No more typing reviews! Try our Samantha, our new voice AI agent.

Morphisec vs Rapid7 InsightVM comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Vulnerability Management
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Morphisec
Ranking in Vulnerability Management
57th
Average Rating
9.2
Reviews Sentiment
7.4
Number of Reviews
21
Ranking in other categories
Endpoint Protection Platform (EPP) (48th), Advanced Threat Protection (ATP) (30th), Endpoint Detection and Response (EDR) (61st), Cloud Workload Protection Platforms (CWPP) (35th), Threat Deception Platforms (15th)
Rapid7 InsightVM
Ranking in Vulnerability Management
12th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
66
Ranking in other categories
Risk-Based Vulnerability Management (4th)
 

Mindshare comparison

As of July 2026, in the Vulnerability Management category, the mindshare of Qualys TotalCloud is 1.1%, up from 1.0% compared to the previous year. The mindshare of Morphisec is 0.7%, up from 0.3% compared to the previous year. The mindshare of Rapid7 InsightVM is 2.0%, down from 4.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Qualys TotalCloud1.1%
Rapid7 InsightVM2.0%
Morphisec0.7%
Other96.2%
Vulnerability Management
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Rick Schibler - PeerSpot reviewer
VP of Information Technology at Kentucky Trailer
Offers in-memory protection at a lower price than competitors
Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will detect and stop it. Morphisec's Moving Target Defense is critical to hardening our attack surface. If it detects something, it indicates whether it's valid. That means you've got a breach requiring investigation. It detects anomalies but doesn't necessarily point to what caused them. You still need to do that work. The solution is reasonably easy to administer. They made some changes last year, adding a cloud-based monitoring solution that makes deploying and monitoring our endpoints easy.
reviewer2775840 - PeerSpot reviewer
Manager at a financial services firm with 5,001-10,000 employees
Manages vulnerabilities effectively over time but needs improvement in web coverage and dashboard flexibility
Most of the dynamic asset tagging we use is manual, not dynamic. To manage the assets, we employed the manual approach because we have a limitation regarding the license, so we don't use the dynamic approach much. I don't know how the configuration assessment has assisted with meeting compliance standards. The product that we use is the on-premise solution where we configure assets and dynamically scan them. However, we use the default policies more, the template, so Rapid7 InsightVM on-premise version is not that effective in the web-related systems. However, it is best on the OS to identify and discover the OS-related vulnerabilities, more of open ports and the discovery of vulnerable ports or services. It would be better to improve Rapid7 InsightVM by including or working better to add web-related templates because it's not that effective in regard to web. I don't know if they may have a separate product regarding the web, but for the on-premise type, they are not strong in this area. I would prefer to see web-related templates in addition to improving the dashboard-related things because the dashboard has been constant for a very long time. It would be better to see various kinds of, perhaps a flexible type of dashboard. If it's not customizable at all, I would want to see the risk and asset over time with more flexibility. The current dashboard is not flexible in this regard; I have to dig down every day, so they should work on this as well, in addition to the web.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is the consolidated information that it provides from various platforms."
"Qualys TotalCloud has significantly reduced our workload in terms of managing risks, helping us to be more efficient and save substantial resources."
"I would definitely recommend it because it is easy to handle any cloud resources."
"We were able to realize its benefits within 24 to 48 hours."
"Its dashboards are brilliant. It provides in-depth insights."
"Generally, Qualys is very good at detections, whether on cloud or on-prem, and the agent allows deployment on both infrastructures, providing continuous monitoring of your assets, which is a key selling point for us."
"Qualys TotalCloud is an excellent platform, and the beauty of the platform is that we can get all the vulnerabilities, see all the reports in a single dashboard, view them segregated, and easily learn about critical, high, and medium findings with appropriately provided remediation steps."
"TotalCloud's best feature is the integration of cloud accounts. It helps with the risk and security posture management of our cloud infrastructure."
"We have seen it successfully block attacks that a traditional antivirus did not pick up."
"The biggest feature is that it hides everything from your operating system that's running in-memory from anything to try to run against it. That's the most unique thing that's on the market. There's nothing else out there that's quite like that. That's a big selling point and why we went with it. It does exactly what the design does. If you can't find it, you can't execute against it."
"Morphisec makes it very easy for IT teams of any size to prevent breaches of critical systems because of the design of their tool. When we evaluated Morphisec, the CIO and I sat and listened. What attracted us to them is the fact that it stops activity at the point of detection. That saves a lot of time because now we are not investigating and trying to trace down what to turn off. We have already prevented it, which makes it very much safer and more secure."
"Morphisec as the last line of defense is as good as you can get."
"What's valuable is really the whole kit and caboodle of the Morphisec agent."
"Morphisec has enabled us to become a lot less paranoid when it comes to staff clicking on things or accessing things that they shouldn't that could infect the whole system. Our original ransomware attack that happened came from someone's Google drive and then just filtered on through that. It has put our minds at ease a lot more in running it. It's also another layer of security that has been proven to be effective for us."
"If you have the ability to get Morphisec into their environment, it's going to be a hundred percent return on investment."
"With Morphisec, at least when it does happen, I feel confident that we have in place solutions that will not only prevent it, but also let us know when something has happened."
"We plan to keep using this tool, and we don't want to get into another scanning tool right now because it has been selected as an enterprise tool."
"Rapid7 InsightVM is an on-premise type product that has helped us manage potential vulnerabilities effectively."
"The most valuable feature for me is the risk calculation based on monthly effects."
"The most important aspect of the solution is that it rarely gives false positives, especially compared to other products. It provides very clear reports for our IT teams to look at."
"The solution has very good integration, so I see no need for improvements in this regard at present."
"This solution is much more user-friendly than past solutions I have used."
"The report generating and the scanning are very helpful."
"When it comes to the process, installation is very easy and does not take long."
 

