Rapid7 InsightVM OverviewUNIXBusinessApplication

Rapid7 InsightVM is the #6 ranked solution in top Vulnerability Management tools. PeerSpot users give Rapid7 InsightVM an average rating of 7.6 out of 10. Rapid7 InsightVM is most commonly compared to Tenable Nessus: Rapid7 InsightVM vs Tenable Nessus. Rapid7 InsightVM is popular among the large enterprise segment, accounting for 61% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 18% of all views.
Rapid7 InsightVM Buyer's Guide

Download the Rapid7 InsightVM Buyer's Guide including reviews and more. Updated: November 2022

What is Rapid7 InsightVM?

Rapid7 InsightVM is a comprehensive vulnerability management platform that protects your systems from attackers and is easy to scale. The solution provides easy access to vulnerability management, application security, detection and response, external threat intelligence, orchestration and automation, and more. Rapid7 InsightVM is ideal for security, IT, and DevOps teams, helping them reduce risk by enabling them to detect and respond to attacks quickly.

Rapid7 InsightVM Features

Rapid7 InsightVM has many valuable key features. Some of the most useful ones include:

  • Automated containment: With this feature, you can decrease exposure from vulnerabilities by automatically implementing temporary (or permanent) compensating controls via your network access control (NAC) systems, firewalls, and endpoint detection and response tools.
  • Policy assessment: Rapid7 InsightVM offers pre-built scan templates for common compliance requirements. The solution helps you take clear, actionable steps to compliance once you have assessed your risk posture. In addition, Rapid7 InsightVM’s Custom Policy Builder allows you to modify existing benchmarks or create new policies from scratch.
  • REST API: Rapid7 InsightVM REST API is easy to use and was built to easily automate virtually any aspect of vulnerability management, from data collection to risk analysis.
  • Live dashboards: Rapid7 InsightVM includes dashboards that are live and interactive by nature. The live dashboards enable you to create custom cards and full dashboards for anyone in your organization and allow you to track progress of your security program.
  • Automation-assisted patching: Rapid7 InsightVM’s automation-assisted patching gives you the autonomy to make key decisions in your patching process, such as your approval to apply certain patches to certain vulnerabilities.
  • Real risk prioritization: Rapid7 InsightVM makes it simple to know which vulnerabilities need to be prioritized and where your riskiest assets lie.
  • Goals and SLA’s: This feature enables you to make and track progress toward your goals and service level agreements (SLAs) at an appropriate pace.

Rapid7 InsightVM Benefits

There are many benefits to implementing Rapid7 InsightVM. Some of the biggest advantages the solution offers include:

  • Attack surface monitoring for maintained visibility: By leveraging attack surface monitoring with Project Sonar (a Rapid7 research project that regularly scans the internet to gain insights into global exposure to common vulnerabilities), you can gain more control of all of your external-facing assets, both known and unknown.
  • Container security: Rapid7 InsightVM integrates with your CI/CD tools, public container repositories, and private repositories to assess container images for vulnerabilities during the build process even before they are deployed.
  • Lightweight endpoint agent: Rapid7 InsightVM unifies data so you only need to install a single agent for continuous vulnerability assessment, incident detection, and log data collection.
  • Easily assign and track remediation duties: Using Rapid7 InsightVM, IT and security teams can assign as well as track remediation duties without having to deal with remediation reports, complex spreadsheets, or back-and-forth email tags.
  • Integration with cloud services and virtual infrastructure: Rapid7 InsightVM provides full visibility into risk across your physical, virtual, and cloud infrastructure.
  • Integrated threat feeds: Rapid7 InsightVM is designed with integrated threat feeds, giving you a dynamic view that shows you which threats are most relevant to your environment, enabling you to better protect against current, impending threats so you can react quickly to critical vulnerabilities.

Reviews from Real Users

Below are some reviews and helpful feedback written by PeerSpot users currently using the Rapid7 InsightVM solution.

An owner at a tech services company says, "I liked the dashboard on it. I could customize my dashboard with different widgets and different heat maps."

PeerSpot user Kimeang S., Technical Consultant at Yip Intsoi, mentions, "The most important aspect of the solution is that it rarely gives false positives, especially compared to other products. It provides very clear reports for our IT teams to look at."

