Coming October 25: PeerSpot Awards will be announced! Learn more

Rapid7 InsightVM OverviewUNIXBusinessApplication

Rapid7 InsightVM is #5 ranked solution in top Vulnerability Management tools. PeerSpot users give Rapid7 InsightVM an average rating of 7.4 out of 10. Rapid7 InsightVM is most commonly compared to Tenable Nessus: Rapid7 InsightVM vs Tenable Nessus. Rapid7 InsightVM is popular among the large enterprise segment, accounting for 61% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 19% of all views.
Rapid7 InsightVM Buyer's Guide

Download the Rapid7 InsightVM Buyer's Guide including reviews and more. Updated: September 2022

What is Rapid7 InsightVM?

Rapid7 InsightVM is a comprehensive vulnerability management platform that protects your systems from attackers and is easy to scale. The solution provides easy access to vulnerability management, application security, detection and response, external threat intelligence, orchestration and automation, and more. Rapid7 InsightVM is ideal for security, IT, and DevOps teams, helping them reduce risk by enabling them to detect and respond to attacks quickly.

Rapid7 InsightVM Features

Rapid7 InsightVM has many valuable key features. Some of the most useful ones include:

  • Automated containment: With this feature, you can decrease exposure from vulnerabilities by automatically implementing temporary (or permanent) compensating controls via your network access control (NAC) systems, firewalls, and endpoint detection and response tools.
  • Policy assessment: Rapid7 InsightVM offers pre-built scan templates for common compliance requirements. The solution helps you take clear, actionable steps to compliance once you have assessed your risk posture. In addition, Rapid7 InsightVM’s Custom Policy Builder allows you to modify existing benchmarks or create new policies from scratch.
  • REST API: Rapid7 InsightVM REST API is easy to use and was built to easily automate virtually any aspect of vulnerability management, from data collection to risk analysis.
  • Live dashboards: Rapid7 InsightVM includes dashboards that are live and interactive by nature. The live dashboards enable you to create custom cards and full dashboards for anyone in your organization and allow you to track progress of your security program.
  • Automation-assisted patching: Rapid7 InsightVM’s automation-assisted patching gives you the autonomy to make key decisions in your patching process, such as your approval to apply certain patches to certain vulnerabilities.
  • Real risk prioritization: Rapid7 InsightVM makes it simple to know which vulnerabilities need to be prioritized and where your riskiest assets lie.
  • Goals and SLA’s: This feature enables you to make and track progress toward your goals and service level agreements (SLAs) at an appropriate pace.

Rapid7 InsightVM Benefits

There are many benefits to implementing Rapid7 InsightVM. Some of the biggest advantages the solution offers include:

  • Attack surface monitoring for maintained visibility: By leveraging attack surface monitoring with Project Sonar (a Rapid7 research project that regularly scans the internet to gain insights into global exposure to common vulnerabilities), you can gain more control of all of your external-facing assets, both known and unknown.
  • Container security: Rapid7 InsightVM integrates with your CI/CD tools, public container repositories, and private repositories to assess container images for vulnerabilities during the build process even before they are deployed.
  • Lightweight endpoint agent: Rapid7 InsightVM unifies data so you only need to install a single agent for continuous vulnerability assessment, incident detection, and log data collection.
  • Easily assign and track remediation duties: Using Rapid7 InsightVM, IT and security teams can assign as well as track remediation duties without having to deal with remediation reports, complex spreadsheets, or back-and-forth email tags.
  • Integration with cloud services and virtual infrastructure: Rapid7 InsightVM provides full visibility into risk across your physical, virtual, and cloud infrastructure.
  • Integrated threat feeds: Rapid7 InsightVM is designed with integrated threat feeds, giving you a dynamic view that shows you which threats are most relevant to your environment, enabling you to better protect against current, impending threats so you can react quickly to critical vulnerabilities.

Reviews from Real Users

Below are some reviews and helpful feedback written by PeerSpot users currently using the Rapid7 InsightVM solution.

