Rapid7 InsightVM Reviews

Rapid7 InsightVM is the #2 ranked solution of our top Vulnerability Management tools. It's rated 4.0 out of 5 stars, and is most commonly compared to Tenable Nessus - Rapid7 InsightVM vs Tenable Nessus

Filter by:
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Ryan Witt
Real User
IT Security Architect at a government with 1,001-5,000 employees
Feb 28 2020

What is most valuable?

For us there are many integrations with things like the VMware NSX that are great, the reporting is really solid. I like the ability to set goals and SLAs for remediation. When a new vulnerability is found we can have an SLA associated with… more »

What needs improvement?

There are some difficulties with the online reporting and lack of integrations, the information that you can get from the APIs in the software is not the best. There's still some fleshing out of their API that I think could benefit them as… more »

What's my experience with pricing, setup cost, and licensing?

Our licensing costs are somewhere around $40,000 annually. There are no additional fees. We will probably increase our license count annually as our environment kind of naturally grows. We started out with probably about a third of the… more »

What other advice do I have?

It's important to take the time to have a full understanding of how schemes are scheduled, how sites and asset groups are set up and make sure it's done upfront. It's a big help. If you remove an old site and recreate it with small… more »

Which other solutions did I evaluate?

We looked at a few other options: Acunetix was on the list and we looked at Manage Engine, Nessus, Rubric, Alien Vault, Microfocus, ArcSight, FireMon and RedSeal. On the vulnerability management side, we were very, very impressed with… more »
Kimeang-Suon
Consultant
Technical Consultant at Yip Intsoi
Jun 23 2020

What is most valuable?

The most important aspect of the solution is that it rarely gives false positives, especially compared to other products. It provides very clear reports for our IT teams to look at. The solution has an excellent feature that scans for… more »

How has it helped my organization?

The solution protects us from vulnerabilities. If it sees anything, it can tell us about the vulnerability and ranks it as critical or high risk. It allows us to take action immediately to protect our company from attacks.

What needs improvement?

The solution needs to improve its smart monitoring. There needs to be much clearer instructions surrounding scanning. As for new features, I can't think of anything that's lacking. It's pretty good overall in terms of feature offerings.

What's my experience with pricing, setup cost, and licensing?

The solution offers flexible pricing.

What other advice do I have?

We're a partner of InsightVM. We're most likely using the latest version of the solution, however, I'm not sure which exact version number it is. We've deployed on-premises with a local scan engine. I'd advise companies that are looking… more »
Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
438,246 professionals have used our research since 2012.
Hassan-Moussafir
Real User
Information Security Senior Expert (Founding member, African Cybersecurity Center) at a financial services firm with 10,001+ employees
Nov 11 2019

What is most valuable?

The most valuable feature for us is the different types of reporting it provides. For example, the compliance reporting, compliance with the international standard in which we are certified and compliant. This is important for us to… more »

What needs improvement?

We need to scan and identify the different RPGs, the critical ones and the major ones that can generate risk or a measure of risk. We generate the reporting from the system and relay the report to our internal developers. We have our… more »

What's my experience with pricing, setup cost, and licensing?

This solution is expensive, but it's fine for us as we have an open budget for security solutions. Protection and having the system secured is more important.

Which solution did I use previously and why did I switch?

In this current company, they were using Qualys and I convinced the management to change to Rapid 7. After every event, we are required to automize with information control tools like Sandbox, IPS, and vulnerability management. All of those… more »

What other advice do I have?

Rapid 7 is a leading solution that has been implemented in many companies. In Nexpose you have the console and the app assistant for Rapid 7. The design can be implemented in all of the segments of the network to scan, perform the scale of… more »
Real User
Director Of Information Technology at a government with 201-500 employees
Aug 09 2020

What is most valuable?

The main functionality of identifying item endpoints that weren't properly patched or had vulnerabilities is the solution's most valuable feature.

What needs improvement?

We found that after you passed an endpoint, it didn't always reflect it in the next scan. I'm not sure if it was a glitch or some issue with the product's software. That was never clear. That was… more »

What's my experience with pricing, setup cost, and licensing?

I'm not sure what the solution would cost on a monthly or yearly basis.

Which solution did I use previously and why did I switch?

The company did not use a different solution before using this product.

What other advice do I have?