A Director of Information Technology at a government explains, "The main functionality of identifying item endpoints that weren't properly patched or had vulnerabilities is the solution's most valuable feature."

Rapid7 InsightVM was previously known as InsightVM, NeXpose.

Rapid7 InsightVM Customers

ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM

Rapid7 InsightVM Video

Rapid7 InsightVM Pricing Advice

What users are saying about Rapid7 InsightVM pricing:
  • "We purchase annual licenses."
  • "Pricing is reasonable because we pay according to asset usage. We can define our assets and sites according to our preference."
  • "Its price is too high. My only concern or issue with Rapid7 is its pricing."
  • "Its licensing is yearly. Everything is included in the price for one year."
  • "We have an annual license to use Rapid7 InsightVM and if we want to extend it, we will possibly choose more than one year."
  • Rapid7 InsightVM Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Owner at a tech services company with 1-10 employees
    Real User
    Top 5
    Understands and defends your network from vulnerabilities
    Pros and Cons
    • "I liked the dashboard on it. I could customize my dashboard with different widgets and different heat maps."
    • "I would say that it improved our visibility, but it left things open."

    What is our primary use case?

    We used InsightVM mainly for vulnerability management. I thought it was a pretty interesting application. I'm a fan of Rapid7's Metasploit, so when I saw InsightVM I was like, "Let's see what else they have." I liked it up until we experienced some issues relating to scans. If I wanted to do mitigation, I needed to wait until the next scan was available or ran so that I could get to see if any indentations were made. 

    While I was in there, if I was searching for a specific vulnerability, sometimes it was hard to find the specific ones. In the dashboard, it'll tell you the results from the scans, and it will also tell you the vulnerabilities and it will rank them for risk. I would have liked to have been able to click on the vulnerability and it would take me to another area that just has the vulnerability with all the hosts. It wouldn't let you do that. You had to come back out of that window and go into another window and search for it. Well, you wouldn't get the same results as the number of hosts. I had to work a little bit harder to find exactly what I needed.

    Within our organization, there were two of us using it. Both of us were IT analysts. One was an IT analyst III (which was me), and the other one was the IT analyst manager.

    How has it helped my organization?

    I would say that it improved our visibility, but it left things open.

    What is most valuable?

    I liked the dashboard on it. I could customize my dashboard with different widgets and different heat maps. I liked that. That was a feature I liked. If your manager had a different dashboard that they liked, and you tried to go into a meeting and they say, "Well, I think your numbers are wrong because my dashboard says this" Well, you couldn't rapidly say, "Here's the default dashboard for this for risk." Whereas, with Tenable, you could go through a dashboard just for risks, and say, "Hey, let's switch to this dashboard so we're seeing the same numbers without customization."

    What needs improvement?

    They just need to fix it to make it more fluid. If it shows you vulnerabilities, I want to be able to click on the vulnerability and drill down into the vulnerability. If it's rating it as a 10 and it says it's got 30 hosts in it for this vulnerability, I want to click on that vulnerability and get a separate report that says, "Here's the vulnerability specific and here's the host involved." That way I could export it and say, "Hey, this vulnerability's out there, it matches a CVE number that is critical, that Microsoft, Cisco, whatever, has put a patch out there, and here guys, here's what it is and here's the proof. Here's your host that's vulnerable. Here's a change request, fix it, send me back the proof that you fixed it, then allow me to rerun a scan specific to that, on-demand, to say 'Yes, boss, we have mitigated it.'"

    I want to be able to just drill down on the reports. If it showing me there's a vulnerability and there's a said number of nodes that's vulnerable to it, I want to be able to drill down and export that list without having to come back out of it, going into my assets, trying to find the name of the vulnerability, which doesn't match what the dashboard says. To me, that was backward.

    Buyer's Guide
    Rapid7 InsightVM
    November 2022
    Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
    657,397 professionals have used our research since 2012.

    For how long have I used the solution?

    I have used this solution for one year.

    What do I think about the stability of the solution?

    It was pretty stable. We didn't have any real hiccups, but it was stable. We didn't have any real hiccups there.

    What do I think about the scalability of the solution?

    As far as I know, it says it's scalable. I'm not sure if that company I used to work for had to scale it up or down.

    How are customer service and support?