An owner at a tech services company says, "I liked the dashboard on it. I could customize my dashboard with different widgets and different heat maps."

PeerSpot user Kimeang S., Technical Consultant at Yip Intsoi, mentions, "The most important aspect of the solution is that it rarely gives false positives, especially compared to other products. It provides very clear reports for our IT teams to look at."

A Director of Information Technology at a government explains, "The main functionality of identifying item endpoints that weren't properly patched or had vulnerabilities is the solution's most valuable feature."

Rapid7 InsightVM was previously known as InsightVM, NeXpose.

Rapid7 InsightVM Customers

ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM

Rapid7 InsightVM Video

Rapid7 InsightVM Pricing Advice

What users are saying about Rapid7 InsightVM pricing:
  • "Pricing is reasonable because we pay according to asset usage. We can define our assets and sites according to our preference."
  • "Its price is too high. My only concern or issue with Rapid7 is its pricing."
  • "Its licensing is yearly. Everything is included in the price for one year."
  • "We have an annual license to use Rapid7 InsightVM and if we want to extend it, we will possibly choose more than one year."
  • "The license is annual and this is the optimal approach when it comes to most software."
  • Rapid7 InsightVM Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Owner at a tech services company with 1-10 employees
    Real User
    Top 5
    Understands and defends your network from vulnerabilities
    Pros and Cons
    • "I liked the dashboard on it. I could customize my dashboard with different widgets and different heat maps."
    • "I would say that it improved our visibility, but it left things open."

    What is our primary use case?

    We used InsightVM mainly for vulnerability management. I thought it was a pretty interesting application. I'm a fan of Rapid7's Metasploit, so when I saw InsightVM I was like, "Let's see what else they have." I liked it up until we experienced some issues relating to scans. If I wanted to do mitigation, I needed to wait until the next scan was available or ran so that I could get to see if any indentations were made. 

    While I was in there, if I was searching for a specific vulnerability, sometimes it was hard to find the specific ones. In the dashboard, it'll tell you the results from the scans, and it will also tell you the vulnerabilities and it will rank them for risk. I would have liked to have been able to click on the vulnerability and it would take me to another area that just has the vulnerability with all the hosts. It wouldn't let you do that. You had to come back out of that window and go into another window and search for it. Well, you wouldn't get the same results as the number of hosts. I had to work a little bit harder to find exactly what I needed.

    Within our organization, there were two of us using it. Both of us were IT analysts. One was an IT analyst III (which was me), and the other one was the IT analyst manager.

    How has it helped my organization?

    I would say that it improved our visibility, but it left things open.

    What is most valuable?

    I liked the dashboard on it. I could customize my dashboard with different widgets and different heat maps. I liked that. That was a feature I liked. If your manager had a different dashboard that they liked, and you tried to go into a meeting and they say, "Well, I think your numbers are wrong because my dashboard says this" Well, you couldn't rapidly say, "Here's the default dashboard for this for risk." Whereas, with Tenable, you could go through a dashboard just for risks, and say, "Hey, let's switch to this dashboard so we're seeing the same numbers without customization."

    What needs improvement?

    They just need to fix it to make it more fluid. If it shows you vulnerabilities, I want to be able to click on the vulnerability and drill down into the vulnerability. If it's rating it as a 10 and it says it's got 30 hosts in it for this vulnerability, I want to click on that vulnerability and get a separate report that says, "Here's the vulnerability specific and here's the host involved." That way I could export it and say, "Hey, this vulnerability's out there, it matches a CVE number that is critical, that Microsoft, Cisco, whatever, has put a patch out there, and here guys, here's what it is and here's the proof. Here's your host that's vulnerable. Here's a change request, fix it, send me back the proof that you fixed it, then allow me to rerun a scan specific to that, on-demand, to say 'Yes, boss, we have mitigated it.'"

    I want to be able to just drill down on the reports. If it showing me there's a vulnerability and there's a said number of nodes that's vulnerable to it, I want to be able to drill down and export that list without having to come back out of it, going into my assets, trying to find the name of the vulnerability, which doesn't match what the dashboard says. To me, that was backward.

