Rapid7 InsightVM Reviews

We use Rapid7 for our vulnerability assessment. It scans the network, identifies all of the assets that are present, and then identifies all of the vulnerabilities due to non-patching those systems. Based on that, we can generate reports and make sure that those applications or servers are patched on both the operating system and application level.

The most valuable feature is the site scanning, where we can provide a complete subnet and what it is we need to scan on those devices. It will extract all of the information, including the rating and vulnerabilities, in all of the applications that are present, on each of those machines. This is quite relevant because if you have many applications on one server then you don't know if they are individually patched, or not.

The dashboard is not difficult to manage.

The reporting is a little bit tricky because it can be difficult to exactly pinpoint some of the assets to filter them and generate a report. Improving the filtering capability would make the reporting easier.

We would like to have penetration testing features built into Nexpose, as it is the next area that we are going to be concentrating on. We have not yet tried it, but it is on our roadmap.

We have been using this solution for one year.

We have not had any issues with stability. For what we are using it for, it is okay, and we use it on a weekly basis.

We have five people who are working with Nexpose and we have not yet needed to scale.

We have been in touch with support on one or two occasions but I was not the person who dealt with them.

The initial setup is not complex. As soon as you deploy, you start by opening all of the needed communication tools on all of the target systems. In our situation, we deployed gradually as opposed to doing everyone at the same time.

We have five people who have access to this solution and can maintain it. They do not work on it full-time but can do site scanning and generate reports when needed.

A third-party was brought in to implement this solution. However, I have done some of the upgrades and I would say that it is straightforward enough that it is not necessary to bring in anybody else.

My advice for anybody who is implementing this solution is to begin by clearly identifying infrastructure and the most critical assets. This tool will give you good visibility into the network and the assets, but it is only the starting point. It is really the input for the process that you have in place to follow up and patch the assets. Simply knowing that they are vulnerable is not good enough, so the right process has to be put into place before it will work effectively.

I would rate this solution an eight out of ten.

We use InsightVM for capacity forecasting.

I've been working around, I don't know, it's about three years.

I rate Rapid7 nine out of 10 for stability.

I rate Rapid7 nine out of 10 for scalability.

I rate Rapid7 support nine out of 10.

Positive

I rate InsightVM eight out of 10 for ease of setup. It takes two or three engineers to deploy. The solution requires some maintenance. It's mainly cleaning up data. 

I rate Rapid7 InsightVM 10 out of 10.

Rapid 7 offers the community edition, a free of charge edition( 32 IP's) that helps small companies to secure their IT environment. Also with this edition it helps the students to learn about Vulnerability Management.

The report from Nexpose is very big, and gives you a description of the problems you have on your servers, and the solution for remediation.

Other valuable feature is the ability to check the vulnerability with Metasploit with only one click.

I use Nexpose to scan my production servers, check the patching level on those servers, and use the reports to show the evolution of security on my servers.

For the community edition one of the big issues is with the registration. Rapid 7 only supports paid domains for registration, so no .gmail.com , .yahoo.com domains (once it was possible) . Also the resources needed by the scans can be an issue.

I used Nexpose for more than 6 years.

Some of issues apear on Linux instalation, but most of the issues are regarding the DB connection. On windows installation, usually the installation is smooth.In my latest test I have used the VM and everything was smooth.

The application is very stable, but sometimes I have issues with the comunication to the update server.

I have tried all Nexpose editions, and I didn't had any issues with any of them. Starting this year Rapid 7 offers hardware appliances.

i'll rate is 10/10. I had some presentation with them, and the person who presented us the solution really knew what to say to make us look on his screen.

I never used technical support from Rapid 7.

I have tried Nessus when it was a free edition. After that I have used OpenVAS and Qualys.

Qualys is another good solution.

The initial setup was straightforward, with small user input.

All the Nexpose and Metasploit implemenations were made by me for various clients and for my firm for testing purposes.

When you buy a vulnerability management tool, always count your IP's. If you miss one IP, and that server is compromised, you have left the door open for attackers into your enviorment.

OpenVAS, Nessus , Qualys, SAINT8,Beyond Trust

Nexpose is one of the best solution on the market with very good development. One of it's key features was the On-Premise installation and Community Edition. Also it integrates flawless with Metasploit.

It is basically used for scanning.

When it comes to the automation, we use the plug-ins that are compatible with the dimensions. Once the builder is done, we run the test cases. Then it is installed onto the server and we run the test cases on the server after the installation.

It gives false positives at times, and this a problem. It causes problems with reporting. 

In addition, I did not find plug-ins for a Rapid7 InsightVM. It would be much more informational to run it through directly, so once the app is installed, once the software is installed on that particular server, it would find what exactly that application is open for. This would make things easier for us.

It is scalable. It definitely handles everything we need, without a problem.

I have not interacted with tech support.

I previously used Tenable Nessus and Nessus Scan. Insight VM vs Tenable Nessus is a more user-friendly product.

The setup was straightforward, and not complex.

I was not involved with the purchase of the product. This is dealt with by our sales team.

Rapid7 InsightVM, like Tenable, is used to enforce the vulnerability management lifecycle.

We identify the assets, scan them, prioritize them, and have a remediation plan in place to address any vulnerabilities that are discovered.

A remediator scan is performed to determine whether or not the discovered vulnerabilities have been patched.

The performance is good.

Rapid7 could be easier to manage. When you compare it to other similar solutions, it is a bit difficult to manage.

The reporting could be improved.

I have been using Rapid7 InsightVM for two years.

At the time that it was used, I was using the latest version.

The installation is simple and quick; it only takes 10 minutes to complete.

I have used Tenable SC and Tenable.io, and you cannot compare to Tenable SC or Tenable.io with any other vulnerability solution.

Tenable has that supremacy. It is very easy to manage and very easy to understand. You don't need any prior knowledge or experience to install it; you can do it on your own. You don't need any additional assistance or help through a search on how to install or scan your assets.

Tenable has a very powerful reporting engine but needs to be enhanced.

Tenable is number one, Rapid7 comes second.

I would rate Rapid7 a six out of ten.

There are not enough templates, and the reporting is weak with this solution. It would be great if there were more templates for the analytical reports, such as patch management reports. At present, these do not exist. 

In addition, there are false positives.

It is quite stable. 

The scalability is good. 

The tech support is quite good. 

I have previously used Qualys, and I find the Rapid7 is a bit limited in terms of reporting.

The initial setup was easy and straightforward.

The price is cheaper than other products on the market.

We looked at Rapid7 vs Tenable Nessus.

Users need to customize the policy compliance in order to optimize usage.

The main use cases of Rapid7 InsightVM are finding configuration vulnerability checks and patching recommendations. These two are the main use cases that everybody's looking for.

The most valuable features of Rapid7 InsightVM are the accurate level of scanning and the workflows are good.

The on-premise updates could improve from Rapid7 InsightVM.

I have been using Rapid7 InsightVM for approximately three years.

Rapid7 InsightVM is scalable. You could use it for as many assets as you like. It is very scalable and flexible. 

The technical support is good in their knowledge, but they are a little slow.

The initial setup of Rapid7 InsightVM was straightforward.

I would rate the ease of setup of Rapid7 InsightVM a three out of five.

I rate Rapid7 InsightVM an eight out of ten.