Rapid7 InsightVM Reviews

We mainly use it for vulnerability management, generating monthly reports to address and resolve vulnerabilities. The main use cases involve receiving alerts based on predefined settings by Rapid7, investigating these alerts to understand their causes, and performing fine-tuning activities.

The most valuable features of Rapid7 InsightVM for me are creating dynamic asset tags, generating reports, and deploying the agent. The agent scans assets every four hours, providing real-time data on any devices. Although there weren't any significant new features compared to our previous tool, having both SIEM and vulnerability management handled by one tool made things easier. We could gather logs from different devices and cloud sources, and perform detailed investigations without switching tools.

I haven't worked with the automation capabilities of InsightVM. For remediation prioritization, we check the vulnerability, search for solutions on open platforms, and work with different teams to apply patches after proper testing. Currently, we don’t have any AI or ASM projects assisted by InsightVM

I’d like to see Rapid7 InsightVM improve by adding a knowledge base similar to what Qualys offers. This would help us easily check and search for vulnerabilities using Rapid7 IDs associated with CVs or CVSS.

From a features perspective, everything was fine at the time, and the security features of Rapid7 InsightVM were effective.

I've been working with Rapid7 InsightVM since December.

Overall, I would recommend Rapid7 InsightVM to others. My advice would be to first understand your requirements and infrastructure before implementing the product. I would rate InsightVM as an eight.

With InsightVM, I continuously monitor my network by setting up regular scans to identify vulnerabilities in real-time. It IS particularly useful for focusing on customer-facing systems at our perimeter, helping me prioritize and quickly address any security risks.

InsightVM offers a robust platform for identifying, prioritizing, and addressing vulnerabilities across an organization's IT infrastructure.

One area I would like to improve in InsightVM is its integration with other solutions, particularly for better compatibility with upcoming tools we plan to adopt. Enhanced functionality for budget management or change management databases could also be beneficial.

I have been working with InsightVM for over two years.

I would rate the stability of the solution as a nine out of ten.

InsightVM's scalability is top-notch and I would rate it a solid nine out of ten. Being a cloud-based solution, it effortlessly adjusts to accommodate varying needs and can easily scale from small to large environments.

Rapid7's technical support is highly responsive and helpful. I would rate them as a nine out of ten.

Positive

I chose Rapid7 over Tenable Nessus because of its better performance, comprehensive functionality, and stronger support for operating systems and services. While Tenable Nessus may be cheaper, it lacks integration with other features and is more suited for SMBs rather than enterprises.

Implementing InsightVM was straightforward. Setting it up to scan external networks at the perimeter was effortless; I just needed to create a cloud account and start using the solution. For internal network scanning, I installed the software on my notebook, which took about five to ten minutes for a single version setup, but it is important to note that it doesn't support Windows platforms.

InsightVM's pricing can vary depending on the coverage needed. While it may not be the cheapest option, purchasing an unlimited license could be cost-effective for larger environments. For smaller needs, it might be more expensive compared to competitors. I would rate the affordability of the product at a four out of ten.

I prioritize vulnerabilities in InsightVM by first focusing on customer-facing systems at our perimeter, which helps me quickly identify and address any security risks. Then, I utilize the cloud-based engine to scan internal networks and ensure comprehensive coverage without the need for complex on-premise solutions, making it easy to manage from my notebook connected to the internet.

Additionally, in InsightVM, we prioritize vulnerabilities by utilizing comprehensive data sources like the NVD and Rapid7's specialized risk calculation methods. The solution provides detailed information, including exploitability and impact, and evaluates whether vulnerabilities could be exploited in specific environments like NetApp.

I would recommend InsightVM to others. Overall, I would rate the product as an eight out of ten.

Our company uses the Nexpose automation tools for validity, deactivation, assessment, and penetration testing. We can easily see if something has been exposed and manually focus on or follow main vulnerabilities. 

We have 28 users and a JV license key for using the solution in our offline systems on a trial basis. 

The audit report and scorecard are brilliant. 

The solution is very user friendly and easy to manage. Users who have a year of experience with this type of tool will have no issues. 

The solution cannot scan third-party tools that have firewalls within them. The firewalls detect and block the solution. Conversely, Nexus is able to bypass firewalls because it has low detectability. We use Nexus when the solution cannot bypass a firewall. The solution can scan 60% of the time but Nexus can scan 90% of the time. 