    Buyer's Guide
    Rapid7 InsightVM
    September 2022
    Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
    634,775 professionals have used our research since 2012.

    For how long have I used the solution?

    I have used this solution for one year.

    What do I think about the stability of the solution?

    It was pretty stable. We didn't have any real hiccups, but it was stable. We didn't have any real hiccups there.

    What do I think about the scalability of the solution?

    As far as I know, it says it's scalable. I'm not sure if that company I used to work for had to scale it up or down.

    How are customer service and support?

    The tech support was very helpful. Actually, I knew a couple of them so it was very helpful.

    I would give their tech support a rating of 10 — I knew them from using Metasploit and some other products. It was more of a, "Hey, I got this issue, how can you help me with it?" They'd point me and say, "Hey, check this out."

    How was the initial setup?

    I wasn't involved in the initial setup, so I can't comment on that.

    What other advice do I have?

    Do your proof of concepts if you can. Make sure you develop your risk strategy. That's important, because it's going to give you a risk number, it's going to give you critical: highs, mediums, but you need to understand what is the risk methodology that you're going to follow. Just because it says it's critical because of how many vulnerabilities you have, doesn't mean that you need to work on it right away.

    For example, there was a vulnerability that had 2,000 nodes affected. It put it as a high-risk, whereby there was another vulnerability where there were only about 10 hosts affected — it put it at medium-risk. However, the high-risk one, because it had more nodes affected, did not have a POC associated with it. A novice person looking at it would say, "I need to work on these 1,000 vulnerabilities because it's a high-risk, and ignore the medium." Well, the medium one had an active POC on it. If you didn't have a person who understood how to read the report and what it's actually telling you, then you would say, "Hey, you know what, I'm going to use these, I'm going to cut my risk down because I got 1,000 nodes with this vulnerability and I'm going to put this chain out real quick and I'm going to reduce my risk real quick because of the numbers." Well, in my opinion, you didn't reduce your risk because you have 10 nodes out there with a vulnerability that's rated medium and it has a POC on it.

    Overall, on a scale from one to ten, I would give this solution a rating of eight. I'm going to say that is because shame on Rapid7 for having such great applications, but then that little piece there that they know about hasn't been fixed. If I remember, if I go probably log back into the community, it's probably been asked a couple of times.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    UdayaSri Kariyawasam - PeerSpot reviewer
    Engineering Lead - DevOps at Persistent Systems
    Real User
    Can integrate with JIRA but needs to have custom image analysis for assessment
    Pros and Cons
    • "One of the most valuable features is it's graphical dashboard feature. It is quite easy to manage the widgets, and we can customize those according to our queries."
    • "Within InsightVM, there is no feature to assign a ticket. If we can have more API calls, we can do that from InsightVM."

    What is most valuable?

    One of the most valuable features is it's graphical dashboard feature. It is quite easy to manage the widgets, and we can customize those according to our queries.

    The other most valuable feature is that we can integrate Rapid7 InsightVM with JIRA. If a vulnerability in our services or server is found, it directly connects with JIRA and will assign a ticket. We can then share that with our development team or infrastructure team. Within a team, we can share it and assign the ticket, and we can smoothly do the mitigation process.

    Also, InsightVM has an image container that can be utilized via a CI/CD pipeline. We can directly integrate with building tools, and we can have vulnerability assessment throughout the development life cycle.

    Rapid7's initiative Project Sonar digs out the vulnerabilities arising all over the world and sends feedback to the systems. They then immediately update their databases and begin mitigation processes.

    What needs improvement?

    Within InsightVM, there is no feature to assign a ticket. If we can have more API calls, we can do that from InsightVM.

    There is room for improvement when it comes to JIRA integration. If they can collaborate with the JIRA team, then it will be easier for people to use it.

    If we can configure and define more features such as the critical elite level through InsightVM, it would be better.

    I would prefer to have vulnerability assessment with more features, like code analysis, code coverage, etc.

    I would also prefer to have a method of custom image analysis for assessment.

