No more typing reviews! Try our Samantha, our new voice AI agent.

Rapid7 InsightVM vs VulnCheck comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Vulnerability Management
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Rapid7 InsightVM
Ranking in Vulnerability Management
12th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
66
Ranking in other categories
Risk-Based Vulnerability Management (4th)
VulnCheck
Ranking in Vulnerability Management
50th
Average Rating
8.4
Reviews Sentiment
6.2
Number of Reviews
3
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Vulnerability Management category, the mindshare of Qualys TotalCloud is 1.1%, up from 1.0% compared to the previous year. The mindshare of Rapid7 InsightVM is 2.0%, down from 4.3% compared to the previous year. The mindshare of VulnCheck is 0.4%, up from 0.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Qualys TotalCloud1.1%
Rapid7 InsightVM2.0%
VulnCheck0.4%
Other96.5%
Vulnerability Management
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
reviewer2775840 - PeerSpot reviewer
Manager at a financial services firm with 5,001-10,000 employees
Manages vulnerabilities effectively over time but needs improvement in web coverage and dashboard flexibility
Most of the dynamic asset tagging we use is manual, not dynamic. To manage the assets, we employed the manual approach because we have a limitation regarding the license, so we don't use the dynamic approach much. I don't know how the configuration assessment has assisted with meeting compliance standards. The product that we use is the on-premise solution where we configure assets and dynamically scan them. However, we use the default policies more, the template, so Rapid7 InsightVM on-premise version is not that effective in the web-related systems. However, it is best on the OS to identify and discover the OS-related vulnerabilities, more of open ports and the discovery of vulnerable ports or services. It would be better to improve Rapid7 InsightVM by including or working better to add web-related templates because it's not that effective in regard to web. I don't know if they may have a separate product regarding the web, but for the on-premise type, they are not strong in this area. I would prefer to see web-related templates in addition to improving the dashboard-related things because the dashboard has been constant for a very long time. It would be better to see various kinds of, perhaps a flexible type of dashboard. If it's not customizable at all, I would want to see the risk and asset over time with more flexibility. The current dashboard is not flexible in this regard; I have to dig down every day, so they should work on this as well, in addition to the web.
reviewer2805510 - PeerSpot reviewer
Partner Account Manager at a wholesaler/distributor with 51-200 employees
Proactive exploit intelligence has transformed how we prioritize real-world vulnerability risks
VulnCheck needs improvement in terms of data. It is primarily an intelligence and data layering system and not a complete vulnerability management platform. This means that it lacks native patch workflows, so you do not have asset discovery as you would with Tenable or Qualys. You will require other tools to act on the data that you find, which necessitates engineering time for API integration, data mapping, and tuning. Additionally, not all exploit signs are clear; some can be noisy or ambiguous, so teams need to apply their judgment. Finally, the time to value is not instant; it requires integration, workflow changes, and team training. I think VulnCheck is an excellent tool and valuable data resource. However, if you wish to send alerts via an API to platforms like Rapid7 or Tenable VM, you will need to integrate that with a SIEM solution to perform any kind of risk management.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I highly recommend Qualys TotalCloud to other users."
"The most valuable feature is extensibility."
"Qualys TotalCloud's most valuable features are its security capabilities that help identify and mitigate risk factors."
"Qualys TotalCloud's most valuable feature is its agent versatility."
"With TotalCloud, we can scan through the API. If we are not able to deploy cloud agents on the machine, we can use the API."
"I would rate Qualys TotalCloud ten out of ten."
"Qualys TotalCloud has significantly improved our organization by automating our reporting processes, reducing the time spent on report creation from two hours to less than fifteen to twenty minutes."
"TotalCloud offers a comprehensive suite of features, including EDR, XDR, and TrueRisk, providing a centralized platform for managing vulnerabilities and security risks."
"It is a stable solution."
"It is good and fits well with pretty much all of our use case needs."
"Rapid 7 has positively impacted my organization by reducing the risk to the environment, specifically by reducing the number of vulnerabilities and the number of vulnerable hosts."
"We really didn't have any visibility at all and now we do, it's like night and day."
"Has great reporting features."
"The price is cheaper than other products on the market."
"Overall, this is a product that I am very satisfied with."
"Rapid7 have a good distribution network with good support and market presence."
"VulnCheck has shifted the mindset within my organization and my partners from a reactive to a more proactive approach."
"The clear prioritization based on risk is probably the biggest day-to-day benefit."
"With VulnCheck's early exploit visibility, I can remediate vulnerabilities quickly, making timely decisions before the vulnerabilities are known to the public and hackers."
 

