Rapid7 InsightVM Room for Improvement

Ryan Witt
IT Security Architect at a government with 1,001-5,000 employees
There are some difficulties with the online reporting and lack of integrations, the information that you can get from the APIs in the software is not the best. There's still some fleshing out of their API that I think could benefit them as well. I'd like to see more integrations with ticketing systems. Right now, JIRA and ServiceNow are the only ticketing systems that have integration with Rapid7. Extending that would be big. Some additional integrations with some patch management solutions would be good too. IBM BigFix and SCCM. Microsoft has integrations there. In our situation, we're not using either of those and that feature doesn't really give us a whole lot. If there were to be new integrations added on, both on the patch management and the ITMS side, that would be a big improvement. Additional features would be the additional integrations for ticketing systems that I mentioned. There are always updates rolling out for new scans and things. View full review »
Technical Consultant at Yip Intsoi
The solution needs to improve its smart monitoring. There needs to be much clearer instructions surrounding scanning. As for new features, I can't think of anything that's lacking. It's pretty good overall in terms of feature offerings. View full review »
Information Security Senior Expert (Founding member, African Cybersecurity Center) at a financial services firm with 10,001+ employees
We need to scan and identify the different RPGs, the critical ones and the major ones that can generate risk or a measure of risk. We generate the reporting from the system and relay the report to our internal developers. We have our internal developers in the bank. This solution integrates with another module in Metasploit, that doesn't exist in the other solutions. It is subscribed to on our roadmap, but we chose to implement both Nexppose and AppSpider. View full review »
Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
430,376 professionals have used our research since 2012.
Information Security Manager at a non-tech company with 5,001-10,000 employees
We could always have a cheaper price, but other than that it's pretty good stuff. Also, if they’d expand their product line, that would be good, and they are doing so, but they're not done yet. View full review »
Infrastructure Security Architect at a comms service provider with 1,001-5,000 employees
The reporting is a little bit tricky because it can be difficult to exactly pinpoint some of the assets to filter them and generate a report. Improving the filtering capability would make the reporting easier. We would like to have penetration testing features built into Nexpose, as it is the next area that we are going to be concentrating on. We have not yet tried it, but it is on our roadmap. View full review »
Damir Miklavčič
Security Analyst at Zavarovalnica Triglav, d.d.
It would be nice to have an additional feature that would provide reports on who has logged onto the console or who did what on the console. I don't have the time to log onto the console and use SSH to go through the logs. We have some users with certain privileges, and sometimes they do things that I don't like. This is why it would be nice to have an easy way to report what is in the logs. In the next release, I would like to see reporting added to the console. It would be helpful to have reports to tell you who did what, who created reports, who created groups or who created tags. View full review »
Zain Rehman
Senior Security Analyst at a financial services firm with 1,001-5,000 employees
The reporting has room for improvement. You cannot customize any report. If I need a specific requirement, I have to create a new report for it. I cannot pull up two or three things in one report. View full review »
Pongtosaporn Junlobol
Vice President at INET Managed Services Co.,LTD.
I have had some difficult problems with InsightVM. The InsightVM cannot scan if we connect to our customer by the VPN. I asked the Rapid7 support, they told me that the InsightVM can only work on the same network. We cannot use InsightVM by VPN. It also consumes a lot of memory. It would be good if they could resolve that. View full review »
Security Team Lead at a tech services company with 10,001+ employees
It gives false positives at times, and this a problem. It causes problems with reporting. In addition, I did not find plug-ins for a Rapid7 InsightVM. It would be much more informational to run it through directly, so once the app is installed, once the software is installed on that particular server, it would find what exactly that application is open for. This would make things easier for us. View full review »
User at a insurance company with 501-1,000 employees
There are not enough templates, and the reporting is weak with this solution. It would be great if there were more templates for the analytical reports, such as patch management reports. At present, these do not exist. In addition, there are false positives. View full review »
Jim Gallagher
Enterprise Manager Infrastructure and Operations at McGrath RentCorp
A definite improvement would be to make it easier to run ad-hoc scans without needing to assign the asset to a site or group. View full review »
Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
430,376 professionals have used our research since 2012.