Rapid7 InsightVM Review

A stable enterprise solution that can automatically detect new devices and scan them for vulnerabilities

What is our primary use case?

We are system integrators. Our clients normally use it to detect vulnerabilities in terms of a lack of patches in certain systems and databases. Its console can be installed on-premise or on the Rapid7 data center.

What is most valuable?

When you connect any new device to the network, Rapid7 has the ability to detect the new device immediately. It can scan that device to detect if it has any vulnerability. 

It tells you what is vulnerable and what has been misconfigured. It also tells you what is the risk of that misconfiguration or lack of patches and how to resolve the problem.

What needs improvement?

In terms of improvements, its price could be better. Our main issue with Rapid7 is that it is too expensive. You can only sell it to enterprise accounts. 

In terms of new features, Rapid7 came up with a product called InsightIDR a couple of years ago, which is a good SIEM solution. We expect that Rapid7 will work on some sort of integration between InsightVM and InsightIDR, where vulnerability or anomaly detected by InsightVM can be reported in InsightIDR in some sort of real-time.

Rapid7 doesn't patch. For example, if you have a vulnerability, some products can scan and also do the patching, but Rapid7 does not do the patching. It would be nice if it can also patch.

For how long have I used the solution?

We have been working with this solution for the last three years or so. 

What do I think about the stability of the solution?

It has been stable. There is nothing that has caused any major damage to our customers. Normally, what happens is that when something goes wrong, the customer normally blames the tool first before admitting that they touched something or whatever the case may be.

What do I think about the scalability of the solution?

We have a couple of customers with various company sizes, and we haven't had any scalability issues. Rapid7 is pretty much an enterprise solution. We're talking about customers with more than 1500 nodes to scan.

How are customer service and technical support?

Their technical support is very good.

How was the initial setup?

I don't handle the installation, but it was not difficult to implement. The basic setup took us about four days or so.

Normally, for a product like this, the complexity of implementation is proportional to the size of the infrastructure that is going to be scanned and also how heterogeneous it is. An enterprise product like this is not like using a coffee maker. You need to have some knowledge of where you are installing it. You also need to have some knowledge of the technology that you are going to scan. You can't scan everything in the same way.

What's my experience with pricing, setup cost, and licensing?

Its price is too high. My only concern or issue with Rapid7 is its pricing.

Which other solutions did I evaluate?

Our clients evaluate Qualys, Tenable, and Rapid7. It doesn't really matter which one you choose. You cannot go wrong with all of these products. They have been very well ranked by Gartner. The main difference is probably the pricing.

What other advice do I have?

I would recommend this solution. I would rate Rapid7 InsightVM an eight out of ten.

**Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
More Rapid7 InsightVM reviews from users
...who work at a Comms Service Provider
...who compared it with Qualys VM
Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
534,226 professionals have used our research since 2012.
Add a Comment
ITCS user