application security for scanning."
"Detects new hosts along with vulnerabilities."
"This solution gives us insight into our environment and improves our security. It helps us to maintain a good patching system whereby we know that XYZ is vulnerable within the system."
"What I like about Qualys VM is the dashboard presentation. It's very good."
"It's a good product. After the scan our internet works well. It scans our security posture."
"The key feature for me for Detect for Office 365 is that it can also concentrate all the information and detection at one point, the same as the network solution does. This is the key feature for me because, while accessing data from Office 365 is possible using Microsoft interfaces, they are not really user-friendly and are quite confusing to use. But Detect for Office 365 is aggregating all the info, and it's only the interesting stuff."
"The solution is currently used as a central threat detection and response system."
"It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low. So, the labor hour overhead is probably our largest benefit from it. We spend 99% of our time in Vectra investigating cases, responding to incidents, or hunting, and only around 1% of our time is spent patching, troubleshooting, or doing anything else. That's our largest benefit from Vectra."
"The UI is easy to use and when we send detection to everybody, they easily understand what we are asking at the time."
"It provides various dashboards that facilitate the identification of connections and can detect data exfiltration, meaning data sent from your environment to another."
"The solution provide visibility into behaviors across the full lifecycle of an attack in our network, beyond just the Internet gateway. It makes our security operations much more effective because we are now looking not just at traffic on the border, but we're looking at east-west internal traffic. Now, not only will we see if an exploit kit is being downloaded, but we would be able to see then if that exploit kit was then laterally distributed into our environment."
"The solution's ability to reduce alerts, by rolling up numerous alerts to create a single incident or campaign, helps in that it collapses all the events to a particular host, or a particular detection to a set of hosts. So it doesn't generate too many alerts. By and large, whatever alerts it generates are actionable, and actionable within the day."
"It's important for us that the user interface is easy to understand and that is the biggest benefit we see from Vectra AI."
"When tested on Zero day, there were errors."
"One of the biggest issues from the clients' perspective is that all Qualys computing is on the cloud."
"Qualys should improve their customer experience. They need to improve the tech support experience and the turnaround time."
"The reporting in this solution can be improved."
"Qualys currently does not have any features for scanning SCADA, IoT, and Industrial Control Systems."
"Finding things in management can be quite difficult."
"Qualys VM's scanner doesn't pick up every vulnerability, so we have to use multiple scanners to cover that gap."
"It is a struggle to be able to pull our report and to be able to do onboarding using automated tools."
"I'd like to be able to get granular reports and to be able to output them into formats that are customizable and more useful. The reporting GUI is lacking."
"For S&D account scans, it would be easier if Vectra AI could triage with users. If a client uses a lot of accounts, then it could indicate that these accounts are benign, for example. That would help a lot."
"The UI/UX and detection could be improved. More detections of specific security events could be useful. We've had a few incidents that were not detected by Vectra. The teams are working on it right now, but more detection is always better."
"The solution's marketing is not good."
"Other alternatives, like Darktrace, have a fancier UI."
"What is most important for us is to have one place where we can manage a few brains because we are based on a zero-trust network. As a result, each customer needs to have a separate brain. For the SOC team, we need to have one place where the SOC analyst can go to visit the website and from that site manage all of the customers. Right now, Vectra AI doesn't have this capability, and I would really like to have this feature."
"One area where there's room for improvement is the absence of a comprehensive TCP recording and replay feature."
"It would be commercially beneficial if Vectra AI had something like Darktrace's Antigena Email or something similar to email protection."
Qualys VMDR is ranked 3rd in Risk-Based Vulnerability Management with 77 reviews while Vectra AI is ranked 2nd in Intrusion Detection and Prevention Software (IDPS) with 42 reviews. Qualys VMDR is rated 8.2, while Vectra AI is rated 8.6. The top reviewer of Qualys VMDR writes "Good visibility but expensive and needs better support". On the other hand, the top reviewer of Vectra AI writes "Integrates well with other security solutions and provides good technical support". Qualys VMDR is most compared with Tenable Nessus, Tenable Security Center, Rapid7 InsightVM, Microsoft Defender Vulnerability Management and Tenable Vulnerability Management, whereas Vectra AI is most compared with Darktrace, ExtraHop Reveal(x), Cisco Secure Network Analytics, Arista NDR and Corelight.
We monitor all Risk-Based Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.