We just raised a $30M Series A: Read our story
Damir Miklavčič
Security Analyst at Zavarovalnica Triglav, d.d.
Real User
Top 20
Vulnerability management that is easy to use and install, with good technical support

Pros and Cons

  • "This solution is very easy to use and easy to install."
  • "It would be nice to have an additional feature that would provide reports on who has logged onto the console or who did what on the console."

What is our primary use case?

The primary use case of this solution is for vulnerability management.

We have monthly scans and reporting. The results are in QRadar, which is our SIEM.

What is most valuable?

This solution is very easy to use and easy to install.

It has nice features.

What needs improvement?

It would be nice to have an additional feature that would provide reports on who has logged onto the console or who did what on the console. I don't have the time to log onto the console and use SSH to go through the logs. 

We have some users with certain privileges, and sometimes they do things that I don't like.  This is why it would be nice to have an easy way to report what is in the logs.

In the next release, I would like to see reporting added to the console. It would be helpful to have reports to tell you who did what, who created reports, who created groups or who created tags.

For how long have I used the solution?

I have been working with this solution for five years.

What do I think about the stability of the solution?

The stability is good. I am running it on Linux and from that point of view, Linux is stable.

We are using this solution daily. 

What do I think about the scalability of the solution?

This solution is easy to scale. 

I am working at Triglav Group which is the leading insurance-financial group in Slovenia and
in the Adria region and one of the leading groups in South-East Europe

Triglav Group operates together with its subsidiaries and associated companies on seven markets and in six countries.

We use with two consoles, one is international for subdiraies and other is for the Slovenia all thogether we have 15 scan engines on locations.

How are customer service and technical support?

Approximately a year ago, we had an issue with the dashboard. We contacted technical support to ask a question. Unfortunately, we were not able to resolve the issue that we were having. It could have been something in our network, but we don't know. It was not a big issue.

The technical support is good, they do give you answers and they are pretty quick.

How was the initial setup?

The initial setup was easy and straightforward.

I deployed this solution. It took a couple of days with ten engines.

What about the implementation team?

We did not use a vendor or integrator to implement this solution. We have five thousand people in this firm and I am the only one in technical team. 

What other advice do I have?

My advice would be to just use it. 


As a whole, it's a pretty good product. I don't have any problem with it.

If they had the audit reporting then I would rate it a ten out of ten, but as it is now, I would rate this solution a nine out of then.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IS
Enterprise ICT Security Architect at a tech services company with 1-10 employees
Real User
Top 20
Good scalability, reporting, and technical support

Pros and Cons

  • "We are very satisfied with the reports, as they provide us with the information that is required for our management."
  • "There have been instances where technical support takes a long time to update the status of a ticket, which is something that can be improved."

What is our primary use case?

The primary use is to protect against cybersecurity attacks in your digital infrastructure. One example of such an attack is credential-grabbing.

What is most valuable?

We have put in some requests for enhancements and they are listening quite well. When there is something that we want to have enhanced then we can easily chat with the people at Rapid7. If it makes sense and another customer thinks that it makes sense then it will be built into the next release.

We are very satisfied with the reports, as they provide us with the information that is required for our management. You can perform the queries that you need.

What needs improvement?

There have been instances where technical support takes a long time to update the status of a ticket, which is something that can be improved.

For how long have I used the solution?

I have been using this product for about two and a half years.

What do I think about the stability of the solution?

The stability is okay.

What do I think about the scalability of the solution?

In terms of scalability, this product is awesome. We have more than 5,000 users and we plan to increase our usage in the future.

How are customer service and technical support?

The technical support is very nice. They are good and they listen to the customers, which is very important in my opinion.

There is always a demand for technical support to be faster. That said, I think it is much more important to have quality and communication. If I am going to be updated during the course of the case that is running, then that is okay with me. Also, as long as the quality stays in the system and they keep on improving, I am satisfied.

Which solution did I use previously and why did I switch?