    In the SDLC (software development lifecycle), if we could easily integrate with a particular lifecycle, then we could have more descriptive reports.

    For how long have I used the solution?

    I have worked with this solution for two years now.

    What do I think about the stability of the solution?

    It is definitely stable.

    What do I think about the scalability of the solution?

    The scalability is quite good. We can increase the number of assets by paying either onsite or online. Also, we have an onsite engine, and we can install it in our cloud or AWS cloud, for instance.

    How are customer service and support?

    The technical support team has answered our questions within a couple of hours. They have provided precise answers so far to all the questions we have asked them.

    How was the initial setup?

    The initial setup was an easy task because we have a Linux server installed.

    InsightVM has a framework that's very interesting, and they have very detailed documentation. They have step-by-step directions for the installation process, and we can download them from their site. This means that anyone can easily install it and configure it.

    The harder part is writing the queries. We need to have knowledge of InsightVM and how queries, assets, and conditional formats occur. Extensive knowledge can be valuable at this stage of the process.

    What's my experience with pricing, setup cost, and licensing?

    Pricing is reasonable because we pay according to asset usage. We can define our assets and sites according to our preference.

    What other advice do I have?

    I recommend doing a comparison of Qualys, Rapid7, and Nessus. Because the scope is different from company to company and cluster to cluster, it would be good to research each product and decide according to your needs.

    If I were to rate Rapid7 InsightVM, I would rate it at seven on a scale from one to ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Rapid7 InsightVM
    September 2022
    Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
    634,775 professionals have used our research since 2012.
    Owner at Sidif Del Caribe Corporation
    Reseller
    Top 10
    A stable enterprise solution that can automatically detect new devices and scan them for vulnerabilities
    Pros and Cons
    • "When you connect any new device to the network, Rapid7 has the ability to detect the new device immediately. It can scan that device to detect if it has any vulnerability. It tells you what is vulnerable and what has been misconfigured. It also tells you what is the risk of that misconfiguration or lack of patches and how to resolve the problem."
    • "In terms of improvements, its price could be better. Our main issue with Rapid7 is that it is too expensive. You can only sell it to enterprise accounts. In terms of new features, Rapid7 came up with a product called InsightIDR a couple of years ago, which is a good SIEM solution. We expect that Rapid7 will work on some sort of integration between InsightVM and InsightIDR, where vulnerability or anomaly detected by InsightVM can be reported in InsightIDR in some sort of real-time. Rapid7 doesn't patch. For example, if you have a vulnerability, some products can scan and also do the patching, but Rapid7 does not do the patching. It would be nice if it can also patch."

    What is our primary use case?

    We are system integrators. Our clients normally use it to detect vulnerabilities in terms of a lack of patches in certain systems and databases. Its console can be installed on-premise or on the Rapid7 data center.

    What is most valuable?

    When you connect any new device to the network, Rapid7 has the ability to detect the new device immediately. It can scan that device to detect if it has any vulnerability. 

    It tells you what is vulnerable and what has been misconfigured. It also tells you what is the risk of that misconfiguration or lack of patches and how to resolve the problem.

    What needs improvement?

    In terms of improvements, its price could be better. Our main issue with Rapid7 is that it is too expensive. You can only sell it to enterprise accounts. 

    In terms of new features, Rapid7 came up with a product called InsightIDR a couple of years ago, which is a good SIEM solution. We expect that Rapid7 will work on some sort of integration between InsightVM and InsightIDR, where vulnerability or anomaly detected by InsightVM can be reported in InsightIDR in some sort of real-time.

    Rapid7 doesn't patch. For example, if you have a vulnerability, some products can scan and also do the patching, but Rapid7 does not do the patching. It would be nice if it can also patch.

    For how long have I used the solution?

    We have been working with this solution for the last three years or so. 

    What do I think about the stability of the solution?

    It has been stable. There is nothing that has caused any major damage to our customers. Normally, what happens is that when something goes wrong, the customer normally blames the tool first before admitting that they touched something or whatever the case may be.

