Enrique SantiatiagogoOwner at Sidif Del Caribe Corporation
Anonymous UserSenior Information Security Analyst at a financial services firm
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"Rapid7 InsightVM has given us a practical view of the vulnerabilities present in our organization."
"The most valuable feature for us is the different types of reporting it provides."
"We feel the interface is very good. It is very easy to use, even a nontechnical person can use it."
"The most valuable feature is the site scanning, where we can provide a complete subnet and what it is we need to scan on those devices."
"There are many integrations with things like the VMware NSX that are great, the reporting is really solid."
"It's easy to use. It's fast, it's a powerful easy to access tool."
"This solution is very easy to use and easy to install."
"The most important aspect of the solution is that it rarely gives false positives, especially compared to other products. It provides very clear reports for our IT teams to look at."
"I think that this is a good solution for evaluating vulnerability in the network."
"What is useful to me is being able to fulfill very customized scanning policies. In the clinical environment, because of vendor control, we can't perform credential-vulnerability scanning. And network scans, which I've done before, can cause a lot of impact. Being able to create very customized policies to be able to routinely scan and audit our clinical networks, while simultaneously not causing impact, is important to us."
"One of the most valuable features is their distributed scan model for allotting engines to work together as a pool and handle multiple scans at once, across multiple environments. Automatic scanning distribution is a distinguishing feature of their toolset."
"This solution has a much lower rate of false positives compared to competing products."
"The predictive prioritization features are pretty good. They do a lot of research and we trust the research that they do internally. They have knowledge of what's going on with many companies, where we only get a view into what's going on here. So the ability to get best practices out of them as part of this solution, is valuable to us."
"Tenable also helps us to focus resources on the vulnerabilities that are most likely to be exploited. And since it is continuously updated, it allows us to reevaluate quickly if there are new vulnerabilities found..."
"The scans are the most valuable aspect of this solution."
"This product has the best results in terms of the lowest number of false-positives and false-negatives."
"A definite improvement would be to make it easier to run ad-hoc scans without needing to assign the asset to a site or group."
"This solution integrates with another module in Metasploit, that doesn't exist in the other solutions. It is subscribed to on our roadmap, but we chose to implement both Nexppose and AppSpider."
"The reporting has room for improvement. You cannot customize any report. If I need a specific requirement, I have to create a new report for it."
"The reporting is a little bit tricky because it can be difficult to exactly pinpoint some of the assets to filter them and generate a report."
"Some difficulties with the online reporting and lack of integrations."
"The InsightVM cannot scan if we connect to our customer by the VPN."
"It would be nice to have an additional feature that would provide reports on who has logged onto the console or who did what on the console."
"There needs to be much clearer instructions surrounding scanning."
"The web application scanning area can be improved."
"If I want to have a very low-managed scan policy, it's a lot of work to create something which is very basic. If I use a tool like Nmap, all I have to do is download it, install it, type in the command, and it's good to go. In Security Center, I have to go through a lot of work to create a policy that's very basic."
"It's good at creating information, it's good creating dashboards, it's good at creating reports, but if you want to take that reporting metadata and put it into another tool, that is a little bit lacking."
"The vulnerability scan does not work correctly until the access privileges are set by the system administrator."
"There's a lot of information being streamed out of the reports. What would be nice, and maybe we just haven't found it, would be more of an executive-type view. We still expect it to collect all this information, but we would like a feature that would allow us to show it to an executive or a director or someone like that and give them some type of high-level overview but not get into the nitty-gritty."
"The reporting needs a lot of work on the template."
"The integration is very good, although it still needs to improve."
"Current web page needs improvement, slows down processes."
"This solution is expensive, but it's fine for us as we have an open budget for security solutions. Protection and having the system secured is more important."
"The license is IP based. How many IPs you are using to scan is the amount of the license you have to buy. The number of users doesn't matter; many users can use it or only person. It depends on the culture of the organization."
"Our licensing costs are somewhere around $40,000 annually. There are no additional fees."
"The licensing is asset-based and very straightforward."
"Its price is too high. My only concern or issue with Rapid7 is its pricing."
"Comparing the price with the value that we receive, I am not happy with it."
"The licensing costs for this solution are approximately $100,000 US, and I think that covers everything."
"The pricing is more than Nexpose."
"Costing is pretty reasonable compared to the competition."
"We're a Fortune 500 company... our licensing costs [are] in the seven figures."
"We pay around 60,000 on a yearly basis."
"The price can start at €10,000 ($13,000 USD) for between 500 and 1,000 assets, and the price can climb into the millions as more assets are added."
"I use a local license to perform penetration testing and I'm pretty happy with everything when it comes to pricing and licensing."
Rapid7 InsightVM is the vulnerability assessment tool built for the modern web. InsightVM combines complete ecosystem visibility, an unparalleled understanding of the attacker mindset, and the agility of SecOps so you can act before impact.
Tenable SC consolidates and evaluates vulnerability data across the enterprise, prioritizing security risks and providing a clear view of your security posture. With SecurityCenter, get the visibility and context you need to effectively prioritize and remediate vulnerabilities, ensure compliance with IT security frameworks, standards and regulations, and take decisive action to ensure the effectiveness of your IT security program and reduce business risk.
Rapid7 InsightVM is ranked 2nd in Vulnerability Management with 14 reviews while Tenable SC is ranked 4th in Vulnerability Management with 10 reviews. Rapid7 InsightVM is rated 8.0, while Tenable SC is rated 8.6. The top reviewer of Rapid7 InsightVM writes "Broad capabilities make this scanning solution able to cover a lot of ground". On the other hand, the top reviewer of Tenable SC writes "Enables us to centralize and correlate all data and understand where the gaps are in our security posture". Rapid7 InsightVM is most compared with Tenable Nessus, Qualys VM, Tenable.io Vulnerability Management, Rapid7 Metasploit and Microsoft Intune, whereas Tenable SC is most compared with Tenable.io Vulnerability Management, Tenable Nessus, Qualys VM, Forescout Platform and Cisco ISE (Identity Services Engine). See our Rapid7 InsightVM vs. Tenable SC report.
See our list of best Vulnerability Management vendors.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.