    The tech support was very helpful. Actually, I knew a couple of them so it was very helpful.

    I would give their tech support a rating of 10 — I knew them from using Metasploit and some other products. It was more of a, "Hey, I got this issue, how can you help me with it?" They'd point me and say, "Hey, check this out."

    How was the initial setup?

    I wasn't involved in the initial setup, so I can't comment on that.

    What other advice do I have?

    Do your proof of concepts if you can. Make sure you develop your risk strategy. That's important, because it's going to give you a risk number, it's going to give you critical: highs, mediums, but you need to understand what is the risk methodology that you're going to follow. Just because it says it's critical because of how many vulnerabilities you have, doesn't mean that you need to work on it right away.

    For example, there was a vulnerability that had 2,000 nodes affected. It put it as a high-risk, whereby there was another vulnerability where there were only about 10 hosts affected — it put it at medium-risk. However, the high-risk one, because it had more nodes affected, did not have a POC associated with it. A novice person looking at it would say, "I need to work on these 1,000 vulnerabilities because it's a high-risk, and ignore the medium." Well, the medium one had an active POC on it. If you didn't have a person who understood how to read the report and what it's actually telling you, then you would say, "Hey, you know what, I'm going to use these, I'm going to cut my risk down because I got 1,000 nodes with this vulnerability and I'm going to put this chain out real quick and I'm going to reduce my risk real quick because of the numbers." Well, in my opinion, you didn't reduce your risk because you have 10 nodes out there with a vulnerability that's rated medium and it has a POC on it.

    Overall, on a scale from one to ten, I would give this solution a rating of eight. I'm going to say that is because shame on Rapid7 for having such great applications, but then that little piece there that they know about hasn't been fixed. If I remember, if I go probably log back into the community, it's probably been asked a couple of times.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Chief Executive Officer at a outsourcing company with 11-50 employees
    Reseller
    Top 5
    A single pane of glass with good functionality, and is easy to manage
    Pros and Cons
    • "The cost is what is most valuable. Compared to the other products on the market, the cost is more palatable."
    • "We are a registered reseller and a trusted partner. However, for us to get any support from them I can't log a call directly with Rapid7 InsightVM. I have to work with the distributor to log the call for me."

    What is our primary use case?

    The main purpose for using Rapid7 InsightVM is vulnerability management and visibility.

    What is most valuable?

    The cost is what is most valuable. Compared to the other products on the market, the cost is more palatable. Also the functionality. 

    It is a single pane of glass that I can do most things.

    What needs improvement?

    I see ongoing progress constantly. There isn't much opportunity to make recommendations for improvement from our end. Technology does what we want it to do.

    The only issue I have with their business plan is how they interact with South African enterprises. 

    They have one singular distributor that I must work with, and that is where my two points go. 

    I can't interact with Rapid7 directly. I must work via the local incumbent, the distributor. And working with this third party can be tiresome at times.

    Rapid7 InsightVM doesn't work with us directly. I have to work with a  distributor. If I need quotes or technical support, for example, I have to work with the distributor rather than Rapid7 InsightVM directly.

    We are a registered reseller and a trusted partner. However, for us to get any support from them I can't log a call directly with Rapid7 InsightVM. I have to work with the distributor to log the call for me.

    For how long have I used the solution?

    I have been working with Rapid7 InsightVM for two to three years.

    We are using the latest version.

    What do I think about the stability of the solution?

    Rapid7 InsightVM is very stable. I would rate the stability a five out of five.

    What do I think about the scalability of the solution?

    Rapid7 InsightVM is a scalable product. I would rate the scalability a five out of five.

    We have approximately 1, 500 endpoints in our company.

    It's not users, but endpoints, because the model is built around the endpoints you want to monitor. We run on around 1,500 endpoints. It is not user-specific.

    One person can easily manage this solution, but we have a team of four engineers to manage our environment.

    How are customer service and support?

    I have not contacted technical support directly.

    Which solution did I use previously and why did I switch?

    We also use Tenable Nessus.

    How was the initial setup?

    I am not involved with the initial setup. I have a support team that is managing that.

    We deploy it depending on our client's requirements. We use it as well as our clients.

    What about the implementation team?

    The deployment was done in-house. We do it ourselves.

