No more typing reviews! Try our Samantha, our new voice AI agent.

Nucleus Security vs Rapid7 InsightVM comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Feb 23, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Vulnerability Management
11th
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
39
Ranking in other categories
Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Nucleus Security
Ranking in Vulnerability Management
40th
Average Rating
8.0
Reviews Sentiment
7.3
Number of Reviews
2
Ranking in other categories
Application Security Tools (28th), Risk-Based Vulnerability Management (14th), Continuous Threat Exposure Management (CTEM) (13th)
Rapid7 InsightVM
Ranking in Vulnerability Management
12th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
66
Ranking in other categories
Risk-Based Vulnerability Management (4th)
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
VK
manager at a computer software company with 201-500 employees
Unified vulnerability workflows have transformed how our teams prioritize and resolve critical risks
While the platform is incredibly powerful, the initial configuration curve of Nucleus Security can be a bit steep. When first setting up complex, multi-layered automation rules and asset groupings, the interface can feel a little overwhelming. Having more intuitive step-by-step visualized wizards or guided templates for building complex triage workflows would make the onboarding process much smoother for new team members. Dashboard customization and reporting would definitely be on my wish list. While the default dashboards are great for a general overview, it can take a bit of manual tweaking when building highly tailored workspace views for different engineering groups. Having a more flexible drag-and-drop widget system where individual teams can prioritize exactly what metrics they see first on their layout would be a huge quality of life update. On the reporting side, the data it generates is solid, but I would like to see more granular control over formatting within the platform itself. Sometimes leadership wants data tailored in very specific ways, and currently, we occasionally have to export the data and clean it up externally to meet those exact visual preferences.
reviewer2775840 - PeerSpot reviewer
Manager at a financial services firm with 5,001-10,000 employees
Manages vulnerabilities effectively over time but needs improvement in web coverage and dashboard flexibility
Most of the dynamic asset tagging we use is manual, not dynamic. To manage the assets, we employed the manual approach because we have a limitation regarding the license, so we don't use the dynamic approach much. I don't know how the configuration assessment has assisted with meeting compliance standards. The product that we use is the on-premise solution where we configure assets and dynamically scan them. However, we use the default policies more, the template, so Rapid7 InsightVM on-premise version is not that effective in the web-related systems. However, it is best on the OS to identify and discover the OS-related vulnerabilities, more of open ports and the discovery of vulnerable ports or services. It would be better to improve Rapid7 InsightVM by including or working better to add web-related templates because it's not that effective in regard to web. I don't know if they may have a separate product regarding the web, but for the on-premise type, they are not strong in this area. I would prefer to see web-related templates in addition to improving the dashboard-related things because the dashboard has been constant for a very long time. It would be better to see various kinds of, perhaps a flexible type of dashboard. If it's not customizable at all, I would want to see the risk and asset over time with more flexibility. The current dashboard is not flexible in this regard; I have to dig down every day, so they should work on this as well, in addition to the web.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The vulnerability management feature is the one I like the most because it provides a clear picture of all vulnerabilities."
"TotalCloud offers a comprehensive suite of features, including EDR, XDR, and TrueRisk, providing a centralized platform for managing vulnerabilities and security risks."
"In my opinion, this is the best tool."
"Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution."
"The most valuable feature of Qualys TotalCloud is the visibility it provides."
"TotalCloud provides the easiest and the best approach for cloud infrastructure management."
"I highly recommend Qualys TotalCloud to other users."
"The best features in Qualys TotalCloud include the total asset management of the cloud environment. It is very easy to export the report and see the vulnerabilities related to the cloud specifically."
"Nucleus Security has fundamentally changed how we manage our vulnerability lifecycle and made our entire incident response process much more proactive, organized, and reliable."
"The best features that Nucleus Security offers in my experience are the unified integrations with all of the different vulnerability management platforms."
"most valuable features of Rapid7 InsightVM for me are creating dynamic asset tags, generating reports, and deploying the agent. The agent scans assets every four hours, providing real-time data on any devices. Although there weren't any significant new features compared to our previous tool, having both SIEM and vulnerability management handled by one tool made things easier. We could gather logs from different devices and cloud sources, and perform detailed investigations without switching tools. I haven't worked with the automation capabilities of InsightVM. For remediation prioritization, we check the vulnerability, search for solutions on open platforms, and work with different teams to apply patches after proper testing. Currently, we don’t have any AI or ASM projects assisted by InsightVM"
"I really love the new platform. It is really easy to understand, use, and deploy."
"The main functionality of identifying item endpoints that weren't properly patched or had vulnerabilities is the solution's most valuable feature."
"As a whole, it's a pretty good product."
"InsightVM provides a reliable and efficient solution with a very organized GUI, excellent ease of use, and reliable vulnerability scanning."
"The most valuable feature for me is the risk calculation based on monthly effects."
"There are many integrations with things like the VMware NSX that are great, the reporting is really solid."
"InsightVM is good; it's easy to use, it's fast, it's a powerful, easy to access tool."
 

