We performed a comparison between Rapid7 InsightVM and Rapid7 Metasploit based on real PeerSpot user reviews.
Find out in this report how the two Risk-Based Vulnerability Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's very scalable."
"The most valuable features are its reporting capabilities and the host discovery functionality."
"We can create our own templates."
"This solution is much more user-friendly than past solutions I have used."
"The solution is automatically scheduled so it runs by itself."
"Rapid7 have a good distribution network with good support and market presence."
"InsightVM's best features are the vulnerability database and remediation steps."
"The solution is good because it has a lot of options."
"The solution is open source and has many small targetted penetration tests that have been written by many people that are useful. You can choose different subjects for the test, such as Oracle databases or Apache servers."
"Stability-wise, I rate the solution a nine out of ten...Scalability-wise, I rate the solution a nine out of ten."
"Rapid7 Metasploit is a useful product."
"The reporting on the solution is good."
"It is scalable. It's in line with our needs."
"It allows us to concentrate solely on identified vulnerabilities without the hassle of additional setup."
"The greatest advantage of Rapid7 Metasploit is that it is the only system that can directly exploit vulnerabilities on the Metasploit platform."
"I don't have any other tools like it, and I always use it when I'm doing a pen test. Metasploit is a great solution for penetration testing,"
"The on-premise updates could improve from Rapid7 InsightVM."
"Some difficulties with the online reporting and lack of integrations."
"The authentication scan is not working."
"There is a significant learning curve, that non-technical individuals, especially those not specialized in computer science or the information security industry, might face."
"There are end-user needs and expectations that are being overlooked in the development that could be addressed by appointing a customer advisory board."
"Rapid7 could be easier to manage."
"Some of our customers want to be completely cloud based, and Rapid7 doesn't offer this as an option."
"In terms of improvements, its price could be better. Our main issue with Rapid7 is that it is too expensive. You can only sell it to enterprise accounts. In terms of new features, Rapid7 came up with a product called InsightIDR a couple of years ago, which is a good SIEM solution. We expect that Rapid7 will work on some sort of integration between InsightVM and InsightIDR, where vulnerability or anomaly detected by InsightVM can be reported in InsightIDR in some sort of real-time. Rapid7 doesn't patch. For example, if you have a vulnerability, some products can scan and also do the patching, but Rapid7 does not do the patching. It would be nice if it can also patch."
"It is necessary to add some training materials and a tutorial for beginners."
"There are numerous outdated exploits in their database that should be updated."
"Rapid7 Metasploit could be made easier for new users to learn."
"If your company's patch is not up to date, but you have other detection or defense solutions such as endpoint detection and response and antivirus software, the product exploit may not work effectively. This is because its exploit database update process is slow and not real-time. For zero-day vulnerabilities or new security threats, relying on Rapid7 Metasploit alone may not be effective."
"At the time I was using it, the graphical user interface needed some improvements."
"Metasploit cannot be installed on a machine with an antivirus."
"I think areas with shortcomings that need improvement are more integration and automation."
"The open-source version has reporting limitations. You need to develop these capabilities yourself. Built-in reporting is an excellent feature for penetration testing, but it isn't a must-have. The solution could also cover more vulnerabilities. Metasploit has around 10,000 exploits in its library, but more is always better."
Rapid7 InsightVM is ranked 4th in Risk-Based Vulnerability Management with 54 reviews while Rapid7 Metasploit is ranked 14th in Vulnerability Management with 18 reviews. Rapid7 InsightVM is rated 8.0, while Rapid7 Metasploit is rated 7.6. The top reviewer of Rapid7 InsightVM writes "You can scan a network, and receive recommendations to address vulnerabilities with the click of a button". On the other hand, the top reviewer of Rapid7 Metasploit writes "Directly exploit vulnerabilities, is stable, and scalable". Rapid7 InsightVM is most compared with Tenable Nessus, Qualys VMDR, Tenable Security Center, Microsoft Defender Vulnerability Management and Cisco Vulnerability Management (formerly Kenna.VM), whereas Rapid7 Metasploit is most compared with Tenable Nessus, Pentera, Acunetix, Nucleus and Qualys VMDR. See our Rapid7 InsightVM vs. Rapid7 Metasploit report.
We monitor all Risk-Based Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.