Rapid7 InsightVM Reviews

One of the most valuable features is it's graphical dashboard feature. It is quite easy to manage the widgets, and we can customize those according to our queries.

The other most valuable feature is that we can integrate Rapid7 InsightVM with JIRA. If a vulnerability in our services or server is found, it directly connects with JIRA and will assign a ticket. We can then share that with our development team or infrastructure team. Within a team, we can share it and assign the ticket, and we can smoothly do the mitigation process.

Also, InsightVM has an image container that can be utilized via a CI/CD pipeline. We can directly integrate with building tools, and we can have vulnerability assessment throughout the development life cycle.

Rapid7's initiative Project Sonar digs out the vulnerabilities arising all over the world and sends feedback to the systems. They then immediately update their databases and begin mitigation processes.

Within InsightVM, there is no feature to assign a ticket. If we can have more API calls, we can do that from InsightVM.

There is room for improvement when it comes to JIRA integration. If they can collaborate with the JIRA team, then it will be easier for people to use it.

If we can configure and define more features such as the critical elite level through InsightVM, it would be better.

I would prefer to have vulnerability assessment with more features, like code analysis, code coverage, etc.

I would also prefer to have a method of custom image analysis for assessment.

In the SDLC (software development lifecycle), if we could easily integrate with a particular lifecycle, then we could have more descriptive reports.

I have worked with this solution for two years now.

It is definitely stable.

The scalability is quite good. We can increase the number of assets by paying either onsite or online. Also, we have an onsite engine, and we can install it in our cloud or AWS cloud, for instance.

The technical support team has answered our questions within a couple of hours. They have provided precise answers so far to all the questions we have asked them.

The initial setup was an easy task because we have a Linux server installed.

InsightVM has a framework that's very interesting, and they have very detailed documentation. They have step-by-step directions for the installation process, and we can download them from their site. This means that anyone can easily install it and configure it.

The harder part is writing the queries. We need to have knowledge of InsightVM and how queries, assets, and conditional formats occur. Extensive knowledge can be valuable at this stage of the process.

Pricing is reasonable because we pay according to asset usage. We can define our assets and sites according to our preference.

I recommend doing a comparison of Qualys, Rapid7, and Nessus. Because the scope is different from company to company and cluster to cluster, it would be good to research each product and decide according to your needs.

If I were to rate Rapid7 InsightVM, I would rate it at seven on a scale from one to ten.

Our company uses the solution to discover, identify, and patch vulnerabilities or disable certain services. The solution provides the patch recommendations that we implement via another tool. 

Four team members manage the solution internally and for various clients who each have fifty users. 

The solution helps to identify lots of misconfigurations, flaws, or security risks. Anything insecure is exposed easily. 

The solution is automatically scheduled so it runs by itself. 

The solution should include a tighter integration with third-party threat modeling and threat intelligence tools. Rapid7 is the solution's own threat intelligence platform but third-party platforms would be a great addition. 

It would be nice to have patching capabilities built within the solution rather than using third-party products. 

I have been using the solution for three years. 

The solution is extremely stable. 

The solution is easily scalable with the purchase of additional licenses. 

Technical support is extremely good and we get support quite fast. Technical support is rated a ten out of ten. 

Positive

The setup is very straightforward so I rate it a ten out of ten. 

We implement the solution for customers. 

The solution is a bit more reasonably priced than other products. 

Most products in this category are similar with no real difference so it all comes down to price. 

It is important to have a strong patch management plan that prioritizes what and how you need to patch. 

The solution does the vast majority of work but you need a proper system so you can take output to your operations team for patching. A good workflow between teams is important. 

I rate the solution a ten out of ten. 

We use the solution for vulnerability management. We perform scanning and security patching in selected network zones utilizing it.

The solution's most valuable features are the simplicity of use, identifying vulnerable assets, and the ability to create remediation projects.

They should integrate the solution with multiple products along with ServiceNow.

We have been using the solution for two or three months.

I rate the solution's stability as an eight.

We have a few tens of users of the solution. They include IT specialists, engineers, and administrators. We can easily install scan engines in different zones of our network. But, we face difficulties pairing the scan engines to the management console. 

I rate the solution's scalability as an eight.

The vendor team helps us install the solution.

The solution's pricing depends on the number of users per month as per our contract. We have a limit of scanning around 4000 appliances. It covers a sufficient scope regarding our requirements.

The solution works well. I recommend it to others and rate it as an eight.

There are so many cases for InsightVM. It's used for customers that need the ICS compiler or if they need users to work from home right now. It allows them to manage assets from anywhere. 

Using active scan is good.

