

Rapid7 InsightCloudSec and Spacelift are products competing in cloud security management and infrastructure automation. Spacelift has an advantage due to its extensive features, which justify its price despite Rapid7's favorable pricing and support metrics.
Features: Rapid7 InsightCloudSec provides comprehensive cloud security tools focusing on compliance, vulnerability management, and agentless scanning. It offers centralized visibility through dashboards and alerts, providing customers with reports on cloud vulnerabilities and security posture. Spacelift offers management and Drift Detection, Spacelift policies for compliance, and seamless integration with Terraform.
Room for Improvement: Rapid7 InsightCloudSec could further enhance deployment flexibility, improve API integration, and enhance real-time threat detection. Spacelift could improve by offering more hands-on support, expanding its compliance capabilities, and enhancing its cost management features.
Ease of Deployment and Customer Service: Rapid7 InsightCloudSec is known for straightforward deployment and responsive support, facilitating quick adaptation in complex environments. Spacelift provides a streamlined deployment model with strong self-service features, suitable for environments prioritizing automation.
Pricing and ROI: Rapid7 InsightCloudSec appeals to budget-conscious enterprises, delivering a high ROI in security management improvements. Spacelift, while having higher initial costs, provides a strong ROI with increased automation efficiency and reduced manual intervention.
By catching issues early, Rapid7 InsightCloudSec helps us prevent costly breaches or regulatory fines; for example, automating patching and misconfiguration audits can save thousands in operational overhead.
It provides a good security posture and helps handle misconfigurations and day-to-day remediations.
I can confirm money and time savings with Rapid7 InsightCloudSec, as we can scan the entire IP range simultaneously instead of manually checking each asset for vulnerabilities.
We are just pushing code from Git to GitHub, which then sends it to Spacelift, checking for drifts and starting continuous deployment.
The metrics show that fewer employees are needed, money is saved based on past experiences with different cloud management or Infrastructure as Code management tools, and efficiency has improved significantly in terms of Infrastructure as Code deployment.
Anything that reduces the amount of work needed to do repetitive tasks is a bonus.
On a scale of 1 to 10, the customer support would be rated a 10, as responses are typically received within about half an hour to an hour when creating a ticket.
They have excellent support with internal Slack channels and are directly reachable through Teams.
I interacted with customer support after an endpoint compromise incident, and they responded quickly and provided clear insights that were essential for resolving the situation.
I have asked them various queries, and they provided perfect solutions along with good detailed documentation.
The customer support is fantastic as they reply over Slack immediately and get to work on a solution whenever I need them.
The SLO and SLA being really fast to answer.
I have not experienced performance issues as I add more assets, and everything operates smoothly within one console.
Spacelift's scalability is very good as it scales very well with the environment because I can add agents to it with more workload, so it's quite excellent.
Spacelift can handle increased workloads well, managing more servers as our organization grows, and it is indeed scalable.
Based on the requests and the Linux Docker machines I provision, it becomes more stable, and the runs happen very quickly.
Rapid7 InsightCloudSec works without any stability issues so far.
Rapid7 InsightCloudSec already provides us real-time feedback loops, but if it also provides real-time feedback to the developers, then it would help the application shift left, meaning the security will shift left as well.
Rapid7 InsightCloudSec needs improvements such as AI-driven risk prioritization, proactive cloud risk modeling, advanced IAM privilege analysis, multi-cloud attack path mapping, pre-built automated hardening, defining stronger policy as code support, better container and serverless coverage, and cost optimization insight along with safe auto-remediation with rollback improvements.
If you can improve the traditional detection rules to reflect current detection rules, it would make it significantly easier for us to manage, as we constantly need to check legacy rules to update or possibly turn them off. Updating the legacy rules should be a priority.
It can improve areas in scalability and integrate some open-source tools.
The engineering team behind Spacelift is very responsive whenever I submit a feature request, and there's a very good chance I would see it within the next year.
The OPA policy writing is not very beginner-friendly either, and the error messages when a policy fails are not always clear.
It is cheaper.
The more numbers you have, the less costly the product becomes, as licensing operates on volume.
While it was not overly expensive, I do wish for more discounts for bulk purchases since we have implemented it widely across our cloud security posture.
The next standard plan costs three hundred ninety-nine dollars per month for ten concurrent users.
The spaces have been a major aspect of managing things, and the contacts for the resources I provide internally in Spacelift are quite affordable, effective, and useful.
My experience with pricing shows that the setup cost is reasonable, and the licensing also seems reasonable.