    We had four, and all four worked on the project. This is not to say that there is just one primary job or four main jobs. Our engineers all work as a team.

    What was our ROI?

    I can definitely see a return on investment.

    It's good. We get the value from the product.

    What's my experience with pricing, setup cost, and licensing?

    We purchase annual licenses.

    We provide our own support. We have resources that have been certified to work on the product. It is purely the license fee.

    In terms of affordability, I would rate it a three out of five.

    What other advice do I have?

    I believe they see us as resellers because we resell it, but when we use it for professional services, they regard us as partners. They use both terms in the same sentence.

    We support it.

    I strongly recommend it. It's a good product. 

    It's only the backend support that needs to be improved. However, there isn't very much that has room for improvement in the product right now.

    They are not flawless. We have had problems here and there, but overall, I would rate Rapid7 InsightVM an eight out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Rapid7 InsightVM
    November 2022
    Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
    657,397 professionals have used our research since 2012.
    UdayaSri Kariyawasam - PeerSpot reviewer
    Engineering Lead - DevOps at Persistent Systems
    Real User
    Top 20
    Can integrate with JIRA but needs to have custom image analysis for assessment
    Pros and Cons
    • "One of the most valuable features is it's graphical dashboard feature. It is quite easy to manage the widgets, and we can customize those according to our queries."
    • "Within InsightVM, there is no feature to assign a ticket. If we can have more API calls, we can do that from InsightVM."

    What is most valuable?

    One of the most valuable features is it's graphical dashboard feature. It is quite easy to manage the widgets, and we can customize those according to our queries.

    The other most valuable feature is that we can integrate Rapid7 InsightVM with JIRA. If a vulnerability in our services or server is found, it directly connects with JIRA and will assign a ticket. We can then share that with our development team or infrastructure team. Within a team, we can share it and assign the ticket, and we can smoothly do the mitigation process.

    Also, InsightVM has an image container that can be utilized via a CI/CD pipeline. We can directly integrate with building tools, and we can have vulnerability assessment throughout the development life cycle.

    Rapid7's initiative Project Sonar digs out the vulnerabilities arising all over the world and sends feedback to the systems. They then immediately update their databases and begin mitigation processes.

    What needs improvement?

    Within InsightVM, there is no feature to assign a ticket. If we can have more API calls, we can do that from InsightVM.

    There is room for improvement when it comes to JIRA integration. If they can collaborate with the JIRA team, then it will be easier for people to use it.

    If we can configure and define more features such as the critical elite level through InsightVM, it would be better.

    I would prefer to have vulnerability assessment with more features, like code analysis, code coverage, etc.

    I would also prefer to have a method of custom image analysis for assessment.

    In the SDLC (software development lifecycle), if we could easily integrate with a particular lifecycle, then we could have more descriptive reports.

    For how long have I used the solution?

    I have worked with this solution for two years now.

    What do I think about the stability of the solution?

    It is definitely stable.

    What do I think about the scalability of the solution?

    The scalability is quite good. We can increase the number of assets by paying either onsite or online. Also, we have an onsite engine, and we can install it in our cloud or AWS cloud, for instance.

    How are customer service and support?

    The technical support team has answered our questions within a couple of hours. They have provided precise answers so far to all the questions we have asked them.

    How was the initial setup?

    The initial setup was an easy task because we have a Linux server installed.

    InsightVM has a framework that's very interesting, and they have very detailed documentation. They have step-by-step directions for the installation process, and we can download them from their site. This means that anyone can easily install it and configure it.

    The harder part is writing the queries. We need to have knowledge of InsightVM and how queries, assets, and conditional formats occur. Extensive knowledge can be valuable at this stage of the process.

    What's my experience with pricing, setup cost, and licensing?

    Pricing is reasonable because we pay according to asset usage. We can define our assets and sites according to our preference.

    What other advice do I have?

    I recommend doing a comparison of Qualys, Rapid7, and Nessus. Because the scope is different from company to company and cluster to cluster, it would be good to research each product and decide according to your needs.