The solution needs to improve its vulnerability design to include CVC results. Nexus has a good, long range and a good database for finding CVC numbers. We need this level of security detail but the solution does not seem to provide it.  

I have been using the solution for five years. 

The solution updates without interruption and has no database issues. 

Nexus sometimes has issues with plugging time where all the paper is gone so we need to run the tool again.  

The solution is very scalable. 

The articles and videos provide the information we need so we do not use technical support. 

The setup is straightforward and user friendly. 

New users can rely on the videos or articles to learn about setup. The solution and other tools might be a little bit tricky to setup. If you follow the article's commands, setup is easy. 

We implemented the solution in-house and it took about 25 minutes. 

The solution's pricing is better than Nexus which charges a high amount for very little use. 

We also use Nexus which is a mature tool and gives pretty good results. It offers the best scanning and good reporting files. 

The solution's audit report and scorecard provide better details than Nexus. 

From the feature side, right now we choose Nexus because it can bypass firewalls. From the price side, we choose the solution. 

I recommend the solution from the reporting side but am not sure I recommend it from the scanning side. The issue with firewalls needs to be fixed and then I will definitely recommend the solution. 

I rate the solution a seven out of ten. 

The primary use case of the solution is for network monitoring.

The most valuable feature is the vulnerability scan. All you need to do is enter the IP address and the solution provides details about the machines, provides the vulnerabilities, and gives recommendations to address those vulnerabilities.

In order to be able to properly test the solution and make a decision, I would like to receive the test license code instantly and eliminate the wait time. If I have to wait a week to test the solution it may force me to move on to another solution.

I have used the solution for three weeks.

The solution is stable.

The free trial was able to monitor over 500 machines on the network. I believe the solution is scalable.

The initial setup is straightforward. All you need to do is install the solution on your device and connect to the cloud service.

The implementation was done in-house.

A full license for the solution is expensive because it is at the organizational level and not by individual users. I used a free trial licensing by providing my email. For the free trial, you require a new license code each time and if you don't use a new email address it can take over a week to receive that code.

I give the solution eight out of ten.

The product is not a cloud solution. The tool can only be used as a hybrid solution, meaning it can be used on the cloud and on an on-premises deployment model. There are certain limitations because of the product being used on a hybrid model. Rapid7 InsightVM doesn't offer a solution purely in the cloud.

Competitors of Rapid7 InsightVM, like Tenable.io and Qualys, offer pure cloud solutions.

I have been using Rapid7 InsightVM for seven or eight years. My company serves as a distributor of the tool.

Sometimes, there were certain parts and programs of the product about which the customer used to complain.

Stability-wise, I rate the solution a six to seven out of ten.

It is a highly scalable solution. One of my company's customers uses the tool on 1,30,000 devices.

My company deals with clients who own small as well as enterprise-sized businesses.

In the past, the support offered for the product was good. Unfortunately, over a period of time, the support offered has become poor.

I rate the technical support a four to five out of ten.

Neutral

The product's initial setup phase was very easy.

The solution can be deployed in a few hours. The time required depends on the scale of the deployment. If there are 1,000 or 10,000 deployments to be done, then it takes time. If the customer provides a Q&A to calculate the design of the network, then the process becomes easier. If the customer does not know about their network, then the deployment process takes time since our company has to discuss several things with them before starting the process.

The product is cheaper than the other similar tools available in the market.

My company uses Rapid7 InsightVM to identify and assess vulnerabilities.

The product has improved our company's vulnerability remediation process. The tool finds vulnerabilities by scanning devices and networks. The solution is also useful in the area of database scanning.

The product area I find to be valuable in vulnerability management workflow stems from many aspects, like reporting, which is very useful. Rapid7 InsightVM's integration with Jira is also very effective and useful for end users. The coverage of the vulnerability offered by the product is very good. The GUI for Japanese users is good.

The product's integration capabilities have improved my company's security posture, as many other systems can be integrated with it. The export feature of the product helps users deal with other products like ServiceNow or Splunk.

The product is more useful for scanning than for its real-time visibility, but I can say that its functionalities come very close to real-time features. The product scans every six hours.

In large and diverse environments, the performance and the scalability of the product are not bad.

The product is easy to understand, making it good for companies that doesn't have much expertise in the area of security. It is an easy to use product. The product also provides a GUI in Japanese, while taking care of the reporting part efficiently, making it very convenient for the end users in Japan.