The company I worked for was just a customer and I was just an end-user. There was no business relationship between the two companies that I was aware of. The company is considering moving from… more »

Which other solutions did I evaluate?

I'm not sure if the company evaluated other options or not. I wasn't part of that process. The company I'm working with now is looking at evaluating Tenable.io.
Real User
Infrastructure Security Architect at a comms service provider with 1,001-5,000 employees
Feb 24 2020

What is most valuable?

The most valuable feature is the site scanning, where we can provide a complete subnet and what it is we need to scan on those devices. It will extract all of the information, including the rating and vulnerabilities, in all of the applications that are present, on each of those machines. This is quite relevant because if you have many applications on one server then you don't know if they are… more »

What needs improvement?

The reporting is a little bit tricky because it can be difficult to exactly pinpoint some of the assets to filter them and generate a report. Improving the filtering capability would make the reporting easier. We would like to have penetration testing features built into Nexpose, as it is the next area that we are going to be concentrating on. We have not yet tried it, but it is on our roadmap.

What other advice do I have?

My advice for anybody who is implementing this solution is to begin by clearly identifying infrastructure and the most critical assets. This tool will give you good visibility into the network and the assets, but it is only the starting point. It is really the input for the process that you have in place to follow up and patch the assets. Simply knowing that they are vulnerable is not good enough… more »
Damir Miklavčič
Real User
Security Analyst at Zavarovalnica Triglav, d.d.
Mar 23 2020

What is most valuable?

This solution is very easy to use and easy to install. It has nice features.

What needs improvement?

It would be nice to have an additional feature that would provide reports on who has logged onto the console or who did what on the console. I don't have the time to log onto the console and use SSH to go through the logs. We have some users with certain privileges, and sometimes they do things that I don't like. This is why it would be nice to have an easy way to report what is in the logs. In… more »

What other advice do I have?

My advice would be to just use it. As a whole, it's a pretty good product. I don't have any problem with it. If they had the audit reporting then I would rate it a ten out of ten, but as it is now, I would rate this solution a nine out of then.
Real User
Enterprise ICT Security Architect at a tech services company with 1-10 employees
Sep 11 2020

What is most valuable?

We have put in some requests for enhancements and they are listening quite well. When there is something that we want to have enhanced then we can easily chat with the people at Rapid7. If it makes sense and another customer thinks that it… more »

What needs improvement?

There have been instances where technical support takes a long time to update the status of a ticket, which is something that can be improved.

What's my experience with pricing, setup cost, and licensing?

The licensing is asset-based and very straightforward.

Which solution did I use previously and why did I switch?

We switched to Rapid7 because we were not satisfied with our previous solution. It was not up to par in terms of our needs and standards.

What other advice do I have?

Overall, this is a product that I am very satisfied with. I would rate this solution an eight out of ten.
Zain Rehman
Real User
Senior Security Analyst at a financial services firm with 1,001-5,000 employees
Jan 20 2020

What is most valuable?

We feel the interface is very good. It is very easy to use, even a nontechnical person can use it.

How has it helped my organization?

We have fewer false positives.

What needs improvement?

The reporting has room for improvement. You cannot customize any report. If I need a specific requirement, I have to create a new report for it. I cannot pull up two or three things in one report.

What's my experience with pricing, setup cost, and licensing?

The license is IP based. How many IPs you are using to scan is the amount of the license you have to buy. The number of users doesn't matter; many users can use it or only person. It depends on the… more »

What other advice do I have?

I would recommend the product. The product is very good. I would rate the product between a nine and a nine point five (out of 10).

Which other solutions did I evaluate?

We tested two to three solutions where we had a couple of false positives. Rapid7 InsightVM has very low false positives, so you don't have to go in manually and verify them. This solution is… more »
See 4 More Rapid7 InsightVM Reviews

What is Rapid7 InsightVM?

Rapid7 InsightVM is the vulnerability assessment tool built for the modern web. InsightVM combines complete ecosystem visibility, an unparalleled understanding of the attacker mindset, and the agility of SecOps so you can act before impact.

Also known as
InsightVM, NeXpose
Rapid7 InsightVM customers

ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM

Read Archived Reviews
BUYER'S GUIDE
Download our free Rapid7 InsightVM Report and get advice and tips from experienced pros sharing their opinions.