We switched to Rapid7 because we were not satisfied with our previous solution. It was not up to par in terms of our needs and standards.

How was the initial setup?

The initial setup is very straightforward and not complex at all. Our deployment took about three months.

This is mostly a cloud-based solution that works with the assistance of agents and collectors.

What about the implementation team?

We implemented and deployed this product on our own.

What's my experience with pricing, setup cost, and licensing?

The licensing is asset-based and very straightforward.

What other advice do I have?

Overall, this is a product that I am very satisfied with.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,823 professionals have used our research since 2012.
FA
Senior Consultant at a tech services company with 11-50 employees
Real User
Top 5
Good visibility in the event of an attack

Pros and Cons

  • "When it comes to the process, installation is very easy and does not take long."
  • "All products have room for increased security and Rapid7 InsightVM is no exception."

What is our primary use case?

The solution is similar to Tenable, but Rapid7 also comes with Insight - Detection and Response, which integrates with InsightVM. This alerts the customer in the event of an attack or updates him about the status of a vulnerability. The solution provides increased visibility in the environment when integrating between these two products. 

What needs improvement?

All products have room for increased security and Rapid7 InsightVM is no exception. This is why I do not give a perfect score to any product on principle. 

For how long have I used the solution?

We have been using Rapid7 InsightVM for a couple of months.

What do I think about the stability of the solution?

The solution is stable. 

What do I think about the scalability of the solution?

The solution is scalable. 

We have plans to increase its usage.

Which solution did I use previously and why did I switch?

I have some experience with Tenable Nessus, although I did not use it on a professional basis. 

How was the initial setup?

When it comes to the process, installation is very easy and does not take long. As a matter of course, installing a VM and connecting to a portal is easy. That is all that is needed. Time-wise, this may take an hour. Once the portal and scanner are connected one can start getting the environment. 

What's my experience with pricing, setup cost, and licensing?

The license is annual and this is the optimal approach when it comes to most software. 

What other advice do I have?

The solution is hybrid, meaning that if installation is required it must be done on the environment itself, on-premises, the portal being cloud-based. 

The solution has very good integration, so I see no need for improvements in this regard at present. 

I have no issues with the stability, security, user interface, reporting, monitoring board or Techstar reports. These are all good. 

The documentation is quite detailed and straightforward. It is provided to me via the internet. 

Off the top of my head, I cannot think of anything needing improvement.

We have a single customer who is utilizing the solution, but he makes use of IDR, not IVM.

I would recommend the solution to others.

I rate Rapid7 InsightVM as an eight out of ten. 

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Zain Rehman
Senior Security Analyst at a financial services firm with 1,001-5,000 employees
Real User
Top 20
We have fewer false positives when using it

Pros and Cons

  • "We feel the interface is very good. It is very easy to use, even a nontechnical person can use it."
  • "The reporting has room for improvement. You cannot customize any report. If I need a specific requirement, I have to create a new report for it."

What is our primary use case?

We are using the solution for configuration review and vulnerability management.

I am using the latest version.

How has it helped my organization?

We have fewer false positives.

What is most valuable?

We feel the interface is very good. It is very easy to use, even a nontechnical person can use it.

What needs improvement?

The reporting has room for improvement. You cannot customize any report. If I need a specific requirement, I have to create a new report for it. I cannot pull up two or three things in one report.

For how long have I used the solution?

Three years.

What do I think about the stability of the solution?

It is stable. For the last three years, we haven't faced any bugs.

What do I think about the scalability of the solution?

It's very easily scalable. You just have to renew your license, and the scalability is already done.

Currently, we have three people who are use the solution. We manage this solution for the whole organization.

How are customer service and technical support?

The technical support is very helpful, but too slow. Overall, it usually takes 24 hours for them to reply, but the support that they provide is good.

How was the initial setup?

It's very straightforward. The deployment took less than an hour.

What about the implementation team?

We implemented it on our own.

What's my experience with pricing, setup cost, and licensing?