    What do I think about the scalability of the solution?

    We have a couple of customers with various company sizes, and we haven't had any scalability issues. Rapid7 is pretty much an enterprise solution. We're talking about customers with more than 1500 nodes to scan.

    How are customer service and technical support?

    Their technical support is very good.

    How was the initial setup?

    I don't handle the installation, but it was not difficult to implement. The basic setup took us about four days or so.

    Normally, for a product like this, the complexity of implementation is proportional to the size of the infrastructure that is going to be scanned and also how heterogeneous it is. An enterprise product like this is not like using a coffee maker. You need to have some knowledge of where you are installing it. You also need to have some knowledge of the technology that you are going to scan. You can't scan everything in the same way.

    What's my experience with pricing, setup cost, and licensing?

    Its price is too high. My only concern or issue with Rapid7 is its pricing.

    Which other solutions did I evaluate?

    Our clients evaluate Qualys, Tenable, and Rapid7. It doesn't really matter which one you choose. You cannot go wrong with all of these products. They have been very well ranked by Gartner. The main difference is probably the pricing.

    What other advice do I have?

    I would recommend this solution. I would rate Rapid7 InsightVM an eight out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    PeerSpot user
    Service Delivery Manager at a outsourcing company with 11-50 employees
    Real User
    Top 20
    Easy to deploy and flexible licensing but the reporting could be better
    Pros and Cons
    • "The product is scalable."
    • "The reporting could be better."

    What is our primary use case?

    We primarily use the solution for vulnerability management.

    What is most valuable?

    From a scanning perspective, it’s great. The customization associated with each and every scan is very good. It actually provides functionality from a CIS control perspective as well.

    It is easy to deploy.

    The product is scalable.

    The solution is very stable.

    What needs improvement?

    The reporting could be better.

    We do not need any additional features.

    For how long have I used the solution?

    I’ve been using the solution for two years.

    What do I think about the stability of the solution?

    The solution is very stable. The reliability is good. There are no bugs or glitches. It doesn’t crash or freeze.

    What do I think about the scalability of the solution?

    The solution is absolutely scalable.

    From a footprint perspective, there are about 780 servers. In totality, there's a license entitlement for about 1000 clients.

    How are customer service and support?

    Technical support has been accurate.

    How would you rate customer service and support?

    Neutral

    How was the initial setup?

    The solution is straightforward to set up and simple to deploy. It’s not overly complex. We only need one technical person to handle the setup process.

    How long it takes to deploy depends on multiple instances whereby multiple factors, depending on client, on-prem, et cetera. Your average deployment time would be anything from three to five days.

    What about the implementation team?

    As partners, we can handle the implementation.

    What was our ROI?

    The ROI is fair to mild.

    What's my experience with pricing, setup cost, and licensing?

    The licensing is market-related.

    The cost depends on the number of assets per annum.

    It is very flexible. What's nice about it is, from a client's perspective, the environment can either grow and you can chew up, or it can shrink, and it meets whatever needs you have.

    The licensing includes technical support.

    What other advice do I have?

    We’re partners.

    We’re always using the latest version of the solution.

    There's a mix of deployments. There's an on-prem deployment in certain customer areas. However, there's also a cloud deployment from the MSSV point of view as well.

    The scanner is always on-prem. The majority of the scanners that we've deployed are on-prem. Although some of the consoles are selling cloud-deployed, other consoles would be on-prem.

    I’d rate the solution seven out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Security Officer at a tech consulting company with 51-200 employees
    Real User
    Top 5
    Easy to deploy, scalable, and helps in prioritizing the risks with risk scoring
    Pros and Cons
    • "The risk score that they provide makes it easier to find out the biggest risks. It helped the security officers to understand where the biggest risks are so that they can act on them. They can instruct their IT teams to give them a higher priority and mitigate them."
    • "It is still not a fully cloud-based solution. It will be helpful for customers if it is a complete cloud solution. It is a hybrid solution at the moment."

    How has it helped my organization?

