We just raised a $30M Series A: Read our story
2018-07-29T06:51:00Z

What advice do you have for others considering Rapid7 InsightVM?

7

If you were talking to someone whose organization is considering Rapid7 InsightVM, what would you say?

How would you rate it and why? Any other tips or advice?

ITCS user
Guest
1818 Answers

author avatar
Top 5Real User

I would rate it nine out of 10.

2021-09-17T17:19:00Z
author avatar
Top 5Real User

I would rate Rapid7 InsightVM a nine out of 10.

2021-07-22T02:13:29Z
author avatar
Top 5Real User

The solution is hybrid, meaning that if installation is required it must be done on the environment itself, on-premises, the portal being cloud-based. The solution has very good integration, so I see no need for improvements in this regard at present. I have no issues with the stability, security, user interface, reporting, monitoring board or Techstar reports. These are all good. The documentation is quite detailed and straightforward. It is provided to me via the internet. Off the top of my head, I cannot think of anything needing improvement. We have a single customer who is utilizing the solution, but he makes use of IDR, not IVM. I would recommend the solution to others. I rate Rapid7 InsightVM as an eight out of ten.

2021-06-09T14:04:00Z
author avatar
Top 20Real User

I would rate this solution a five out of ten.

2021-03-30T15:10:25Z
author avatar
Top 10Reseller

I would recommend this solution. I would rate Rapid7 InsightVM an eight out of ten.

2021-03-02T02:03:10Z
author avatar
Top 5Real User

Do your proof of concepts if you can. Make sure you develop your risk strategy. That's important, because it's going to give you a risk number, it's going to give you critical: highs, mediums, but you need to understand what is the risk methodology that you're going to follow. Just because it says it's critical because of how many vulnerabilities you have, doesn't mean that you need to work on it right away. For example, there was a vulnerability that had 2,000 nodes affected. It put it as a high-risk, whereby there was another vulnerability where there were only about 10 hosts affected — it put it at medium-risk. However, the high-risk one, because it had more nodes affected, did not have a POC associated with it. A novice person looking at it would say, "I need to work on these 1,000 vulnerabilities because it's a high-risk, and ignore the medium." Well, the medium one had an active POC on it. If you didn't have a person who understood how to read the report and what it's actually telling you, then you would say, "Hey, you know what, I'm going to use these, I'm going to cut my risk down because I got 1,000 nodes with this vulnerability and I'm going to put this chain out real quick and I'm going to reduce my risk real quick because of the numbers." Well, in my opinion, you didn't reduce your risk because you have 10 nodes out there with a vulnerability that's rated medium and it has a POC on it. Overall, on a scale from one to ten, I would give this solution a rating of eight. I'm going to say that is because shame on Rapid7 for having such great applications, but then that little piece there that they know about hasn't been fixed. If I remember, if I go probably log back into the community, it's probably been asked a couple of times.

2020-12-08T15:02:57Z
author avatar
Top 10Real User

I had implemented InsightVM before at another company. I liked it when we were using it there which is why it ended up here. I have also had previous experience with Qualys. I did not have the time or the luxury to sit back and do a full analysis, RFI (Request for Information) and RFP (Request for Proposal) when we had to bring on the solution. We are not the CIA (Central Intelligence Agency), we are not the NSA (National Security Agency). We do not need any sophisticated solution or anything like that. We just needed something we could bring in, get online fairly quickly, and get running to do reports. Rapid7 InsightsVM fit the bill. On a scale of one to ten (where one is the worst and ten is the best), I would rate Rapid7 InsightVM as probably about an eight-out-of-ten. It gets an eight rather than scoring higher just because of some of the other stuff that I wish we had.

2020-09-27T04:10:18Z
author avatar
Top 20Real User

Overall, this is a product that I am very satisfied with. I would rate this solution an eight out of ten.

2020-09-10T07:35:34Z
author avatar
Top 20Real User

The company I worked for was just a customer and I was just an end-user. There was no business relationship between the two companies that I was aware of. The company is considering moving from on-premises to the cloud. I am unsure of which version of the solution is being used currently. I'm no longer at the company where I used the product. While the solution worked well, I have never compared other solutions, so I don't know if it's best in class or not. I'd rate the solution six out of ten.

