Rapid7 InsightVM Primary Use Case

Bill Young
Director of Cyber Security (CISO) at a marketing services firm with 201-500 employees
In our first use case, we wanted to map the solution back to our NIS (Network and Information Systems) framework and the CIS (Center for Internet Security that publishes Critical Security Controls). That is the first part. The second part of this same use case is that we wanted to do continuous vulnerability scanning. That is we wanted to scan the complete network every month at a minimum. What we are finding out in practice is that we are scanning every week because of our network and the size of it. In the end, we are able to get even more aggressive than our original position. The next use case was we wanted to identify the assets that were in our environment. We can identify how many servers we have, we have identified how many desktops and laptops we have got, et cetera. To that point is where we were looking at pretty good. Our next use case was the obvious next step where we wanted to identify vulnerabilities. That meant identifying all the vulnerabilities from critical all the way down to the low. We needed to know what they were and how many. Also, we wanted to know how many are unique versus how many there are in total. We also wanted to get away from tracking vulnerabilities on spreadsheets. It was incredibly cumbersome, incredibly hard to do, and it was not efficient. The IT guys kept telling me that they did not know how to fix certain issues. So I thought we needed to do CVSS ( Common Vulnerability Scoring System) on it. They were a bit resistant to that idea. Well, I was not about to start doing that for them. So InsightVM gives us the ability now to track the issues and communicate how the remediation should occur to fix vulnerabilities. Then the last thing is we wanted was to have a dashboard for management. We had to have a dashboard to be able to have a CIO (Chief Information Officer) log in and find out where we sit with things. Like where do we sit with remediation where are we failing to make expected progress and things of that nature. Rapid7 gave us the ability to do a lot of that, and it was not a cumbersome tool to implement. It is good and fits well with pretty much all of our use case needs. It only falls short in a couple of spots. View full review »
Ryan Witt
IT Security Architect at a government with 1,001-5,000 employees
We have a few primary use cases. The main one is looking at the visibility of devices that are on our network to keep track of things as they come and go, we're looking for known vulnerabilities whether it's the operating system, network devices, mobile devices, and the like. When we find the vulnerabilities we remediate them, so it's also our job to verify that remediations have been successful. In addition, we are now beginning to get involved in setting security baselines and configuring baselines and using InsightVM to audit those configurations. We're scanning about 6,000 devices. There are about 4,000 users in our environment, they are all IT staff. We also have technical leads from our user services, which is our workstation support, mobile devices, laptops, etc. We've got our infrastructure office which is servers and cloud administration, the IT security group, which is myself, and then our network support team and network administrators as well. It means our IT leadership gets some definite value from the reporting there. The CTO, his assistant, and all the IT managers receive their information from there as well. We have one person working in maintenance, and that's not a full-time position. View full review »
Kimeang-Suon
Technical Consultant at Yip Intsoi
We use the solution to scan our internal OS and applications. View full review »
Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
442,986 professionals have used our research since 2012.
Hassan-Moussafir
Information Security Senior Expert (Founding member, African Cybersecurity Center) at a financial services firm with 10,001+ employees
The primary use case of this solution is for critical business applications for the web. We have also implemented it to identify when we are changing and an older system like the application client-server, the server two, the network equipment like switch routers, and security solutions. View full review »
reviewer1377543
Director Of Information Technology at a government with 201-500 employees
The solution is primarily used for vulnerability management, specifically vulnerability scanning of the endpoint devices. View full review »
reviewer1289604
Infrastructure Security Architect at a comms service provider with 1,001-5,000 employees
We use Rapid7 for our vulnerability assessment. It scans the network, identifies all of the assets that are present, and then identifies all of the vulnerabilities due to non-patching those systems. Based on that, we can generate reports and make sure that those applications or servers are patched on both the operating system and application level. View full review »
Damir Miklavčič
Security Analyst at Zavarovalnica Triglav, d.d.
The primary use case of this solution is for vulnerability management. We have monthly scans and reporting. The results are in QRadar, which is our SIEM. View full review »
reviewer1168050
Enterprise ICT Security Architect at a tech services company with 1-10 employees
The primary use is to protect against cybersecurity attacks in your digital infrastructure. One example of such an attack is credential-grabbing. View full review »
Zain Rehman
Senior Security Analyst at a financial services firm with 1,001-5,000 employees
We are using the solution for configuration review and vulnerability management. I am using the latest version. View full review »
Nanda-Kumar
Security Team Lead at a tech services company with 10,001+ employees
It is basically used for scanning. View full review »
Jim Gallagher
Enterprise Manager Infrastructure and Operations at McGrath RentCorp
Our primary use case for this solution is to gain insight into internal systems vulnerabilities and remediation tasks. View full review »
Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
442,986 professionals have used our research since 2012.