If you have a history with the solution, the initial setup is easy.

The solution is stable and reliable.

It's very scalable.

The agent must be covered if the customer wants to do a combined thing. InsightVM cannot do that if they are using an agent. We'd like the agent to cover more compliance issues.

I've been using the solution for three or four years. 

The product is stable. There aren't bugs or glitches. It doesn't crash or freeze. It's reliable and the performance is good.

If you want to scan more than 1,000 assets, then we need to show the requirement first. It will use the server with maximum CPU, and maximum RAM. The scalability is quite higher than on the previous one we used. It keeps getting better.

Typically, the initial setup is easy. If a user has the experience, it is straightforward. However, if we work together with an organization that has never used it before, there's more configuration that needs to be done.

We're working with the latest version of the solution, however, I cannot recall the exact version number.

While our clients are using a hybrid cloud, the customers still need to install on-premise. Your console right now is like a dashboard; it's moved to the cloud.

I'd advise users to try the solution. If they are using InsightVM they will be able to quickly understand what the vulnerabilities are on their assets.

I'd rate the solution eight out of ten.

We are system integrators. Our clients normally use it to detect vulnerabilities in terms of a lack of patches in certain systems and databases. Its console can be installed on-premise or on the Rapid7 data center.

When you connect any new device to the network, Rapid7 has the ability to detect the new device immediately. It can scan that device to detect if it has any vulnerability. 

It tells you what is vulnerable and what has been misconfigured. It also tells you what is the risk of that misconfiguration or lack of patches and how to resolve the problem.

In terms of improvements, its price could be better. Our main issue with Rapid7 is that it is too expensive. You can only sell it to enterprise accounts. 

In terms of new features, Rapid7 came up with a product called InsightIDR a couple of years ago, which is a good SIEM solution. We expect that Rapid7 will work on some sort of integration between InsightVM and InsightIDR, where vulnerability or anomaly detected by InsightVM can be reported in InsightIDR in some sort of real-time.

Rapid7 doesn't patch. For example, if you have a vulnerability, some products can scan and also do the patching, but Rapid7 does not do the patching. It would be nice if it can also patch.

We have been working with this solution for the last three years or so. 

It has been stable. There is nothing that has caused any major damage to our customers. Normally, what happens is that when something goes wrong, the customer normally blames the tool first before admitting that they touched something or whatever the case may be.

We have a couple of customers with various company sizes, and we haven't had any scalability issues. Rapid7 is pretty much an enterprise solution. We're talking about customers with more than 1500 nodes to scan.

Their technical support is very good.

I don't handle the installation, but it was not difficult to implement. The basic setup took us about four days or so.

Normally, for a product like this, the complexity of implementation is proportional to the size of the infrastructure that is going to be scanned and also how heterogeneous it is. An enterprise product like this is not like using a coffee maker. You need to have some knowledge of where you are installing it. You also need to have some knowledge of the technology that you are going to scan. You can't scan everything in the same way.

Its price is too high. My only concern or issue with Rapid7 is its pricing.

Our clients evaluate Qualys, Tenable, and Rapid7. It doesn't really matter which one you choose. You cannot go wrong with all of these products. They have been very well ranked by Gartner. The main difference is probably the pricing.

I would recommend this solution. I would rate Rapid7 InsightVM an eight out of ten.

The main purpose for using Rapid7 InsightVM is vulnerability management and visibility.

The cost is what is most valuable. Compared to the other products on the market, the cost is more palatable. Also the functionality. 

It is a single pane of glass that I can do most things.

I see ongoing progress constantly. There isn't much opportunity to make recommendations for improvement from our end. Technology does what we want it to do.

The only issue I have with their business plan is how they interact with South African enterprises. 

They have one singular distributor that I must work with, and that is where my two points go. 

I can't interact with Rapid7 directly. I must work via the local incumbent, the distributor. And working with this third party can be tiresome at times.

Rapid7 InsightVM doesn't work with us directly. I have to work with a  distributor. If I need quotes or technical support, for example, I have to work with the distributor rather than Rapid7 InsightVM directly.

We are a registered reseller and a trusted partner. However, for us to get any support from them I can't log a call directly with Rapid7 InsightVM. I have to work with the distributor to log the call for me.

I have been working with Rapid7 InsightVM for two to three years.

We are using the latest version.

Rapid7 InsightVM is very stable. I would rate the stability a five out of five.

Rapid7 InsightVM is a scalable product. I would rate the scalability a five out of five.

We have approximately 1, 500 endpoints in our company.

It's not users, but endpoints, because the model is built around the endpoints you want to monitor. We run on around 1,500 endpoints. It is not user-specific.

