Rapid7 InsightVM Reviews

One of the most valuable features is it's graphical dashboard feature. It is quite easy to manage the widgets, and we can customize those according to our queries.

The other most valuable feature is that we can integrate Rapid7 InsightVM with JIRA. If a vulnerability in our services or server is found, it directly connects with JIRA and will assign a ticket. We can then share that with our development team or infrastructure team. Within a team, we can share it and assign the ticket, and we can smoothly do the mitigation process.

Also, InsightVM has an image container that can be utilized via a CI/CD pipeline. We can directly integrate with building tools, and we can have vulnerability assessment throughout the development life cycle.

Rapid7's initiative Project Sonar digs out the vulnerabilities arising all over the world and sends feedback to the systems. They then immediately update their databases and begin mitigation processes.

Within InsightVM, there is no feature to assign a ticket. If we can have more API calls, we can do that from InsightVM.

There is room for improvement when it comes to JIRA integration. If they can collaborate with the JIRA team, then it will be easier for people to use it.

If we can configure and define more features such as the critical elite level through InsightVM, it would be better.

I would prefer to have vulnerability assessment with more features, like code analysis, code coverage, etc.

I would also prefer to have a method of custom image analysis for assessment.

In the SDLC (software development lifecycle), if we could easily integrate with a particular lifecycle, then we could have more descriptive reports.

I have worked with this solution for two years now.

It is definitely stable.

The scalability is quite good. We can increase the number of assets by paying either onsite or online. Also, we have an onsite engine, and we can install it in our cloud or AWS cloud, for instance.

The technical support team has answered our questions within a couple of hours. They have provided precise answers so far to all the questions we have asked them.

The initial setup was an easy task because we have a Linux server installed.

InsightVM has a framework that's very interesting, and they have very detailed documentation. They have step-by-step directions for the installation process, and we can download them from their site. This means that anyone can easily install it and configure it.

The harder part is writing the queries. We need to have knowledge of InsightVM and how queries, assets, and conditional formats occur. Extensive knowledge can be valuable at this stage of the process.

Pricing is reasonable because we pay according to asset usage. We can define our assets and sites according to our preference.

I recommend doing a comparison of Qualys, Rapid7, and Nessus. Because the scope is different from company to company and cluster to cluster, it would be good to research each product and decide according to your needs.

If I were to rate Rapid7 InsightVM, I would rate it at seven on a scale from one to ten.

We implemented it to scan all the assets. In terms of deployment, in my previous organization, it was deployed on-prem, but in my current organization, it is on the cloud.

The assessment is most valuable.

Their customer support should be improved, and the effectiveness of scans also needs to be improved.

I am an implementor. I have been working with this product from time to time. I started working with it around 2016 for a project. After that, we implemented it in 2019 for another project. Currently, I am not using it, but it is being used in the organization.

Its stability is fine.

Its scalability is okay. We have approximately 3,000 members. Every asset gets scanned. So, indirectly or directly, everyone is using this product.

We plan to keep using this tool. We don't want to get into another scanning tool right now. It has been selected as an enterprise tool, and we aren't going to move to another tool. Any new employees would get added to this tool.

Their support could be better. I would rate them a three out of five.

We were using Qualys. We switched because of the organization's standard.

It is not complex. I would rate it a three out of five in terms of the ease of the setup.

I would rate this solution a seven out of ten.

We are using Rapid7 InsightVM to have a vulnerability assessment solution in our organization to overcome the audit points.

We are at the stage where we are deciding if the solution will be useful for us or not.

We generate the reports for our IT sessions and try to take the recommended actions. After the action is made, we generate another report to check if this action covers the vulnerability points or not.

The reports in Rapid7 InsightVM are useful when compared to competitors.

Rapid7 InsightVM could be easier to use for those who are using it for the first time.

The updates should be fixed in the next release.

I have been using Rapid7 InsightVM for a few months.

The stability of Rapid7 InsightVM has been fine in the three months we have used it.

We are using a virtual environment with Rapid7 InsightVM and we can expand it if we want.

We have approximately three people using this solution in my company. We use the solution weekly or monthly. We would increase the use of the solution if our tests go well.

The support that we are receiving at this time is from our partner who handles the issue with the vendor if needed.

The initial setup was not straightforward because it was our first time doing it.

We did a POC first and this took us two months to make the environment. After we received the license we went into production.

We had a partner help us with the implementation of Rapid7 InsightVM.

We have an IT department that does the maintenance and support of Rapid7 InsightVM.

We have an annual license to use Rapid7 InsightVM and if we want to extend it, we will possibly choose more than one year.

