Try our new research platform with insights from 80,000+ expert users

Cisco Vulnerability Management (formerly Kenna.VM) vs Rapid7 InsightVM comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Average Rating
9.4
Reviews Sentiment
8.2
Number of Reviews
5
Ranking in other categories
Vulnerability Management (18th), Continuous Threat Exposure Management (CTEM) (2nd)
Cisco Vulnerability Managem...
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
1
Ranking in other categories
Cisco Security Portfolio (11th), Risk-Based Vulnerability Management (17th)
Rapid7 InsightVM
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
64
Ranking in other categories
Risk-Based Vulnerability Management (4th)
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
AshishPaliwal - PeerSpot reviewer
Offers contextual prioritization and risk-based remediation of vulnerability
An improvement would be some sort of an integration with any GRC suite. There are a lot of GRC suites available, like Archer, MetricStream, Rsam, Protiviti, for example. So how would a solution like this work if my company has already invested thousands or maybe millions in a GRC solution? Do I still need it and how does it fit into an existing SAP environment? There could be interoperability, having more data sources, integrating Splunk, Qualys, FireEye, Rapid7, Carbon Black. I'm sure all that can be done to an extent, with a little more insight and a little more accuracy on the industry numbers and trends. I'd like the solution to offer any sort of assistance in any way with the remediation part, not just identification of vulnerability risk, and that is second.
Anusha Sadasivani - PeerSpot reviewer
Rapid deployment and user-friendly architecture streamline vulnerability management but customer support response needs improvement
We are still using Rapid7 InsightVM I personally still use Rapid7 InsightVM. We use Rapid7 InsightVM for vulnerability scanning. It supports both agent-based and agentless scanning, which is part of our vulnerability management strategy. The agentless scan in Rapid7 InsightVM is effective and…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Overall, we have seen about eighty-seven percent reduction of the number of vulnerabilities that require urgency to remediate, specifically the number of criticals."
"Zafran is an excellent tool."
"We are able to see the real risk of a vulnerability on our environment with our security tools."
"Zafran has become an indispensable tool in our cybersecurity arsenal."
"We saw benefits from Zafran Security almost immediately after deploying it."
"The risk context of any vulnerability is a valuable feature."
"There are many integrations with things like the VMware NSX that are great, the reporting is really solid."
"The most valuable feature is the vulnerability scan."
"This solution is much more user-friendly than past solutions I have used."
"Customers are generally satisfied and do not ask for drastic price reductions during renewals."
"The most valuable features of Rapid7 InsightVM are the accurate level of scanning and the workflows are good."
"InsightVM has a very organized GUI with ease of use."
"The most valuable feature is the site scanning, where we can provide a complete subnet and what it is we need to scan on those devices."
"The discovery and prioritization of vulnerabilities."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"I think the ability to have some enhanced reporting capabilities is something they can improve on, as they have good reports but we have asked for some specific reporting enhancements."
"The dashboarding and reporting functionality of Zafran Security is an area that definitely could use some improvements."
"An improvement would be some sort of an integration with any GRC suite."
"InsightVM is getting a little stale and is in danger of falling behind its competitors."
"The automation capability remediation needs improvement."
"I would like to see more integration."
"One area I would like to improve in InsightVM is its integration with other solutions."
"There should be containerization within the VM."
"Rapid7 InsightVM, has impressive capabilities, especially when it comes to managing video equipment. However, we've noticed that Rapid7 also offers a cloud solution called CloudSec, and we don't have that. We think it would be better if InsightVM had all the features for both on-premise and cloud management."
"We'd like the agent to cover more compliance issues."
"This solution integrates with another module in Metasploit, that doesn't exist in the other solutions. It is subscribed to on our roadmap, but we chose to implement both Nexppose and AppSpider."
 

Pricing and Cost Advice

Information not available
"I think the pricing is based on the number of endpoints, so it's more subscription-based."
"Our licensing costs are somewhere around $40,000 annually. There are no additional fees."
"The tool's price is neither too high nor too low. My company needs to pay 65,000 per year. There are no additional costs apart from the licensing fees attached to the solution."
"The solution is a bit more reasonably priced than other products."
"It is less expensive compared to other competitors."
"Licensing fees are paid on a yearly basis."
"Comparing the price with the value that we receive, I am not happy with it."
"The price of the solution is less than the competitors."
"Its licensing is yearly. Everything is included in the price for one year."
report
Use our free recommendation engine to learn which Risk-Based Vulnerability Management solutions are best for your needs.
859,579 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
12%
Financial Services Firm
11%
Manufacturing Company
7%
Healthcare Company
6%
Computer Software Company
21%
Financial Services Firm
15%
Retailer
10%
Manufacturing Company
7%
Educational Organization
17%
Financial Services Firm
11%
Computer Software Company
11%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
The current pricing of Zafran Security is fair overall. They were good to work with to accommodate our organization w...
What needs improvement with Zafran Security?
The dashboarding and reporting functionality of Zafran Security is an area that definitely could use some improvement...
What is your primary use case for Zafran Security?
Zafran Security is helping reduce the amount of critical vulnerabilities in our environments that require prompt reme...
Ask a question
Earn 20 points
How would you choose between Rapid7 InsightVM and Tenable Nessus?
You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. Yo...
What do you like most about Rapid7 InsightVM?
The product's initial setup phase was very easy.
What is your experience regarding pricing and costs for Rapid7 InsightVM?
The customers are mostly SMBs, though some enterprise organizations have also deployed the solution. This is neither ...
 

Also Known As

No data available
Kenna.VM, Kenna Security, Kenna, Kenna Security Platform
InsightVM, NeXpose
 

Overview

 

Sample Customers

Information Not Available
TransUnion
ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM
Find out what your peers are saying about Qualys, Tenable, Rapid7 and others in Risk-Based Vulnerability Management. Updated: June 2025.
859,579 professionals have used our research since 2012.