2020-08-09T07:20:00Z
author avatar
Top 10Consultant

We're a partner of InsightVM. We're most likely using the latest version of the solution, however, I'm not sure which exact version number it is. We've deployed on-premises with a local scan engine. I'd advise companies that are looking into vulnerability assessment or faster deployment, to check out InsightVM. It's easy to expand as necessary and offers flexibility in its pricing. I'd rate the solution nine out of ten.

2020-06-15T07:34:11Z
author avatar
Top 20Reseller

I would recommend having the distributor help you to explain how this software works and to help with the details. I would rate it at an eight out of ten.

2020-03-16T06:56:00Z
author avatar
Top 10Real User

My advice would be to just use it. As a whole, it's a pretty good product. I don't have any problem with it. If they had the audit reporting then I would rate it a ten out of ten, but as it is now, I would rate this solution a nine out of then.

2020-03-05T08:39:38Z
author avatar
Top 20Real User

My advice for anybody who is implementing this solution is to begin by clearly identifying infrastructure and the most critical assets. This tool will give you good visibility into the network and the assets, but it is only the starting point. It is really the input for the process that you have in place to follow up and patch the assets. Simply knowing that they are vulnerable is not good enough, so the right process has to be put into place before it will work effectively. I would rate this solution an eight out of ten.

2020-02-24T06:02:43Z
author avatar
Top 20Real User

It's important to take the time to have a full understanding of how schemes are scheduled, how sites and asset groups are set up and make sure it's done upfront. It's a big help. If you remove an old site and recreate it with small differences you lose some of the data associated with the old site. Getting the organization sorted from the beginning would be the biggest piece of advice. It's very important to know what your environment is made up of. People often leave companies without documenting things and there's a lot that not everybody knows about because it was in the back of someone's mind. We now have a great repository of information on what's active on our network, what's installed on it, how all of those systems are interacting, and really having that visibility is great. One of the big lessons we were able to get value from immediately was really just having good visibility of what's in our environment. It's a very solid product, reporting is great, it's reliable. We have a lot of faith in the results it gives us. At least once a week, I get a notification with some great new features that they've added that I didn't really even know I wanted, but now I have it and can't imagine life without it. The product is cloud-based, but with an on-prem portion, but it all auto-updates. The actual scanning engine and all of that is on-prem for us. It's a SaaS solution, it's not one where we are running our own servers. It's provided as a service for us on the cloud. The on-premises stuff that we're running is just virtual machines on our VMware environment. I would rate this product an eight out of 10.

2020-02-24T06:02:00Z
author avatar
Top 10Real User

I would recommend the product. The product is very good. I would rate the product between a nine and a nine point five (out of 10).

2020-01-15T08:03:00Z
author avatar
Top 5Real User

Rapid 7 is a leading solution that has been implemented in many companies. In Nexpose you have the console and the app assistant for Rapid 7. The design can be implemented in all of the segments of the network to scan, perform the scale of the scan, perform the reporting, generate the reports, and send it to the central console. I would suggest that customers acquire this solution. In addition to management, we are subscribed to the security dispense team and the company emergency dispense team. We always receive the bulletins, so we are always aware of the vulnerabilities. I appreciate this solution. All of the features that are included are enough for me. This is an excellent solution and I would rate it a ten out of ten.

2019-11-07T10:35:00Z
author avatar
Real User

Users need to customize the policy compliance in order to optimize usage.

2018-10-28T09:33:00Z
author avatar
Real User

Take a test drive. If you don't test drive it, how do you know you're going to like it or if it even works. Would you buy a car without test driving it? Absolutely not. In this case, it’s a sales contract. It's a service for one to three years. Backing out of it is pretty much impossible. I rate it at eight out of 10. It just works. We haven't had any trouble with it. We've had good support. What's not to like? But it's an eight because the software that can be purchased is not the ultimate software. It's hard to give anybody a 10.

2018-07-29T06:51:00Z
Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,608 professionals have used our research since 2012.