Cons

"Although TotalCloud is a helpful tool, some of its advanced features are still under development."
"There should be improvement from a dashboard perspective when collecting and showcasing data to lead management."
"I sometimes have difficulty detecting or uninstalling certain versions of applications, which I have to do manually."
"Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names."
"The response part of the Cloud Detection and Response (CDR) module can be improved."
"The price is very expensive, actually."
"The onboarding process is a bit difficult. In the initial phase, it is very difficult to understand the features, what the dashboard contains, and what criteria they are using."
"I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one."
"However, the main concern is the system's reliability."
"The automation capability remediation needs improvement."
"This solution integrates with another module in Metasploit, that doesn't exist in the other solutions. It is subscribed to on our roadmap, but we chose to implement both Nexppose and AppSpider."
"Rapid7 could be easier to manage."
"It gives false positives at times, and this a problem. It causes problems with reporting."
"The integration with other solutions like JIRA could be better. Perhaps there could be some additional updates in the next phase that could integrate with it, so then you can proceed with the VT much easier."
"There are end-user needs and expectations that are being overlooked in the development that could be addressed by appointing a customer advisory board."
"There needs to be much clearer instructions surrounding scanning."
"VulnCheck needs improvement in terms of data."
"VulnCheck's UI and reporting can be improved for better visibility."
 

Pricing and Cost Advice

"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"TotalCloud's price is about right where I would expect it to be."
"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."
"Qualys TotalCloud is expensive."
"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."
"Its licensing is yearly. Everything is included in the price for one year."
"Licensing fees are paid on a yearly basis."
"A full license for the solution is expensive because it is at the organizational level and not by individual users."
"It is pretty expensive. It depends on what you consider pricey, however, if you only look at vulnerability management solutions, such as within VM or VMDR, there are, I suppose the prices are almost the same. But I believe you will discover that for yourself."
"Comparing the price with the value that we receive, I am not happy with it."
"Our licensing costs are somewhere around $40,000 annually. There are no additional fees."
"We have an annual license to use Rapid7 InsightVM and if we want to extend it, we will possibly choose more than one year."
"The product is cheaper than the other similar tools available in the market."
Information not available
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Financial Services Firm
12%
Manufacturing Company
9%
Computer Software Company
7%
Comms Service Provider
6%
Outsourcing Company
31%
Construction Company
16%
Computer Software Company
7%
Insurance Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
By reviewers
Company SizeCount
Small Business29
Midsize Enterprise14
Large Enterprise25
No data available
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
How would you choose between Rapid7 InsightVM and Tenable Nessus?
You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. Yo...
What is your experience regarding pricing and costs for Rapid7 InsightVM?
My experience with the pricing, setup cost, and licensing is that both the setup cost and licensing are great.
What needs improvement with Rapid7 InsightVM?
To improve Rapid7 InsightVM, I wish to have integration with patching systems, which would be useful to us. The usabi...
What needs improvement with VulnCheck?
VulnCheck needs improvement in terms of data. It is primarily an intelligence and data layering system and not a comp...
What is your primary use case for VulnCheck?
Over the year and a half that I have been dealing with VulnCheck, I have also worked with numerous similar solutions....
What advice do you have for others considering VulnCheck?
VulnCheck has shifted the mindset within my organization and my partners from a reactive to a more proactive approach...
 

Also Known As

Qualys TotalCloud with FlexScan
InsightVM, NeXpose
No data available
 

Overview

 

Sample Customers

Information Not Available
ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM
Information Not Available
Find out what your peers are saying about Rapid7 InsightVM vs. VulnCheck and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.