    If I were to rate Rapid7 InsightVM, I would rate it at seven on a scale from one to ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Owner at Sidif Del Caribe Corporation
    Reseller
    Top 10
    A stable enterprise solution that can automatically detect new devices and scan them for vulnerabilities
    Pros and Cons
    • "When you connect any new device to the network, Rapid7 has the ability to detect the new device immediately. It can scan that device to detect if it has any vulnerability. It tells you what is vulnerable and what has been misconfigured. It also tells you what is the risk of that misconfiguration or lack of patches and how to resolve the problem."
    • "In terms of improvements, its price could be better. Our main issue with Rapid7 is that it is too expensive. You can only sell it to enterprise accounts. In terms of new features, Rapid7 came up with a product called InsightIDR a couple of years ago, which is a good SIEM solution. We expect that Rapid7 will work on some sort of integration between InsightVM and InsightIDR, where vulnerability or anomaly detected by InsightVM can be reported in InsightIDR in some sort of real-time. Rapid7 doesn't patch. For example, if you have a vulnerability, some products can scan and also do the patching, but Rapid7 does not do the patching. It would be nice if it can also patch."

    What is our primary use case?

    We are system integrators. Our clients normally use it to detect vulnerabilities in terms of a lack of patches in certain systems and databases. Its console can be installed on-premise or on the Rapid7 data center.

    What is most valuable?

    When you connect any new device to the network, Rapid7 has the ability to detect the new device immediately. It can scan that device to detect if it has any vulnerability. 

    It tells you what is vulnerable and what has been misconfigured. It also tells you what is the risk of that misconfiguration or lack of patches and how to resolve the problem.

    What needs improvement?

    In terms of improvements, its price could be better. Our main issue with Rapid7 is that it is too expensive. You can only sell it to enterprise accounts. 

    In terms of new features, Rapid7 came up with a product called InsightIDR a couple of years ago, which is a good SIEM solution. We expect that Rapid7 will work on some sort of integration between InsightVM and InsightIDR, where vulnerability or anomaly detected by InsightVM can be reported in InsightIDR in some sort of real-time.

    Rapid7 doesn't patch. For example, if you have a vulnerability, some products can scan and also do the patching, but Rapid7 does not do the patching. It would be nice if it can also patch.

    For how long have I used the solution?

    We have been working with this solution for the last three years or so. 

    What do I think about the stability of the solution?

    It has been stable. There is nothing that has caused any major damage to our customers. Normally, what happens is that when something goes wrong, the customer normally blames the tool first before admitting that they touched something or whatever the case may be.

    What do I think about the scalability of the solution?

    We have a couple of customers with various company sizes, and we haven't had any scalability issues. Rapid7 is pretty much an enterprise solution. We're talking about customers with more than 1500 nodes to scan.

    How are customer service and technical support?

    Their technical support is very good.

    How was the initial setup?

    I don't handle the installation, but it was not difficult to implement. The basic setup took us about four days or so.

    Normally, for a product like this, the complexity of implementation is proportional to the size of the infrastructure that is going to be scanned and also how heterogeneous it is. An enterprise product like this is not like using a coffee maker. You need to have some knowledge of where you are installing it. You also need to have some knowledge of the technology that you are going to scan. You can't scan everything in the same way.

    What's my experience with pricing, setup cost, and licensing?

    Its price is too high. My only concern or issue with Rapid7 is its pricing.

    Which other solutions did I evaluate?

    Our clients evaluate Qualys, Tenable, and Rapid7. It doesn't really matter which one you choose. You cannot go wrong with all of these products. They have been very well ranked by Gartner. The main difference is probably the pricing.

    What other advice do I have?

    I would recommend this solution. I would rate Rapid7 InsightVM an eight out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    PeerSpot user
    Service Delivery Manager at a outsourcing company with 11-50 employees
    Real User
    Top 10
    Easy to deploy and flexible licensing but the reporting could be better
    Pros and Cons
    • "The product is scalable."
    • "The reporting could be better."

    What is our primary use case?

    We primarily use the solution for vulnerability management.

    What is most valuable?

    From a scanning perspective, it’s great. The customization associated with each and every scan is very good. It actually provides functionality from a CIS control perspective as well.

    It is easy to deploy.

    The product is scalable.

    The solution is very stable.

    What needs improvement?

    The reporting could be better.

    We do not need any additional features.

    For how long have I used the solution?

    I’ve been using the solution for two years.

    What do I think about the stability of the solution?

