We also use Nexus which is a mature tool and gives pretty good results. It offers the best scanning and good reporting files. 

The solution's audit report and scorecard provide better details than Nexus. 

From the feature side, right now we choose Nexus because it can bypass firewalls. From the price side, we choose the solution. 

We looked at a few other options: Acunetix was on the list and we looked at Manage Engine, Nessus, Rubric, Alien Vault, Microfocus, ArcSight, FireMon and RedSeal. On the vulnerability management side, we were very, very impressed with Rapid7 and the Insight VMware product. We looked more in-depth at a few of the others but VMware Insight stood out. The ease of use on VMware Insight coming from an organization that doesn't have a large dedicated security team, and being able to split out some of those responsibilities amongst people who may have a strong IT background, but may not have an IT security background really helped us out. It became a no-brainer at that point.

Along with Rapid7 InsightVM, we use Metasploit for already scanning. We also use it for website vulnerability scanning. For vulnerability scanning, we also use solutions from Tenable Network Security. Tenable is better because of its more frequent updates. However, it may depend on the industry and the use case. For now, Nessus is better for vulnerability scanning because of its ability to quickly and accurately detect vulnerabilities. However, Rapid7's team should work on improving the capacity of InsightVM to do the same.

Most products in this category are similar with no real difference so it all comes down to price. 

Our clients evaluate Qualys, Tenable, and Rapid7. It doesn't really matter which one you choose. You cannot go wrong with all of these products. They have been very well ranked by Gartner. The main difference is probably the pricing.

I did evaluate other solutions before using this solution. I looked online. 

I'm not sure if the company evaluated other options or not. I wasn't part of that process.

The company I'm working with now is looking at evaluating Tenable.io.

We tested two to three solutions where we had a couple of false positives. 

Rapid7 InsightVM has very low false positives, so you don't have to go in manually and verify them. This solution is efficient.

We checked other solutions. We went for it because it has a cloud platform inside, which integrates with our SIEM solution, and it has many more capabilities than other products.

We started with SentinelOne, we looked at CrowdStrike, we looked at Red Canary. The funny thing was, Red Canary was just remarketing CrowdStrike, or something like that. It got to a point where I realized these weren’t additional vendors. They were just additional packagers of the same solution.

We are currently looking to replace Rapid7 with another product.

Currently, we are working with Tenable Nessus and Qualys.

My team uses a small tool such as Tenable Nessus and Rapid7 InsightVM, but when we use both tools and compared the report, Tenable Nessus is very easy to consolidate, to expand to our customer, but InsightVM is very difficult. We would have to cancel it to explain the daily part to our customers.

OpenVAS, Nessus , Qualys, SAINT8,Beyond Trust

We looked at Rapid7 vs Tenable Nessus.