No more typing reviews! Try our Samantha, our new voice AI agent.

Rapid7 InsightVM vs Runecast comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Vulnerability Management
11th
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
39
Ranking in other categories
Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Rapid7 InsightVM
Ranking in Vulnerability Management
12th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
66
Ranking in other categories
Risk-Based Vulnerability Management (4th)
Runecast
Ranking in Vulnerability Management
69th
Average Rating
9.0
Reviews Sentiment
7.0
Number of Reviews
1
Ranking in other categories
GRC (51st), Container Security (48th), Cloud Workload Protection Platforms (CWPP) (39th), Cloud Security Posture Management (CSPM) (46th), Cloud-Native Application Protection Platforms (CNAPP) (32nd), Compliance Management (23rd)
 

Mindshare comparison

As of July 2026, in the Vulnerability Management category, the mindshare of Qualys TotalCloud is 1.1%, up from 1.0% compared to the previous year. The mindshare of Rapid7 InsightVM is 2.0%, down from 4.3% compared to the previous year. The mindshare of Runecast is 0.6%, up from 0.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Qualys TotalCloud1.1%
Rapid7 InsightVM2.0%
Runecast0.6%
Other96.3%
Vulnerability Management
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
reviewer2775840 - PeerSpot reviewer
Manager at a financial services firm with 5,001-10,000 employees
Manages vulnerabilities effectively over time but needs improvement in web coverage and dashboard flexibility
Most of the dynamic asset tagging we use is manual, not dynamic. To manage the assets, we employed the manual approach because we have a limitation regarding the license, so we don't use the dynamic approach much. I don't know how the configuration assessment has assisted with meeting compliance standards. The product that we use is the on-premise solution where we configure assets and dynamically scan them. However, we use the default policies more, the template, so Rapid7 InsightVM on-premise version is not that effective in the web-related systems. However, it is best on the OS to identify and discover the OS-related vulnerabilities, more of open ports and the discovery of vulnerable ports or services. It would be better to improve Rapid7 InsightVM by including or working better to add web-related templates because it's not that effective in regard to web. I don't know if they may have a separate product regarding the web, but for the on-premise type, they are not strong in this area. I would prefer to see web-related templates in addition to improving the dashboard-related things because the dashboard has been constant for a very long time. It would be better to see various kinds of, perhaps a flexible type of dashboard. If it's not customizable at all, I would want to see the risk and asset over time with more flexibility. The current dashboard is not flexible in this regard; I have to dig down every day, so they should work on this as well, in addition to the web.
Burak AKCAGUN - PeerSpot reviewer
Business Development Manager at Axoft Ukraine
Helps with risk assessments for containers, assessing security, and ensuring container compliance
I rate the overall product a nine out of ten. Customers can conveniently view all companies in a single dashboard if they have different companies. This feature eliminates the need for different solutions and separate installations. Moreover, the solution extends beyond servers, encompassing various platforms such as VMware and Kubernetes. Additionally, end-users can install the solution from their client's perspective.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Qualys TotalCloud has helped us view our risk structure, vulnerabilities, and security posture."
"TruRisk Insights is the most important innovation they've released this year."
"TotalCloud provides the easiest and the best approach for cloud infrastructure management."
"The most valuable feature is extensibility."
"One of the most valuable features of Qualys TotalCloud is FlexScan, which is specifically for internet-facing VMs. We found this feature to be very useful. It was a key differentiator for us."
"Qualys TotalCloud's most valuable features are its security capabilities that help identify and mitigate risk factors."
"The best feature would be the ability to create policies. It is easy to control and update policies as required."
"I would recommend Qualys TotalCloud to other users because it is cost-efficient and has a good return on investment."
"InsightVM's best features are the vulnerability database and remediation steps."
"There are many integrations with things like the VMware NSX that are great, the reporting is really solid."
"One of the big lessons we were able to get value from immediately was really just having good visibility of what's in our environment."
"It is good and fits well with pretty much all of our use case needs."
"The solution scales well."
"The ease of deployment and configuration allows users to onboard quickly."
"The assessment is most valuable."
"I really love the new platform. It is really easy to understand, use, and deploy."
"Runecast is a good partner for VMware. Once we have installed it, we can see all the problems and issues. It also has VMware knowledge-based articles."
 