    The solution is very stable. The reliability is good. There are no bugs or glitches. It doesn’t crash or freeze.

    What do I think about the scalability of the solution?

    The solution is absolutely scalable.

    From a footprint perspective, there are about 780 servers. In totality, there's a license entitlement for about 1000 clients.

    How are customer service and support?

    Technical support has been accurate.

    How would you rate customer service and support?

    Neutral

    How was the initial setup?

    The solution is straightforward to set up and simple to deploy. It’s not overly complex. We only need one technical person to handle the setup process.

    How long it takes to deploy depends on multiple instances whereby multiple factors, depending on client, on-prem, et cetera. Your average deployment time would be anything from three to five days.

    What about the implementation team?

    As partners, we can handle the implementation.

    What was our ROI?

    The ROI is fair to mild.

    What's my experience with pricing, setup cost, and licensing?

    The licensing is market-related.

    The cost depends on the number of assets per annum.

    It is very flexible. What's nice about it is, from a client's perspective, the environment can either grow and you can chew up, or it can shrink, and it meets whatever needs you have.

    The licensing includes technical support.

    What other advice do I have?

    We’re partners.

    We’re always using the latest version of the solution.

    There's a mix of deployments. There's an on-prem deployment in certain customer areas. However, there's also a cloud deployment from the MSSV point of view as well.

    The scanner is always on-prem. The majority of the scanners that we've deployed are on-prem. Although some of the consoles are selling cloud-deployed, other consoles would be on-prem.

    I’d rate the solution seven out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Security Officer at a tech consulting company with 51-200 employees
    Real User
    Top 5
    Easy to deploy, scalable, and helps in prioritizing the risks with risk scoring
    Pros and Cons
    • "The risk score that they provide makes it easier to find out the biggest risks. It helped the security officers to understand where the biggest risks are so that they can act on them. They can instruct their IT teams to give them a higher priority and mitigate them."
    • "It is still not a fully cloud-based solution. It will be helpful for customers if it is a complete cloud solution. It is a hybrid solution at the moment."

    How has it helped my organization?

    A big vulnerability was discovered last year for jshell. We got a lot of questions from our customers about which services are vulnerable. We could give an answer in just a few minutes to the customers and also warn them.

    What is most valuable?

    The risk score that they provide makes it easier to find out the biggest risks. It helped the security officers to understand where the biggest risks are so that they can act on them. They can instruct their IT teams to give them a higher priority and mitigate them.

    What needs improvement?

    It is still not a fully cloud-based solution. It will be helpful for customers if it is a complete cloud solution. It is a hybrid solution at the moment.

    For how long have I used the solution?

    I have been working with this solution for two years. It is a cloud solution, and I have been using its latest version.

    What do I think about the stability of the solution?

    It is definitely stable.

    What do I think about the scalability of the solution?

    It is made for scalability. We use it to monitor our own company with 250 users. Day-to-day, three people are monitoring the environment.

    How are customer service and support?

    It is perfect. I would rate them a nine out of ten.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    It was straightforward. It took a couple of hours. I would rate it a nine out of ten in terms of ease of setup.

    In terms of maintenance, it is all self-updating.

    What was our ROI?

    It is difficult to estimate the ROI. For our management, it is a really important tool. It helps us to understand if something is not going perfectly. 

    What's my experience with pricing, setup cost, and licensing?

    Its licensing is yearly. Everything is included in the price for one year.

    Which other solutions did I evaluate?

    We checked other solutions. We went for it because it has a cloud platform inside, which integrates with our SIEM solution, and it has many more capabilities than other products.

    What other advice do I have?

    I would advise others to make sure that every asset in the environment is monitored by the tool. I see many customers who think they have full coverage of all assets, but they are missing a part of the network. In such a case, they will get an incorrect understanding of their security.

    I would rate this solution a nine out of ten.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    IT Security Engineer
    Real User
    Top 5Leaderboard
    Reliable, easy to set up, and has a good remediation feature
    Pros and Cons
    • "The solution scales well."
    • "There was functionality present previously, however, currently, we can't integrate directly with Jira Service Desk - only the cloud version."

    What is our primary use case?

    We primarily use the solution for vulnerability management and monitoring the progress of the remediation process.