Cons

"The cost of Qualys TotalCloud is high and could be more competitive."
"To improve the user experience, reporting could be simplified for better comprehension by end users and project managers, facilitating issue resolution."
"The cloud licensing unit system is unclear, especially since "units" aren't well-defined."
"I think Qualys TotalCloud needs to improve its handling of zero-day vulnerabilities and supply chain management because modern ransomware attacks not only target prime critical infrastructures but also the supply chain system."
"The areas in the solution that have room for improvement include the UI/UX design, which should be improved, and they should integrate more artificial intelligence into the product."
"The onboarding process is a bit difficult. In the initial phase, it is very difficult to understand the features, what the dashboard contains, and what criteria they are using."
"The main area needing improvement is integration. Although the team is strengthening TotalCloud, integration can be enhanced with SIEM, SOAR, ITSM, and other sources."
"Their support could be improved."
"I haven't been able to get the cloud deployment to work."
"We started in the Linux platform and we deployed to Linux. The licensing of that has been kind of confusing between Linux licensing and Windows licensing. The overall simplicity of licensing or offering an enterprise license to just cover everything and then we don't have to count needs improvement."
"The only area that really needs improvement is the reporting functionality. Gathering the detailed information that is in the system for an executive, or for me as a director, could be better. Some of the interface and reporting aspects are a little bit dated. They're working on it."
"I haven't seen ROI because I haven't seen a threat that it has protected against, exactly."
"The only problem is that their support lives in Israel, so the time zones are a bit off, but I've never had any complaint beyond that."
"I haven't been able to get the cloud deployment to work. When there's an update, I'm supposed to be able to roll it out for the cloud solution, but right now I'm continuing to use our SCCM solution to update it."
"Overall, I don't know 100% if it's increasing our security posture, but it does give us a nice peace of mind."
"The dashboard is the area that requires the most improvement."
"There was functionality present previously, however, currently, we can't integrate directly with Jira Service Desk - only the cloud version."
"They should improve the cybersecurity feature of the solution."
"There is room for improvement on its cloud side. In the next release I would like to see better reporting."
"There needs to be much clearer instructions surrounding scanning."
"They should integrate the solution with multiple products."
"The reporting could be better."
"The drawback is that it is still not a fully SaaS solution, so you must deploy a console."
"The solution could improve by being more secure."
 

Pricing and Cost Advice

"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."
"The cost is high, but it meets our organizational needs."
"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"TotalCloud's price is about right where I would expect it to be."
"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."
"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
"Compared to their competitors, the price of Morphisec is not that high. You can easily deploy it on a large-scale or small-scale network."
"It is an annual subscription basis per device. For the devices that we have in scope right now, it is about $25,000 a year."
"The pricing is definitely fair for what it does."
"We are still using a separate tool. I know for our 600 or I think we're actually licensed for up to 700 users, it runs me 23 or $24,000 a year. When you're talking to that many users plus servers being protected, that's well worth the investment for that dollar amount."
"Licenses are per endpoint, and that's true for the cloud version as well. The only difference is that there is a little extra charge for the cloud version."
"It is a little bit more expensive than other security products that we use, but it does provide us good protection. So, it is a trade-off."
"Morphisec is reasonably priced because our parent company's other subsidiaries use different products like CrowdStrike. CrowdStrike is four or five times more expensive than Morphisec. The competitive pricing saves us money in our overall security stack."
"Price-wise, it's on the higher side. A traditional antivirus solution is cheaper, but in terms of security and manageability, its ROI is better than a traditional antivirus. I would recommend it to anybody evaluating or considering an antivirus solution. If your system gets compromised, the cost of ransom would be a lot more. This way, it saves a lot of cost."
"InsightVM is an expensive product, especially compared to its competitors, at around a million NOK per year."
"This solution is expensive, but it's fine for us as we have an open budget for security solutions. Protection and having the system secured is more important."
"Pricing is reasonable because we pay according to asset usage. We can define our assets and sites according to our preference."
"The solution is a bit more reasonably priced than other products."
"In some cases, we procure the licenses. In some cases, the customers directly buy the license from Rapid7."
"Its licensing is yearly. Everything is included in the price for one year."
"The licensing is asset-based and very straightforward."
"Its pricing depends on the number of users per month."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Outsourcing Company
16%
Manufacturing Company
12%
Construction Company
11%
Financial Services Firm
10%
Financial Services Firm
12%
Manufacturing Company
9%
Computer Software Company
7%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise8
Large Enterprise8
By reviewers
Company SizeCount
Small Business29
Midsize Enterprise14
Large Enterprise25
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
Ask a question
Earn 20 points
How would you choose between Rapid7 InsightVM and Tenable Nessus?
You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. Yo...
What is your experience regarding pricing and costs for Rapid7 InsightVM?
My experience with the pricing, setup cost, and licensing is that both the setup cost and licensing are great.
What needs improvement with Rapid7 InsightVM?
To improve Rapid7 InsightVM, I wish to have integration with patching systems, which would be useful to us. The usabi...
 

Also Known As

Qualys TotalCloud with FlexScan
Morphisec, Morphisec Moving Target Defense
InsightVM, NeXpose
 

Overview

 

Sample Customers

Information Not Available
Lenovo/Motorola, TruGreen, Covenant Health, Citizens Medical Center
ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM
Find out what your peers are saying about Morphisec vs. Rapid7 InsightVM and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.