Cons

"Overall, we are satisfied with it. However, the response part of the Cloud Detection and Response (CDR) module can be improved. It is not yet in place according to requirements; it is not completely available even though the module has been released."
"Qualys's ticketing system can be confusing when assigning tasks to individuals, and support could be improved by offering instant call solutions with engineers in addition to ticket replies."
"It is already perfect, but they can bring some newer dashboards and customization options for the dashboard. It would be great to be able to include on-prem assets on the dashboard."
"The response part of the Cloud Detection and Response (CDR) module can be improved."
"Although TotalCloud is a helpful tool, some of its advanced features are still under development."
"The price is very expensive, actually."
"We encountered challenges identifying the correct resource category for certain items, such as those in containers or storage."
"There is room for improvement in the support."
"While the platform is incredibly powerful, the initial configuration curve of Nucleus Security can be a bit steep."
"Nucleus Security needs a better view into exposure management, as exposure management and attack path management are missing."
"The automation capability remediation needs improvement."
"The platform could be more intuitive and user-friendly."
"There is room for improvement on its cloud side. In the next release I would like to see better reporting."
"This solution creates false-positives which can cause issues with reporting."
"Rapid7 InsightVM could be easier to use for those who are using it for the first time."
"There is a significant learning curve, that non-technical individuals, especially those not specialized in computer science or the information security industry, might face."
"The solution could improve by being more secure."
"The reporting could be better."
 

Pricing and Cost Advice

"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
"Qualys TotalCloud is cost-efficient and was selected for its value compared to other products."
"The cost is high, but it meets our organizational needs."
"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."
"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."
"Qualys TotalCloud is expensive."
"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
Information not available
"Comparing the price with the value that we receive, I am not happy with it."
"I do not have experience with the pricing of the solution."
"The license is annual and this is the optimal approach when it comes to most software."
"We have an annual license to use Rapid7 InsightVM and if we want to extend it, we will possibly choose more than one year."
"In some cases, we procure the licenses. In some cases, the customers directly buy the license from Rapid7."
"Its price is too high. My only concern or issue with Rapid7 is its pricing."
"The solution is a bit more reasonably priced than other products."
"Our licensing costs are somewhere around $40,000 annually. There are no additional fees."
report
Use our free recommendation engine to learn which Risk-Based Vulnerability Management solutions are best for your needs.
903,933 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
16%
Financial Services Firm
13%
Construction Company
8%
Comms Service Provider
7%
Computer Software Company
13%
Financial Services Firm
13%
Construction Company
8%
Manufacturing Company
7%
Financial Services Firm
12%
Manufacturing Company
9%
Computer Software Company
7%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise5
Large Enterprise29
No data available
By reviewers
Company SizeCount
Small Business29
Midsize Enterprise14
Large Enterprise25
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What is your experience regarding pricing and costs for Nucleus Security?
I have a good experience with that, so we don't have much problem dealing with pricing, setup, and licensing.
What needs improvement with Nucleus Security?
Nucleus Security needs a better view into exposure management, as exposure management and attack path management are ...
What is your primary use case for Nucleus Security?
My main use case for Nucleus Security is unifying the vulnerability management landscape, providing a single source o...
How would you choose between Rapid7 InsightVM and Tenable Nessus?
You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. Yo...
What is your experience regarding pricing and costs for Rapid7 InsightVM?
My experience with the pricing, setup cost, and licensing is that both the setup cost and licensing are great.
What needs improvement with Rapid7 InsightVM?
To improve Rapid7 InsightVM, I wish to have integration with patching systems, which would be useful to us. The usabi...
 

Also Known As

Qualys TotalCloud with FlexScan
No data available
InsightVM, NeXpose
 

Overview

 

Sample Customers

Information Not Available
Information Not Available
ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM
Find out what your peers are saying about Qualys, Horizon3.ai, Tenable and others in Risk-Based Vulnerability Management. Updated: June 2026.
903,933 professionals have used our research since 2012.