Rapid7 Metasploit Competitors and Alternatives

Get our free report covering Tenable Network Security, Wireshark, Rapid7, and other competitors of Rapid7 Metasploit. Updated: December 2020.
454,950 professionals have used our research since 2012.

Read reviews of Rapid7 Metasploit competitors and alternatives

AbdulMohsin
Solution Architect at Beta Information Technology
Real User
Top 5Leaderboard
May 21, 2020
Rich vulnerability management that is controlled from a single pane of glass, but the network modeling capability needs improvement

What is our primary use case?

We are a system integrator and this is one of the products that we implement for our clients. This is one of the vendors that we focus on, from a security standpoint. Skybox has an amazing portfolio that makes up the security solution. You can onboard your network devices with the network assurance module. This includes layer three, layer two switches, load balancers, and so on. This partially builds the network model for the infrastructure and the entire security platform is built off of that.

Pros and Cons

  • "The most valuable feature is firewall management."
  • "The Network Assurance, which helps to create the network model, is not so rich."

What other advice do I have?

My advice to anybody who is implementing this product is to make sure that they utilize it. The usage of it should be mandated for the NOC and SOC. They should use a single dashboard to take care of all of your infrastructure components. When a Skybox representative visits to discuss this solution, it is important to discuss the use cases properly. Have a good project plan and it is also very important to have the right partner. They should be certified, trained, and involved at all stages. Overall, it is a pretty good product. When you use it, you will see the benefit of it. I would rate this…
reviewer1397976
Owner at a tech services company with 1-10 employees
Real User
Top 5
Dec 10, 2020
Understands and defends your network from vulnerabilities

What is our primary use case?

We used InsightVM mainly for vulnerability management. I thought it was a pretty interesting application. I'm a fan of Rapid7's Metasploit, so when I saw InsightVM I was like, "Let's see what else they have." I liked it up until we experienced some issues relating to scans. If I wanted to do mitigation, I needed to wait until the next scan was available or ran so that I could get to see if any indentations were made. While I was in there, if I was searching for a specific vulnerability, sometimes it was hard to find the specific ones. In the dashboard, it'll tell you the results from the… more »

Pros and Cons

  • "I liked the dashboard on it. I could customize my dashboard with different widgets and different heat maps."
  • "I would say that it improved our visibility, but it left things open."

What other advice do I have?

Do your proof of concepts if you can. Make sure you develop your risk strategy. That's important, because it's going to give you a risk number, it's going to give you critical: highs, mediums, but you need to understand what is the risk methodology that you're going to follow. Just because it says it's critical because of how many vulnerabilities you have, doesn't mean that you need to work on it right away. For example, there was a vulnerability that had 2,000 nodes affected. It put it as a high-risk, whereby there was another vulnerability where there were only about 10 hosts affected — it…
JoaoManso
CIO / IT Consultant at RedShift
Reseller
Jun 7, 2020
Good dashboards, reporting, and technical support, with a low rate of errors

What is our primary use case?

We are a reseller and Tenable SC is one of the products that we implement for our clients. The primary use case is to check for compliance against a specific framework, like NIST, CIS, or something similar. Tenable will check compliance on the assets against that specific framework and give that visibility to the technical staff, top management, and the risk management team. In turn, this will enable them to evaluate the risk that they are facing for non-compliance issues. The second use case is helping the technical staff that handles updates and upgrades to the operating system. It means… more »

Pros and Cons

  • "This product has the best results in terms of the lowest number of false-positives and false-negatives."
  • "The integration is very good, although it still needs to improve."

What other advice do I have?

My advice for anybody who is implementing this product is to search for a certified partner to help with the process. It's not difficult, but it's very important to have a partner who knows the product well. The first steps in the implementation have to be the correct ones. If not, the product will not achieve the objectives that the company usually needs. It would be wrong for someone that doesn't know the product very well to begin implementing it by themselves. This is the best product that we have found for risk management. I would rate this solution a nine out of ten.
reviewer1374858
Security Architect at a tech services company with 51-200 employees
Real User
Jul 5, 2020
Supports container scanning, and the technical support is good

What is our primary use case?

I am a consultant and I advise my clients from a security standpoint. My goal is to get them to maximize value from Tenable.io. I am also a user of it.

Pros and Cons

  • "The most valuable feature for me is container scanning because I am interested in CICD security."
  • "It would be helpful if Tenable could be more clear with regard to everything the solution can and cannot do with the particular license that you have."

What other advice do I have?

My advice for anybody who is implementing this product is to have all of the requirements documented and ready in advance. You match the solution to your requirements. Out of the box, we found that Tenable.io matched almost all of our requirements. The only clarification that we needed had to do with the Tenable.io Web App license. We have a good understanding of how Tenable.io works with containers and infrastructure, but when it comes to deep driving into applications, databases, APIs, and toolkits that you have in your environment, you need a separate license for that. This is what the Web…
Get our free report covering Tenable Network Security, Wireshark, Rapid7, and other competitors of Rapid7 Metasploit. Updated: December 2020.
454,950 professionals have used our research since 2012.