    A big vulnerability was discovered last year for jshell. We got a lot of questions from our customers about which services are vulnerable. We could give an answer in just a few minutes to the customers and also warn them.

    What is most valuable?

    The risk score that they provide makes it easier to find out the biggest risks. It helped the security officers to understand where the biggest risks are so that they can act on them. They can instruct their IT teams to give them a higher priority and mitigate them.

    What needs improvement?

    It is still not a fully cloud-based solution. It will be helpful for customers if it is a complete cloud solution. It is a hybrid solution at the moment.

    For how long have I used the solution?

    I have been working with this solution for two years. It is a cloud solution, and I have been using its latest version.

    What do I think about the stability of the solution?

    It is definitely stable.

    What do I think about the scalability of the solution?

    It is made for scalability. We use it to monitor our own company with 250 users. Day-to-day, three people are monitoring the environment.

    How are customer service and support?

    It is perfect. I would rate them a nine out of ten.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    It was straightforward. It took a couple of hours. I would rate it a nine out of ten in terms of ease of setup.

    In terms of maintenance, it is all self-updating.

    What was our ROI?

    It is difficult to estimate the ROI. For our management, it is a really important tool. It helps us to understand if something is not going perfectly. 

    What's my experience with pricing, setup cost, and licensing?

    Its licensing is yearly. Everything is included in the price for one year.

    Which other solutions did I evaluate?

    We checked other solutions. We went for it because it has a cloud platform inside, which integrates with our SIEM solution, and it has many more capabilities than other products.

    What other advice do I have?

    I would advise others to make sure that every asset in the environment is monitored by the tool. I see many customers who think they have full coverage of all assets, but they are missing a part of the network. In such a case, they will get an incorrect understanding of their security.

    I would rate this solution a nine out of ten.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Material Coordinator at a energy/utilities company with 1,001-5,000 employees
    Real User
    Top 20
    Useful reports, stable, and good vendor support
    Pros and Cons
    • "The reports in Rapid7 InsightVM are useful when compared to competitors."
    • "Rapid7 InsightVM could be easier to use for those who are using it for the first time."

    What is our primary use case?

    We are using Rapid7 InsightVM to have a vulnerability assessment solution in our organization to overcome the audit points.

    How has it helped my organization?

    We are at the stage where we are deciding if the solution will be useful for us or not.

    We generate the reports for our IT sessions and try to take the recommended actions. After the action is made, we generate another report to check if this action covers the vulnerability points or not.

    What is most valuable?

    The reports in Rapid7 InsightVM are useful when compared to competitors.

    What needs improvement?

    Rapid7 InsightVM could be easier to use for those who are using it for the first time.

    The updates should be fixed in the next release.

    For how long have I used the solution?

    I have been using Rapid7 InsightVM for a few months.

    What do I think about the stability of the solution?

    The stability of Rapid7 InsightVM has been fine in the three months we have used it.

    What do I think about the scalability of the solution?

    We are using a virtual environment with Rapid7 InsightVM and we can expand it if we want.

    We have approximately three people using this solution in my company. We use the solution weekly or monthly. We would increase the use of the solution if our tests go well.

    How are customer service and support?

    The support that we are receiving at this time is from our partner who handles the issue with the vendor if needed.

    How was the initial setup?

    The initial setup was not straightforward because it was our first time doing it.

    We did a POC first and this took us two months to make the environment. After we received the license we went into production.

    What about the implementation team?

    We had a partner help us with the implementation of Rapid7 InsightVM.

    We have an IT department that does the maintenance and support of Rapid7 InsightVM.

    What's my experience with pricing, setup cost, and licensing?

    We have an annual license to use Rapid7 InsightVM and if we want to extend it, we will possibly choose more than one year.

    What other advice do I have?

    I recommend this solution to others and for them to use a partner for the implementation. It can be difficult for the first time.

    I rate Rapid7 InsightVM an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Senior Consultant at a tech services company with 11-50 employees
    Real User
    Top 5
    Good visibility in the event of an attack
    Pros and Cons
    • "When it comes to the process, installation is very easy and does not take long."
    • "All products have room for increased security and Rapid7 InsightVM is no exception."