The license is IP based. How many IPs you are using to scan is the amount of the license you have to buy. The number of users doesn't matter; many users can use it or only person. It depends on the culture of the organization.

We have 600 to 700 licenses.

Which other solutions did I evaluate?

We tested two to three solutions where we had a couple of false positives. 

Rapid7 InsightVM has very low false positives, so you don't have to go in manually and verify them. This solution is efficient.

What other advice do I have?

I would recommend the product. The product is very good.

I would rate the product between a nine and a nine point five (out of 10).

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Layth Mansour
Information Security Officer at Umniah
Real User
Top 5
It's smarter and more accurate from an application perspective

Pros and Cons

  • "Using Rapid7, we can install a scan engine, we can do our VPN connections, and we can conduct internal scans of remote sites. We prefer the web application. It's smarter and more accurate from an application perspective."
  • "The integration with other solutions like JIRA could be better. Perhaps there could be some additional updates in the next phase that could integrate with it, so then you can proceed with the VT much easier."

What is our primary use case?

We use a hybrid setup. Some dashboards and configurations are uploaded to the Cloud, and some of them are on-premises. The main engine is on-premises. We have about 12 customers and some of them are big companies. 

What is most valuable?

There are a few main features that we are very happy with. Using Rapid7, we can install a scan engine, we can do our VPN connections, and we can conduct internal scans of remote sites. We prefer the web application. It's smarter and more accurate from an application perspective.

What needs improvement?

The integration with other solutions like JIRA could be better. Perhaps there could be some additional updates in the next phase that could integrate with it, so then you can proceed with the VT much easier.

For how long have I used the solution?

I've been using Rapid7 for about two years.

What do I think about the scalability of the solution?

From a scalability standpoint, it's good because they give you around 100%. If you want to increase your asset counts, for example, they give you permission for 100% above the limit that you pay for.

How are customer service and technical support?

Their support is very good. Technical support varies from person to person. Some cases have taken some time, but once it was escalated, everything was done well and the problem was solved. We've had some cases involving integration, remote sites, and some special configurations. They provided us with some support on all that.  

How was the initial setup?

It's straightforward. Everything is like setting up Lego cubes. It doesn't take much time to deploy. The first deployment may take around an hour or two.

What's my experience with pricing, setup cost, and licensing?

The license could be a little bit cheaper. For all these features, you would expect to pay a little bit lower but around the same general price. Licenses are paid yearly. For some customers, we pay two years at a time, but mostly it's yearly.

What other advice do I have?

I would rate it nine out of 10.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
JV
Cyber Security Engineer at a manufacturing company with 5,001-10,000 employees
Real User
Top 5Leaderboard
Good reporting, useful automation features, and has good technical support

Pros and Cons

  • "It's a relevant management tool."
  • "I would like to see more integration."

What is our primary use case?

We use this solution for our internal server for scanning. We can scan for vulnerabilities and locate them.

We also generate reports for the patching team. We assign tasks to the patching team.

What is most valuable?

It's a relevant management tool. 

It has some useful automation features. The report generating and the scanning are very helpful.

What needs improvement?

It would be very helpful to have integration. There are many plugins that can be used for tasks that would help the visibility and be able to locate the exact problem.

I would like to see more integration. 

I would also like to see more flexibility when scheduling the scans. We should be able to schedule scans when we want them to be scheduled. Currently, they have to be scheduled before a certain day of the week.

For how long have I used the solution?

I have been using Rapid7 InsightVm for six months during my internship.

What do I think about the stability of the solution?

Rapid7 InsightVM is a stable product.

What do I think about the scalability of the solution?

We have no issues with the scalability of this solution. We have a vulnerability management team of four who are using it, and in our organization, we have approximately 20 people, including management.

How are customer service and technical support?

Technical support is good.

Which solution did I use previously and why did I switch?

I have used Tenable Nessus previously for my personal projects. I used it for scanning for my projects in college.

How was the initial setup?

I was not involved in the installation. It was already installed previously.

