Rapid7 InsightVM Reviews

We use Rapid7 InsightVM mostly for VM management.

The solution is good because it has a lot of options.

The solution could improve by being more secure.

I have been using Rapid7 InsightVM for approximately one month.

The solution has been stable.

Rapid7 InsightVM is scalable.

I have not needed to contact the support at this time.

The installation is simple, it took us approximately six hours.

I did the implementation myself.

I would recommend this solution to others.

I rate Rapid7 InsightVM a nine out of ten.

Hybrid Cloud

We're mainly using this solution in-house for now and our primary use case is for Red Teaming. I'm a security engineer and we are resellers of Rapid7. 

The discovery and prioritization of vulnerabilities is a good feature along with the investigation, the trials function. It's also user friendly. 

The solution is not multitenancy and it would be great if they could add some of that to the platform. 

The solution is stable. 

It's scaled to the cloud so scalability is not an issue and it's pretty flexible. 

I haven't used tech support. I've done all my troubleshooting online, it offers thorough explanations.

The initial setup is definitely straightforward.

There is an annual license fee which is pretty expensive because it's price per aspect. The pricing could definitely be cheaper.

If your company has the budget for this product, I would recommend it. 

I rate the solution seven out of 10. 

Public Cloud

I primarily using Rapid7 for vulnerability assessment and reporting.

At this point, we are not happy with Rapid7.

The reporting is very bad when you compare it with other vulnerability assessment tools.

This product is for basic vulnerability assessments, only, and is lacking in features such as compliance, assessment, assets, inventory, and batch management.

I have been using Rapid7 InsightVM for five years.

I would say that the scalability is 50-50. It does not offer much in terms of being able to scale. We have approximately 3,000 users.

I have been in contact with technical support and they are not bad.

Comparing the price with the value that we receive, I am not happy with it.

We are currently looking to replace Rapid7 with another product.

Currently, we are working with Tenable Nessus and Qualys.

I would rate this solution a five out of ten.

On-premises

The primary use is to protect against cybersecurity attacks in your digital infrastructure. One example of such an attack is credential-grabbing.

We have put in some requests for enhancements and they are listening quite well. When there is something that we want to have enhanced then we can easily chat with the people at Rapid7. If it makes sense and another customer thinks that it makes sense then it will be built into the next release.

We are very satisfied with the reports, as they provide us with the information that is required for our management. You can perform the queries that you need.

There have been instances where technical support takes a long time to update the status of a ticket, which is something that can be improved.

I have been using this product for about two and a half years.

The stability is okay.

In terms of scalability, this product is awesome. We have more than 5,000 users and we plan to increase our usage in the future.

The technical support is very nice. They are good and they listen to the customers, which is very important in my opinion.

There is always a demand for technical support to be faster. That said, I think it is much more important to have quality and communication. If I am going to be updated during the course of the case that is running, then that is okay with me. Also, as long as the quality stays in the system and they keep on improving, I am satisfied.

We switched to Rapid7 because we were not satisfied with our previous solution. It was not up to par in terms of our needs and standards.

The initial setup is very straightforward and not complex at all. Our deployment took about three months.

This is mostly a cloud-based solution that works with the assistance of agents and collectors.

We implemented and deployed this product on our own.

The licensing is asset-based and very straightforward.

Overall, this is a product that I am very satisfied with.

I would rate this solution an eight out of ten.

Public Cloud

We use the solution to scan our internal OS and applications. 

The solution protects us from vulnerabilities. If it sees anything, it can tell us about the vulnerability and ranks it as critical or high risk. It allows us to take action immediately to protect our company from attacks.

The most important aspect of the solution is that it rarely gives false positives, especially compared to other products. It provides very clear reports for our IT teams to look at. 

The solution has an excellent feature that scans for vulnerabilities that may affect the Windows operating system. It helps us avoid being affected by WannaCry or other malicious attacks of that nature. It's one of the most useful features that we have. We're able to see more vulnerabilities before they become an issue due to the fact that it's so protective. It's great at helping us avoid malware or ransomware.  

The solution needs to improve its smart monitoring. 

There needs to be much clearer instructions surrounding scanning. 

As for new features, I can't think of anything that's lacking. It's pretty good overall in terms of feature offerings.

I've only been using the solution for half a year - approximately six months. It hasn't been too long.

The solution is very stable. There are no bugs or glitches that I have witnessed. The solution doesn't crash. It's very reliable.

The solution is very flexible and very scalable. A company that needs to add it to their endpoints should have no issues doing so. I don't think there is a limit as to how many are possible.

Typically we deploy this solution to medium-sized enterprises in microfinance and insurance.

I've been in contact with technical support in the past. they're very good. We're satisfied with the level or attention they give us and the information they share.

The solution doesn't really have a complex setup. It's easy to set up and integrate with the endpoint. We install insights at our endpoints to help us collect vulnerability information from there.

We can also install it again and again and use active scanning to conduct vulnerability testing at the endpoints. It's very simple.