I recommend this solution to others and for them to use a partner for the implementation. It can be difficult for the first time.

I rate Rapid7 InsightVM an eight out of ten.

We use it for vulnerability scanning.

The feature that I have found most valuable is its dashboards.

There is room for improvement on its cloud side.

In the next release I would like to see better reporting.

I have been using Rapid7 InsightVM for seven years.

It is stable.

Rapid7 InsightVM is scalable.

In my company, it is just my team of less than five people using it.

It requires one engineer for deployment and maintenance of the solution.

We do not have plans to increase the usage of the solution in the future.

Their customer support is really bad. On a scale of 1 to 10 I would probably give it a 1.

The initial cloud setup was difficult. It took months even though we worked with their professional services.

We used a consultant to implement.

We had a good return, but it could be better.

We pay 100,000 yearly.

We are thinking about changing right now. We have always used Rapid7, but we are thinking about changing now.

My advice to anyone considering Rapid7 InsightVM is to look at the other vendors first.

On a scale of one to ten, I would give Rapid7 InsightVM a 3.

Rapid7 InsightVM, like Tenable, is used to enforce the vulnerability management lifecycle.

We identify the assets, scan them, prioritize them, and have a remediation plan in place to address any vulnerabilities that are discovered.

A remediator scan is performed to determine whether or not the discovered vulnerabilities have been patched.

The performance is good.

Rapid7 could be easier to manage. When you compare it to other similar solutions, it is a bit difficult to manage.

The reporting could be improved.

I have been using Rapid7 InsightVM for two years.

At the time that it was used, I was using the latest version.

The installation is simple and quick; it only takes 10 minutes to complete.

I have used Tenable SC and Tenable.io, and you cannot compare to Tenable SC or Tenable.io with any other vulnerability solution.

Tenable has that supremacy. It is very easy to manage and very easy to understand. You don't need any prior knowledge or experience to install it; you can do it on your own. You don't need any additional assistance or help through a search on how to install or scan your assets.

Tenable has a very powerful reporting engine but needs to be enhanced.

Tenable is number one, Rapid7 comes second.

I would rate Rapid7 a six out of ten.

We use a hybrid setup. Some dashboards and configurations are uploaded to the Cloud, and some of them are on-premises. The main engine is on-premises. We have about 12 customers and some of them are big companies. 

There are a few main features that we are very happy with. Using Rapid7, we can install a scan engine, we can do our VPN connections, and we can conduct internal scans of remote sites. We prefer the web application. It's smarter and more accurate from an application perspective.

The integration with other solutions like JIRA could be better. Perhaps there could be some additional updates in the next phase that could integrate with it, so then you can proceed with the VT much easier.

I've been using Rapid7 for about two years.

From a scalability standpoint, it's good because they give you around 100%. If you want to increase your asset counts, for example, they give you permission for 100% above the limit that you pay for.

Their support is very good. Technical support varies from person to person. Some cases have taken some time, but once it was escalated, everything was done well and the problem was solved. We've had some cases involving integration, remote sites, and some special configurations. They provided us with some support on all that.  

It's straightforward. Everything is like setting up Lego cubes. It doesn't take much time to deploy. The first deployment may take around an hour or two.

The license could be a little bit cheaper. For all these features, you would expect to pay a little bit lower but around the same general price. Licenses are paid yearly. For some customers, we pay two years at a time, but mostly it's yearly.

I would rate it nine out of 10.

We use this solution for our internal server for scanning. We can scan for vulnerabilities and locate them.

We also generate reports for the patching team. We assign tasks to the patching team.

It's a relevant management tool. 

It has some useful automation features. The report generating and the scanning are very helpful.

It would be very helpful to have integration. There are many plugins that can be used for tasks that would help the visibility and be able to locate the exact problem.

I would like to see more integration. 

I would also like to see more flexibility when scheduling the scans. We should be able to schedule scans when we want them to be scheduled. Currently, they have to be scheduled before a certain day of the week.

I have been using Rapid7 InsightVm for six months during my internship.

Rapid7 InsightVM is a stable product.

We have no issues with the scalability of this solution. We have a vulnerability management team of four who are using it, and in our organization, we have approximately 20 people, including management.

Technical support is good.

I have used Tenable Nessus previously for my personal projects. I used it for scanning for my projects in college.

I was not involved in the installation. It was already installed previously.

Licensing fees are paid on a yearly basis.

I would recommend this solution to others, but more integration features would be more helpful.

I would rate Rapid7 InsightVM an eight out of ten.

We are using InsightVM for vulnerability management services. We use it for providing professional services to our customers, and we also use it for our internal use.

We do on-premises and cloud deployments.