    What is most valuable?

    The remediation feature has been quite useful. 

    It's easy to set up the solution. 

    It's stable.

    The solution scales well.

    What needs improvement?

    The solution isn't missing any features, and I haven't noticed any shortcomings. 

    There was functionality present previously, however, currently, we can't integrate directly with Jira Service Desk - only the cloud version. That, or we must share to the internet on-prem Jira Service Desk. It's not easy for us since we use only the on-prem Service Desk service, and we don't straight to the internet for our service.

    InsightVM can only directly connect to the internet. So, we can't use this integration and send tasks to our technical team from InsightVM. We, therefore, need better integration with Jira Service Desk. 

    What do I think about the stability of the solution?

    The stability has been good overall. I would rate it five out of five in terms of reliability. The performance is good. There are no bugs or glitches, and it doesn't crash or freeze. 

    What do I think about the scalability of the solution?

    The solution is suitable for big or small organizations. We have clients of different sizes using the product. 

    It's used at the engineering level, with security and administrators using it regularly.

    I'd rate it five out of five in terms of the ease of scaling. 

    How was the initial setup?

    The solution is straightforward to set up. I'd rate it four out of five in terms of ease of implementation. 

    We have one or two team members that can set up the solution. 

    How long it takes to deploy depends on the customer. For a small customer, it's less than one month or sometimes two weeks. For a big customer with many assets and services, it takes two or three months to deploy.

    We only need to have one or two people on hand to handle maintenance tasks. 

    What's my experience with pricing, setup cost, and licensing?

    The solution is not overly expensive.

    What other advice do I have?

    We use this solution for our clients.

    We're dealing with the latest version of the product.

    InsightVM is a solution based on on-prem infrastructure connected to the cloud service, so it's a hybrid solution.

    Overall, it's a nice tool. 

    I'd rate the solution nine out of ten. 

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Material Coordinator at a energy/utilities company with 1,001-5,000 employees
    Real User
    Top 10
    Useful reports, stable, and good vendor support
    Pros and Cons
    • "The reports in Rapid7 InsightVM are useful when compared to competitors."
    • "Rapid7 InsightVM could be easier to use for those who are using it for the first time."

    What is our primary use case?

    We are using Rapid7 InsightVM to have a vulnerability assessment solution in our organization to overcome the audit points.

    How has it helped my organization?

    We are at the stage where we are deciding if the solution will be useful for us or not.

    We generate the reports for our IT sessions and try to take the recommended actions. After the action is made, we generate another report to check if this action covers the vulnerability points or not.

    What is most valuable?

    The reports in Rapid7 InsightVM are useful when compared to competitors.

    What needs improvement?

    Rapid7 InsightVM could be easier to use for those who are using it for the first time.

    The updates should be fixed in the next release.

    For how long have I used the solution?

    I have been using Rapid7 InsightVM for a few months.

    What do I think about the stability of the solution?

    The stability of Rapid7 InsightVM has been fine in the three months we have used it.

    What do I think about the scalability of the solution?

    We are using a virtual environment with Rapid7 InsightVM and we can expand it if we want.

    We have approximately three people using this solution in my company. We use the solution weekly or monthly. We would increase the use of the solution if our tests go well.

    How are customer service and support?

    The support that we are receiving at this time is from our partner who handles the issue with the vendor if needed.

    How was the initial setup?

    The initial setup was not straightforward because it was our first time doing it.

    We did a POC first and this took us two months to make the environment. After we received the license we went into production.

    What about the implementation team?

    We had a partner help us with the implementation of Rapid7 InsightVM.

    We have an IT department that does the maintenance and support of Rapid7 InsightVM.

    What's my experience with pricing, setup cost, and licensing?

    We have an annual license to use Rapid7 InsightVM and if we want to extend it, we will possibly choose more than one year.

    What other advice do I have?

    I recommend this solution to others and for them to use a partner for the implementation. It can be difficult for the first time.

    I rate Rapid7 InsightVM an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free Rapid7 InsightVM Report and get advice and tips from experienced pros sharing their opinions.
    Updated: November 2022
    Product Categories
    Vulnerability Management
    Buyer's Guide
    Download our free Rapid7 InsightVM Report and get advice and tips from experienced pros sharing their opinions.