Deployment doesn't take long at all. Currently, we can deploy in around two or three days and then integrate it with the endpoint after we've gotten clear instructions from InsightVM.

The steps we choose for implementation are as follows: we first need to follow the instructions to install network communication, from the endpoint to InsightVM. Network communication from the endpoint will go to the scan engine and from the scan engine to the management console of Insight. 

After we satisfy this, we start implementation and we start to deploy the engine to the endpoint. After that, we run a scan from the site configuration of each endpoint scope and we file the report displayed on the dashboard. Lastly, we export the report and provide it to the correct person that needs to be involved at the IT end of things.  

In terms of the number of staff we use for deployment, from our side, we have two people to help manage everything. For the customer, we have four people to coordinate with the internal team. In total, we have six people involved with deployment. Our team includes a deployment engineer and from the customer's side, members of security operations.

Normally, we have both the reseller and the vendor to assist with deployment. From the vendor, we just consult on the step and classify each endpoint. After that, we'll discuss next steps with our team. Currently, we have a distributor that provides this product to us. We work with the vendor and work with the reseller to deploy everything to the customer's systems.

The solution offers flexible pricing.

We're a partner of InsightVM.

We're most likely using the latest version of the solution, however, I'm not sure which exact version number it is.

We've deployed on-premises with a local scan engine.

I'd advise companies that are looking into vulnerability assessment or faster deployment, to check out InsightVM. It's easy to expand as necessary and offers flexibility in its pricing.

I'd rate the solution nine out of ten.

On-premises

The primary use case of this solution is for vulnerability management.

We have monthly scans and reporting. The results are in QRadar, which is our SIEM.

This solution is very easy to use and easy to install.

It has nice features.

It would be nice to have an additional feature that would provide reports on who has logged onto the console or who did what on the console. I don't have the time to log onto the console and use SSH to go through the logs. 

We have some users with certain privileges, and sometimes they do things that I don't like.  This is why it would be nice to have an easy way to report what is in the logs.

In the next release, I would like to see reporting added to the console. It would be helpful to have reports to tell you who did what, who created reports, who created groups or who created tags.

I have been working with this solution for five years.

The stability is good. I am running it on Linux and from that point of view, Linux is stable.

We are using this solution daily. 

This solution is easy to scale. 

I am working at Triglav Group which is the leading insurance-financial group in Slovenia and
in the Adria region and one of the leading groups in South-East Europe

Triglav Group operates together with its subsidiaries and associated companies on seven markets and in six countries.

We use with two consoles, one is international for subdiraies and other is for the Slovenia all thogether we have 15 scan engines on locations.

Approximately a year ago, we had an issue with the dashboard. We contacted technical support to ask a question. Unfortunately, we were not able to resolve the issue that we were having. It could have been something in our network, but we don't know. It was not a big issue.

The technical support is good, they do give you answers and they are pretty quick.

The initial setup was easy and straightforward.

I deployed this solution. It took a couple of days with ten engines.

We did not use a vendor or integrator to implement this solution. We have five thousand people in this firm and I am the only one in technical team. 

My advice would be to just use it. 

As a whole, it's a pretty good product. I don't have any problem with it.

If they had the audit reporting then I would rate it a ten out of ten, but as it is now, I would rate this solution a nine out of then.

On-premises

InsightVM is good. It's easy to use. It's fast, it's a powerful, easy to access tool.

I have had some difficult problems with InsightVM. The InsightVM cannot scan if we connect to our customer by the VPN. I asked the Rapid7 support, they told me that the InsightVM can only work on the same network. We cannot use InsightVM by VPN. It also consumes a lot of memory. It would be good if they could resolve that.

We worked with Rapid7 InsightVM for one year.

It is very stable, but it consumes a lot of memory.

Scalability is good on the same network but not if you have to connect to another network.

I think the support is okay. They responded very quickly, and it was sufficient.

InsightVM is Window-based. It is easy to install and easy to use.

It took us about half a day to set up. When we bought from the distributor in Thailand, the distributor sent an engineer to install and explain how to use it and how to customize the report.

My team uses a small tool such as Tenable Nessus and Rapid7 InsightVM, but when we use both tools and compared the report, Tenable Nessus is very easy to consolidate, to expand to our customer, but InsightVM is very difficult. We would have to cancel it to explain the daily part to our customers.

I would recommend having the distributor help you to explain how this software works and to help with the details. I would rate it at an eight out of ten.

On-premises

We use Rapid7 for our vulnerability assessment. It scans the network, identifies all of the assets that are present, and then identifies all of the vulnerabilities due to non-patching those systems. Based on that, we can generate reports and make sure that those applications or servers are patched on both the operating system and application level.

The most valuable feature is the site scanning, where we can provide a complete subnet and what it is we need to scan on those devices. It will extract all of the information, including the rating and vulnerabilities, in all of the applications that are present, on each of those machines. This is quite relevant because if you have many applications on one server then you don't know if they are individually patched, or not.