What's my experience with pricing, setup cost, and licensing?

Licensing fees are paid on a yearly basis.

What other advice do I have?

I would recommend this solution to others, but more integration features would be more helpful.

I would rate Rapid7 InsightVM an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Pongtosaporn Junlobol
Vice President at INET Managed Services Co.,LTD.
Reseller
Great scanning capabilities, fast, powerful, easy to access

Pros and Cons

  • "It's easy to use. It's fast, it's a powerful easy to access tool."
  • "The InsightVM cannot scan if we connect to our customer by the VPN."

What is most valuable?

InsightVM is good. It's easy to use. It's fast, it's a powerful, easy to access tool.

What needs improvement?

I have had some difficult problems with InsightVM. The InsightVM cannot scan if we connect to our customer by the VPN. I asked the Rapid7 support, they told me that the InsightVM can only work on the same network. We cannot use InsightVM by VPN. It also consumes a lot of memory. It would be good if they could resolve that.

For how long have I used the solution?

We worked with Rapid7 InsightVM for one year.

What do I think about the stability of the solution?

It is very stable, but it consumes a lot of memory.

What do I think about the scalability of the solution?

Scalability is good on the same network but not if you have to connect to another network.

How are customer service and technical support?

I think the support is okay. They responded very quickly, and it was sufficient.

How was the initial setup?

InsightVM is Window-based. It is easy to install and easy to use.

What about the implementation team?

It took us about half a day to set up. When we bought from the distributor in Thailand, the distributor sent an engineer to install and explain how to use it and how to customize the report.

Which other solutions did I evaluate?

My team uses a small tool such as Tenable Nessus and Rapid7 InsightVM, but when we use both tools and compared the report, Tenable Nessus is very easy to consolidate, to expand to our customer, but InsightVM is very difficult. We would have to cancel it to explain the daily part to our customers.

What other advice do I have?

I would recommend having the distributor help you to explain how this software works and to help with the details. I would rate it at an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Davide Baudanza
CoFounder & Head of Technology at intuity
Real User
Top 5
Professional support, absolutely stable, and easy to use and deploy

Pros and Cons

  • "I really love the new platform. It is really easy to understand, use, and deploy."
  • "It would be great to have a mobile application client. Currently, you have to use a mobile web browser on a device, but it is not similar to the desktop web browser in terms of user experience. It would be nice to have a mobile application to access the platform."

What is our primary use case?

We are using InsightVM for vulnerability management services. We use it for providing professional services to our customers, and we also use it for our internal use.

We do on-premises and cloud deployments.

What is most valuable?

I really love the new platform. It is really easy to understand, use, and deploy. 

Their support is very professional and good at troubleshooting issues.

What needs improvement?

It would be great to have a mobile application client. Currently, you have to use a mobile web browser on a device, but it is not similar to the desktop web browser in terms of user experience. It would be nice to have a mobile application to access the platform. 

It would be nice to have someone in the technical support team who speaks Italian. 

For how long have I used the solution?

We have been in a partnership with Rapid7 for five years.

What do I think about the stability of the solution?

It is absolutely stable.

What do I think about the scalability of the solution?

It is scalable. We have 40 customers who are using this solution.

How are customer service and technical support?

Their technical support is great, but it would be nice to have someone in the technical support team who speaks Italian. 

We speak Italian with Safeguy. So, sometimes, Safeguy's technical teams also help us.

How was the initial setup?

Its initial setup is easy and quick. We are typically able to deploy it in a couple of hours.

We have 15 certified and dedicated engineers to handle its deployment and maintenance.

What's my experience with pricing, setup cost, and licensing?

In some cases, we procure the licenses. In some cases, the customers directly buy the license from Rapid7.

What other advice do I have?

I would rate Rapid7 InsightVM a nine out of 10.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Product Categories
Vulnerability Management
Buyer's Guide
Download our free Rapid7 InsightVM Report and get advice and tips from experienced pros sharing their opinions.