    What is our primary use case?

    The solution is similar to Tenable, but Rapid7 also comes with Insight - Detection and Response, which integrates with InsightVM. This alerts the customer in the event of an attack or updates him about the status of a vulnerability. The solution provides increased visibility in the environment when integrating between these two products. 

    What needs improvement?

    All products have room for increased security and Rapid7 InsightVM is no exception. This is why I do not give a perfect score to any product on principle. 

    For how long have I used the solution?

    We have been using Rapid7 InsightVM for a couple of months.

    What do I think about the stability of the solution?

    The solution is stable. 

    What do I think about the scalability of the solution?

    The solution is scalable. 

    We have plans to increase its usage.

    Which solution did I use previously and why did I switch?

    I have some experience with Tenable Nessus, although I did not use it on a professional basis. 

    How was the initial setup?

    When it comes to the process, installation is very easy and does not take long. As a matter of course, installing a VM and connecting to a portal is easy. That is all that is needed. Time-wise, this may take an hour. Once the portal and scanner are connected one can start getting the environment. 

    What's my experience with pricing, setup cost, and licensing?

    The license is annual and this is the optimal approach when it comes to most software. 

    What other advice do I have?

    The solution is hybrid, meaning that if installation is required it must be done on the environment itself, on-premises, the portal being cloud-based. 

    The solution has very good integration, so I see no need for improvements in this regard at present. 

    I have no issues with the stability, security, user interface, reporting, monitoring board or Techstar reports. These are all good. 

    The documentation is quite detailed and straightforward. It is provided to me via the internet. 

    Off the top of my head, I cannot think of anything needing improvement.

    We have a single customer who is utilizing the solution, but he makes use of IDR, not IVM.

    I would recommend the solution to others.

    I rate Rapid7 InsightVM as an eight out of ten. 

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Agustinus DWIJOKO - PeerSpot reviewer
    Network & Security Engineer at a comms service provider with 11-50 employees
    Real User
    Top 5Leaderboard
    Reliable, easy to set up, and has good active scan capabilities
    Pros and Cons
    • "It's very scalable."
    • "We'd like the agent to cover more compliance issues."

    What is our primary use case?

    There are so many cases for InsightVM. It's used for customers that need the ICS compiler or if they need users to work from home right now. It allows them to manage assets from anywhere. 

    What is most valuable?

    Using active scan is good.

    If you have a history with the solution, the initial setup is easy.

    The solution is stable and reliable.

    It's very scalable.

    What needs improvement?

    The agent must be covered if the customer wants to do a combined thing. InsightVM cannot do that if they are using an agent. We'd like the agent to cover more compliance issues.

    For how long have I used the solution?

    I've been using the solution for three or four years. 

    What do I think about the stability of the solution?

    The product is stable. There aren't bugs or glitches. It doesn't crash or freeze. It's reliable and the performance is good.

    What do I think about the scalability of the solution?

    If you want to scan more than 1,000 assets, then we need to show the requirement first. It will use the server with maximum CPU, and maximum RAM. The scalability is quite higher than on the previous one we used. It keeps getting better.

    How was the initial setup?

    Typically, the initial setup is easy. If a user has the experience, it is straightforward. However, if we work together with an organization that has never used it before, there's more configuration that needs to be done.

    What other advice do I have?

    We're working with the latest version of the solution, however, I cannot recall the exact version number.

    While our clients are using a hybrid cloud, the customers still need to install on-premise. Your console right now is like a dashboard; it's moved to the cloud.

    I'd advise users to try the solution. If they are using InsightVM they will be able to quickly understand what the vulnerabilities are on their assets.

    I'd rate the solution eight out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Google
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Rapid7 InsightVM Report and get advice and tips from experienced pros sharing their opinions.
    Updated: September 2022
    Product Categories
    Vulnerability Management
    Buyer's Guide
    Download our free Rapid7 InsightVM Report and get advice and tips from experienced pros sharing their opinions.