The dashboard is not difficult to manage.

The reporting is a little bit tricky because it can be difficult to exactly pinpoint some of the assets to filter them and generate a report. Improving the filtering capability would make the reporting easier.

We would like to have penetration testing features built into Nexpose, as it is the next area that we are going to be concentrating on. We have not yet tried it, but it is on our roadmap.

We have been using this solution for one year.

We have not had any issues with stability. For what we are using it for, it is okay, and we use it on a weekly basis.

We have five people who are working with Nexpose and we have not yet needed to scale.

We have been in touch with support on one or two occasions but I was not the person who dealt with them.

The initial setup is not complex. As soon as you deploy, you start by opening all of the needed communication tools on all of the target systems. In our situation, we deployed gradually as opposed to doing everyone at the same time.

We have five people who have access to this solution and can maintain it. They do not work on it full-time but can do site scanning and generate reports when needed.

A third-party was brought in to implement this solution. However, I have done some of the upgrades and I would say that it is straightforward enough that it is not necessary to bring in anybody else.

My advice for anybody who is implementing this solution is to begin by clearly identifying infrastructure and the most critical assets. This tool will give you good visibility into the network and the assets, but it is only the starting point. It is really the input for the process that you have in place to follow up and patch the assets. Simply knowing that they are vulnerable is not good enough, so the right process has to be put into place before it will work effectively.

I would rate this solution an eight out of ten.

On-premises

We are using the solution for configuration review and vulnerability management.

I am using the latest version.

We have fewer false positives.

We feel the interface is very good. It is very easy to use, even a nontechnical person can use it.

The reporting has room for improvement. You cannot customize any report. If I need a specific requirement, I have to create a new report for it. I cannot pull up two or three things in one report.

Three years.

It is stable. For the last three years, we haven't faced any bugs.

It's very easily scalable. You just have to renew your license, and the scalability is already done.

Currently, we have three people who are use the solution. We manage this solution for the whole organization.

The technical support is very helpful, but too slow. Overall, it usually takes 24 hours for them to reply, but the support that they provide is good.

It's very straightforward. The deployment took less than an hour.

We implemented it on our own.

The license is IP based. How many IPs you are using to scan is the amount of the license you have to buy. The number of users doesn't matter; many users can use it or only person. It depends on the culture of the organization.

We have 600 to 700 licenses.

We tested two to three solutions where we had a couple of false positives. 

Rapid7 InsightVM has very low false positives, so you don't have to go in manually and verify them. This solution is efficient.

I would recommend the product. The product is very good.

I would rate the product between a nine and a nine point five (out of 10).

On-premises

The primary use case of this solution is for critical business applications for the web. We have also implemented it to identify when we are changing and an older system like the application client-server, the server two, the network equipment like switch routers, and security solutions.

The most valuable feature for us is the different types of reporting it provides. For example, the compliance reporting, compliance with the international standard in which we are certified and compliant. This is important for us to escalate the dashboard to our top management.

We need to scan and identify the different RPGs, the critical ones and the major ones that can generate risk or a measure of risk. We generate the reporting from the system and relay the report to our internal developers. We have our internal developers in the bank.

This solution integrates with another module in Metasploit, that doesn't exist in the other solutions. It is subscribed to on our roadmap, but we chose to implement both Nexppose and AppSpider.

I have been using this solution for six months.

This solution is stable. It's a good solution.

This solution is scalable.

It takes two people to manage this solution and to be the backup for the succession plan. Our manager has access and performs audits.

Technical support is good and responsive.

In this current company, they were using Qualys and I convinced the management to change to Rapid 7.

After every event, we are required to automize with information control tools like Sandbox, IPS, and vulnerability management. All of those security tools need to be implemented and automized.

That is not the case with Rapid 7. It can be automized and we are dependant on ourselves. We can perform in having this solution customized with the confines of our text.

The initial setup was not complex and it was easy to implement.

It took a week to prepare and install the virtual machine, and to implement the solution it took one month.

Our Regulatory requires that all banks must implement all security solutions on-premises, not on the cloud because they are worried that the data will be compromised and available on different data centers around the world.

We had the help of an integrator to implement this solution. There were three engineers to help. One was for Nexpose and two for Appsider.

This solution is expensive, but it's fine for us as we have an open budget for security solutions. Protection and having the system secured is more important.

Rapid 7 is a leading solution that has been implemented in many companies.

In Nexpose you have the console and the app assistant for Rapid 7. The design can be implemented in all of the segments of the network to scan, perform the scale of the scan, perform the reporting, generate the reports, and send it to the central console.

I would suggest that customers acquire this solution.

In addition to management, we are subscribed to the security dispense team and the company emergency dispense team. We always receive the bulletins, so we are always aware of the vulnerabilities.

I appreciate this solution. All of the features that are included are enough for me.

This is an excellent solution and I would rate it a ten out of ten.

On-premises