One person can easily manage this solution, but we have a team of four engineers to manage our environment.

I have not contacted technical support directly.

We also use Tenable Nessus.

I am not involved with the initial setup. I have a support team that is managing that.

We deploy it depending on our client's requirements. We use it as well as our clients.

The deployment was done in-house. We do it ourselves.

We had four, and all four worked on the project. This is not to say that there is just one primary job or four main jobs. Our engineers all work as a team.

I can definitely see a return on investment.

It's good. We get the value from the product.

We purchase annual licenses.

We provide our own support. We have resources that have been certified to work on the product. It is purely the license fee.

In terms of affordability, I would rate it a three out of five.

I believe they see us as resellers because we resell it, but when we use it for professional services, they regard us as partners. They use both terms in the same sentence.

We support it.

I strongly recommend it. It's a good product. 

It's only the backend support that needs to be improved. However, there isn't very much that has room for improvement in the product right now.

They are not flawless. We have had problems here and there, but overall, I would rate Rapid7 InsightVM an eight out of ten.

The product is not a cloud solution. The tool can only be used as a hybrid solution, meaning it can be used on the cloud and on an on-premises deployment model. There are certain limitations because of the product being used on a hybrid model. Rapid7 InsightVM doesn't offer a solution purely in the cloud.

Competitors of Rapid7 InsightVM, like Tenable.io and Qualys, offer pure cloud solutions.

I have been using Rapid7 InsightVM for seven or eight years. My company serves as a distributor of the tool.

Sometimes, there were certain parts and programs of the product about which the customer used to complain.

Stability-wise, I rate the solution a six to seven out of ten.

It is a highly scalable solution. One of my company's customers uses the tool on 1,30,000 devices.

My company deals with clients who own small as well as enterprise-sized businesses.

In the past, the support offered for the product was good. Unfortunately, over a period of time, the support offered has become poor.

I rate the technical support a four to five out of ten.

Neutral

The product's initial setup phase was very easy.

The solution can be deployed in a few hours. The time required depends on the scale of the deployment. If there are 1,000 or 10,000 deployments to be done, then it takes time. If the customer provides a Q&A to calculate the design of the network, then the process becomes easier. If the customer does not know about their network, then the deployment process takes time since our company has to discuss several things with them before starting the process.

The product is cheaper than the other similar tools available in the market.

My company uses Rapid7 InsightVM to identify and assess vulnerabilities.

The product has improved our company's vulnerability remediation process. The tool finds vulnerabilities by scanning devices and networks. The solution is also useful in the area of database scanning.

The product area I find to be valuable in vulnerability management workflow stems from many aspects, like reporting, which is very useful. Rapid7 InsightVM's integration with Jira is also very effective and useful for end users. The coverage of the vulnerability offered by the product is very good. The GUI for Japanese users is good.

The product's integration capabilities have improved my company's security posture, as many other systems can be integrated with it. The export feature of the product helps users deal with other products like ServiceNow or Splunk.

The product is more useful for scanning than for its real-time visibility, but I can say that its functionalities come very close to real-time features. The product scans every six hours.

In large and diverse environments, the performance and the scalability of the product are not bad.

The product is easy to understand, making it good for companies that doesn't have much expertise in the area of security. It is an easy to use product. The product also provides a GUI in Japanese, while taking care of the reporting part efficiently, making it very convenient for the end users in Japan.

I rate the product's capacity to offer ease of use an eight out of ten.

I rate the overall tool a six to seven out of ten.

I use InsightVM for vulnerability scanning, to follow up that patching is done properly, and to control operational teams and ensure they're doing their job.

InsightVM lets me scan our environments and ensure that our operational teams are on top of patching.

InsightVM's best features are the vulnerability database and remediation steps.

InsightVM is getting a little stale and is in danger of falling behind its competitors. It's also becoming more complicated, and I prefer it to be kept simple. Its cloud coverage could also be stepped up.

I've been using InsightVM for ten years.

Insight VM is very stable.

There used to be some problems with scaling InsightVM, but those limitations have been removed in newer versions.

Rapid7's technical support is brilliant, responsive, and professional.

Positive

The initial setup was very easy and took a day to complete. I would rate the setup process five out of five.

We used an in-house team.

Having a vulnerability scanner has saved us from cyber attacks a number of times, so we've gotten good ROI from Insight VM. I'd rate our ROI as five out of five.

InsightVM is an expensive product, especially compared to its competitors, at around a million NOK per year. Support is included in the license for no extra cost. I would rate their pricing at one out of five.

InsightVM has integration with Kubernetes, which no other solution has. I would give Insight VM a rating of eight out of ten.