I really love the new platform. It is really easy to understand, use, and deploy. 

Their support is very professional and good at troubleshooting issues.

It would be great to have a mobile application client. Currently, you have to use a mobile web browser on a device, but it is not similar to the desktop web browser in terms of user experience. It would be nice to have a mobile application to access the platform. 

It would be nice to have someone in the technical support team who speaks Italian. 

We have been in a partnership with Rapid7 for five years.

It is absolutely stable.

It is scalable. We have 40 customers who are using this solution.

Their technical support is great, but it would be nice to have someone in the technical support team who speaks Italian. 

We speak Italian with Safeguy. So, sometimes, Safeguy's technical teams also help us.

Its initial setup is easy and quick. We are typically able to deploy it in a couple of hours.

We have 15 certified and dedicated engineers to handle its deployment and maintenance.

In some cases, we procure the licenses. In some cases, the customers directly buy the license from Rapid7.

I would rate Rapid7 InsightVM a nine out of 10.

The solution is similar to Tenable, but Rapid7 also comes with Insight - Detection and Response, which integrates with InsightVM. This alerts the customer in the event of an attack or updates him about the status of a vulnerability. The solution provides increased visibility in the environment when integrating between these two products. 

All products have room for increased security and Rapid7 InsightVM is no exception. This is why I do not give a perfect score to any product on principle. 

We have been using Rapid7 InsightVM for a couple of months.

The solution is stable. 

The solution is scalable. 

We have plans to increase its usage.

I have some experience with Tenable Nessus, although I did not use it on a professional basis. 

When it comes to the process, installation is very easy and does not take long. As a matter of course, installing a VM and connecting to a portal is easy. That is all that is needed. Time-wise, this may take an hour. Once the portal and scanner are connected one can start getting the environment. 

The license is annual and this is the optimal approach when it comes to most software. 

The solution is hybrid, meaning that if installation is required it must be done on the environment itself, on-premises, the portal being cloud-based. 

The solution has very good integration, so I see no need for improvements in this regard at present. 

I have no issues with the stability, security, user interface, reporting, monitoring board or Techstar reports. These are all good. 

The documentation is quite detailed and straightforward. It is provided to me via the internet. 

Off the top of my head, I cannot think of anything needing improvement.

We have a single customer who is utilizing the solution, but he makes use of IDR, not IVM.

I would recommend the solution to others.

I rate Rapid7 InsightVM as an eight out of ten. 

We are system integrators. Our clients normally use it to detect vulnerabilities in terms of a lack of patches in certain systems and databases. Its console can be installed on-premise or on the Rapid7 data center.

When you connect any new device to the network, Rapid7 has the ability to detect the new device immediately. It can scan that device to detect if it has any vulnerability. 

It tells you what is vulnerable and what has been misconfigured. It also tells you what is the risk of that misconfiguration or lack of patches and how to resolve the problem.

In terms of improvements, its price could be better. Our main issue with Rapid7 is that it is too expensive. You can only sell it to enterprise accounts. 

In terms of new features, Rapid7 came up with a product called InsightIDR a couple of years ago, which is a good SIEM solution. We expect that Rapid7 will work on some sort of integration between InsightVM and InsightIDR, where vulnerability or anomaly detected by InsightVM can be reported in InsightIDR in some sort of real-time.

Rapid7 doesn't patch. For example, if you have a vulnerability, some products can scan and also do the patching, but Rapid7 does not do the patching. It would be nice if it can also patch.

We have been working with this solution for the last three years or so. 

It has been stable. There is nothing that has caused any major damage to our customers. Normally, what happens is that when something goes wrong, the customer normally blames the tool first before admitting that they touched something or whatever the case may be.

We have a couple of customers with various company sizes, and we haven't had any scalability issues. Rapid7 is pretty much an enterprise solution. We're talking about customers with more than 1500 nodes to scan.

Their technical support is very good.

I don't handle the installation, but it was not difficult to implement. The basic setup took us about four days or so.

Normally, for a product like this, the complexity of implementation is proportional to the size of the infrastructure that is going to be scanned and also how heterogeneous it is. An enterprise product like this is not like using a coffee maker. You need to have some knowledge of where you are installing it. You also need to have some knowledge of the technology that you are going to scan. You can't scan everything in the same way.

Its price is too high. My only concern or issue with Rapid7 is its pricing.

Our clients evaluate Qualys, Tenable, and Rapid7. It doesn't really matter which one you choose. You cannot go wrong with all of these products. They have been very well ranked by Gartner. The main difference is probably the pricing.

I would recommend this solution. I would rate Rapid7 InsightVM an eight out of ten.