
There is nothing more boring than searching for simplicity when it could be provided the simple way...
1 - Rapid7 is a well-established company with more than 12 years in the market.
2 - It is the leader of the industry from the point of view of any true hacker (by hacker I meant genius and not script kiddies).
3 - It was born from the Open Source community and not from the least known person: just take a look at who is HD MOORE.
4 - It offers free versions of their products (with limited features but enough to have an opinion) while Qualys asks you to pay first.
5 - Simplicity of Nexpose comes with very concise, easy to follow instructions: I have not found any simplicity in using Qualys (just go and create groups/assets...).
6 - Full Metasploit integration (if you want to check the relevance of a vulnerability) while no existing tool for Qualys.
7 - Open Source community behind development of some features (particularly for Metasploit) while Qualys is a black box.
8 - Real time on-demand scan while your scans are queued (no comment) in Qualys.
9 - Impressive reports against poor reports on Qualys.
10 - Very good Rapid7 customer support against hum... how can I qualify the Qualys C support? Ok forget it.
11 - Responsiveness to the latest vulnerabilities and ease of implementation of scans (ex: shellshock vuln, why the hell I tried to scan it with Qualys?)
12 - Network information/details stored locally on Nexpose while it is CLOUDED on Qualys (with no access to the database)!!!
Ok, I'll stop here.
In fact, I do not like shadowed security, which is why I will never use nor will trust in a product such as Qualys.
1 - Rapid7 is a well-established company with more than 12 years in the market.
2 - It is the leader of the industry from the point of view of any true hacker (by hacker I meant genius and not script kiddies).
3 - It was born from the Open Source community and not from the least known person: just take a look at who is HD MOORE.
4 - It offers free versions of their products (with limited features but enough to have an opinion) while Qualys asks you to pay first.
5 - Simplicity of Nexpose comes with very concise, easy to follow instructions: I have not found any simplicity in using Qualys (just go and create groups/assets...).
6 - Full Metasploit integration (if you want to check the relevance of a vulnerability) while no existing tool for Qualys.
7 - Open Source community behind development of some features (particularly for Metasploit) while Qualys is a black box.
8 - Real time on-demand scan while your scans are queued (no comment) in Qualys.
9 - Impressive reports against poor reports on Qualys.
10 - Very good Rapid7 customer support against hum... how can I qualify the Qualys C support? Ok forget it.
11 - Responsiveness to the latest vulnerabilities and ease of implementation of scans (ex: shellshock vuln, why the hell I tried to scan it with Qualys?)
12 - Network information/details stored locally on Nexpose while it is CLOUDED on Qualys (with no access to the database)!!!
Ok, I'll stop here.
In fact, I do not like shadowed security, which is why I will never use nor will trust in a product such as Qualys.