I rate the product's capacity to offer ease of use an eight out of ten.

I rate the overall tool a six to seven out of ten.

We'll use Rapid7 InsightVM for on-premises scanning and the virtual machine option for cloud-based environments.

It is a good tool for comprehensive risk management, including prioritization and remediation.

It is a great endpoint agent. It gives you reliable information about that infrastructure and offers strong accuracy for risk management. However, unlike other management tools that have improved precision testing, InsightVM requires an additional purchase for full access to some of its advanced features.

Other solutions, like Cisco, have strengths, but Rapid7 InsightVM has some solid features, such as the RapidServer Active Response, the ability to create endpoint agents, and a live dashboard. However, the main concern is the system's reliability. For instance, during a scan on an Ubuntu machine, the system mistakenly identified the OS as Windows. This kind of inaccuracy is problematic.

I have been using Rapid7 InsightVM for a year. 

The response takes some time.

Neutral

Rapid7 is a bit expensive.

Tenable has 20% lower pricing and includes built-in web application testing, which gives it an advantage over Rapid7 InsightVM.

I recommend Tennable for small and Rapid for big enterprises.

Overall, I rate the solution an eight out of ten.

The core domain use of the solution is verification, scanning, and finding out the vulnerabilities in real time.

The ease of deployment and configuration allows users to onboard quickly, aligning smoothly with various functionalities.

The data sheet is good in pricing and promises. The customers are very price-conscious. You have to satisfy technical requirements. This combo makes the product valuable and usable.

Two things are consistent. The rest of the things run fine. The technical side does not respond quickly. They take a lot of time. The priority should be to respond to the customer to serve the customer.

I have been using Rapid7 InsightVM for more than three years.

The solution’s stability is good. It keeps on running. There are no system complaints.

The solution’s scalability is linked to the new scope and the cost.

We are actively seeking alternatives. If you can offer a better solution, superior after-sales service, and overall better everything, we would like to explore what you have to offer.

The initial setup is not so complex. It is quickly deployable configurable and integrated with your existing setup.

The common process for Rapid7 InsightVM involves comparing it against their standard procedures to ensure compliance with the required licenses and resources. Users download the necessary files and initiate/reactivate licenses. Certain configurations are also set up. This process typically takes two to three days for the department, but we usually allocate a week for completion.

Our team feels enabled enough after completing the training session on Rapid7 InsightVM. We conduct our tests independently, and whenever we need support, we seek assistance directly from Rapid7. This process isn't overly complex or time-consuming. We ensure thorough preparation by gathering all necessary information, addressing internet concerns, and informing the customer. Once fully prepared, we proceed forward.

The solution’s pricing is good because the value proposition delivers a report box. It is not very costly.

Since the product is cloud-based, there's no maintenance. Whatever the information or the customization of the customer needs to be confirmed. The hardware needs maintenance.

Overall, I rate the solution a six out of ten.

We primarily use it for inventory and vulnerability management in our environment. We also use it to identify real risks and focus on container email scanning.

The most valuable feature for me is the risk calculation based on monthly effects. It's interactive, and the risk calculation depends on various factors such as quantity, hardware, and package used.

The team needs to improve the speed and focus on the new bandwidth feed. Sometimes, it takes a while to scan, especially with new updates. So, they should update the database quickly for the scanning to work more efficiently. Additionally, they should add pack management solutions for better integration with products like Microsoft FC and IBM Bigfoot.

They need to add more features or focus on work screening, and adding pack management solutions would be great. Moreover, there is room for improvement in technical support.

I've been using it for about three years now.

It is a stable product, and I would give it a seven.

It is a scalable product. Currently, there are around 1,000 users in my company using Rapid7 InsightVM.

Customer service and support are usually responsive, but there is room for improvement in their response time. The quality of support is good.

The initial setup is simple.

Along with Rapid7 InsightVM, we use Metasploit for already scanning. We also use it for website vulnerability scanning. For vulnerability scanning, we also use solutions from Tenable Network Security. Tenable is better because of its more frequent updates. However, it may depend on the industry and the use case. For now, Nessus is better for vulnerability scanning because of its ability to quickly and accurately detect vulnerabilities. However, Rapid7's team should work on improving the capacity of InsightVM to do the same.

Overall, I would rate the solution an eight out of ten.