Using Rapid7 InsightCloudSec alongside our ManageEngine patch management module positively impacts my organization by scanning assets deeply and providing all identified vulnerabilities, from zero-day to any vulnerabilities on an asset, addressing those that ManageEngine might not identify.
Rapid7 InsightCloudSec has helped us save thirty percent time in our log retrievals, and it completely changed log searching, making it really fast when we search for logs, with no prior knowledge required.
Rapid7 InsightCloudSec positively impacts my organization by integrating tightly with my existing vulnerability management process and workflows, particularly in creating a new project and implementing trigger-based scanning.
We can apply those policies in Spacelift, and the RBAC and access policies features are really excellent in Spacelift, which we do not find in any of the other competitor tools.
Spacelift has positively impacted my organization by reducing manpower, as it reduced the efforts of resources in the team, where previously a job done by two or three engineers can now be easily managed by one engineer using Spacelift.
You create so many different modules and so many different versions. Having a very easy way to navigate and search through them all, and the fact that you can actually see the commit ID and description really helps in discovering what was actually in that version of the module.
| Product | Mindshare (%) |
|---|---|
| Spacelift | 1.2% |
| Rapid7 InsightCloudSec | 1.0% |
| Other | 97.8% |


| Company Size | Count |
|---|---|
| Small Business | 7 |
| Midsize Enterprise | 4 |
| Large Enterprise | 8 |
| Company Size | Count |
|---|---|
| Small Business | 6 |
| Midsize Enterprise | 3 |
| Large Enterprise | 7 |
Rapid7 InsightCloudSec is a comprehensive CSPM tool catering to cloud security across Docker and Kubernetes workloads, ensuring rigorous data classification and protection, focusing on AWS and Azure platforms.
Organizations leverage Rapid7 InsightCloudSec for securing cloud environments, integrating smoothly into Kubernetes settings for extensive security oversight. This tool addresses data protection with governance and access controls, providing centralized visibility and alert mechanisms. Users depend on its threat detection capabilities, easing data security management on AWS and Azure. The platform integrates automated processes and agentless scanning to foster an understanding of cloud security dynamics. Enhancements in CNAPP management and more intuitive interfaces could further streamline its use.
What are the most important features of Rapid7 InsightCloudSec?In financial sectors, Rapid7 InsightCloudSec is critical for safeguarding sensitive information and ensuring compliance. Healthcare industries use it to protect patient data, adhering to strict regulatory standards. E-commerce businesses appreciate its ability to secure transaction data while maintaining service availability through reliable threat detection and mitigation strategies.
The Spacelift orchestration platform combines infrastructure provisioning, configuration, and governance to increase platform team efficiency, accelerate developer velocity, and control costs. It connects to and orchestrates infrastructure as code, version control systems (VCSs), observability tools, control and governance solutions, and cloud providers to help deliver secure infrastructure faster. With Spacelift Intelligence, teams can also understand, design, deploy, and govern infrastructure using natural language, giving developers a fast, governed path to infrastructure without adding to the platform team's backlog.
Infrastructure provisioning: Stacks ensure faster, more secure provisioning by automatically combining source code, current infrastructure state, and configuration. The platform works with any major IaC tool or cloud platform and the VCS provider where your teams store infrastructure code.
Configuration automation: Expand your capabilities beyond Terraform and OpenTofu with a workflow that also manages Ansible playbooks.
Governance to balance speed and control: Reinforce security and compliance with controls over developer/DevOps activity. Provide Golden Paths and define custom policies for third-party security vulnerability scanning tools, while accelerating policy creation with best-practice templates. Detect drift automatically, and restore resources to their expected state with drift remediation.
Integrated workflow: Easily create workflows that combine IaC for provisioning, Ansible for configuration management, Kubernetes for container orchestration, and policies for governance. Blueprint templates allow you to open your infrastructure pipelines to developers without losing control.
Infra Assistant: Your AI infrastructure assistant that can understand, design, deploy, and govern infrastructure in plain language. Ask questions about your infrastructure state that dashboards and reports can't answer. Get expert design guidance before you deploy, create and apply policies with AI assistance and diagnose failures faster with AI-generated context across your stacks, dependencies, and history.
Intent: A no-code, AI-based deployment model for maximum speed. Developers request infrastructure through their LLM via Spacelift MCP. Intent translates those requests into governed infrastructure actions with the same policies, credentials, and visibility as IaC, without requiring Terraform expertise.
We monitor all Cloud Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.