Cons

"The areas in the solution that have room for improvement include the UI/UX design, which should be improved, and they should integrate more artificial intelligence into the product."
"Enhancing clarity regarding its compliance capabilities would be beneficial, as the current scope is limited in geographic coverage."
"The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed."
"I would appreciate additional integration options to connect Qualys TotalCloud with our other vulnerability management tools."
"There is room for improvement in vulnerability scanning, particularly for PaaS environments. Currently, Qualys does not have full access to these instances, which limits its effectiveness."
"I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one."
"The response part of the Cloud Detection and Response (CDR) module can be improved."
"The cost of Qualys TotalCloud is high and could be more competitive."
"There are end-user needs and expectations that are being overlooked in the development that could be addressed by appointing a customer advisory board."
"In order to be able to properly test the solution and make a decision, I would like to receive the test license code instantly and eliminate the wait time."
"There are certain limitations because of the product being used on a hybrid model. Rapid7 InsightVM doesn't offer a solution purely in the cloud."
"Within InsightVM, there is no feature to assign a ticket. If we can have more API calls, we can do that from InsightVM."
"I would like to see more integration."
"However, the main concern is the system's reliability."
"In terms of improvements, its price could be better. Our main issue with Rapid7 is that it is too expensive. You can only sell it to enterprise accounts. In terms of new features, Rapid7 came up with a product called InsightIDR a couple of years ago, which is a good SIEM solution. We expect that Rapid7 will work on some sort of integration between InsightVM and InsightIDR, where vulnerability or anomaly detected by InsightVM can be reported in InsightIDR in some sort of real-time. Rapid7 doesn't patch. For example, if you have a vulnerability, some products can scan and also do the patching, but Rapid7 does not do the patching. It would be nice if it can also patch."
"I think the improvement in the tool should be to provide a better update to users because sometimes the information within the cloud and the scanner are not synchronized very fast."
"The product lacks network assessment capabilities. We cannot view our network assets or scan switches, routers, or IPs for vulnerabilities and issues."
 

Pricing and Cost Advice

"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"TotalCloud's price is about right where I would expect it to be."
"Qualys TotalCloud is expensive."
"Qualys TotalCloud is cost-efficient and was selected for its value compared to other products."
"The cost is high, but it meets our organizational needs."
"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."
"The license is annual and this is the optimal approach when it comes to most software."
"The solution's pricing is better than Nexus which charges a high amount for very little use."
"The price of the solution is less than the competitors."
"Our licensing costs are somewhere around $40,000 annually. There are no additional fees."
"The solution is a bit more reasonably priced than other products."
"A full license for the solution is expensive because it is at the organizational level and not by individual users."
"Its licensing is yearly. Everything is included in the price for one year."
"The tool's price is neither too high nor too low. My company needs to pay 65,000 per year. There are no additional costs apart from the licensing fees attached to the solution."
"Runecast's pricing is cheaper than that of its competitors."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
904,748 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
16%
Financial Services Firm
13%
Outsourcing Company
8%
Comms Service Provider
7%
Financial Services Firm
12%
Manufacturing Company
8%
Computer Software Company
7%
Comms Service Provider
6%
Construction Company
24%
Comms Service Provider
12%
Educational Organization
12%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise5
Large Enterprise29
By reviewers
Company SizeCount
Small Business29
Midsize Enterprise14
Large Enterprise25
No data available
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
How would you choose between Rapid7 InsightVM and Tenable Nessus?
You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. Yo...
What is your experience regarding pricing and costs for Rapid7 InsightVM?
My experience with the pricing, setup cost, and licensing is that both the setup cost and licensing are great.
What needs improvement with Rapid7 InsightVM?
To improve Rapid7 InsightVM, I wish to have integration with patching systems, which would be useful to us. The usabi...
Ask a question
Earn 20 points
 

Also Known As

Qualys TotalCloud with FlexScan
InsightVM, NeXpose
Runecast Analyzer
 

Overview

 

Sample Customers

Information Not Available
ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM
Our customers tell us regularly how Runecast benefits CIOs, CISOs, and both Security and Operations teams across verticals with a proactive approach that results in major time and cost savings, increased uptime and security standards complianceSuccess Highlight 75-85% troubleshooting time savings – Kiel Municipal Hospital90% time savings on reactive troubleshooting – Near East Bank90% time savings in upgrade planning– FLEXdata80% reduction in monthly incidents and issues – University of St Andrews78,000 EUR/year minimum annual cost savings – Notino100s of hours saved on security compliance with remediation scripts alone – Kiel Municipal Hospital75% time saved on troubleshooting and root cause analysis – de Volksbank
Find out what your peers are saying about Wiz, Qualys, Tenable and others in Vulnerability Management. Updated: June 2026.
904,748 professionals have used our research since 2012.