Senior Consultant at a tech services company with 11-50 employees
Real User
Good visibility in the event of an attack
Pros and Cons
  • "When it comes to the process, installation is very easy and does not take long."
  • "All products have room for increased security and Rapid7 InsightVM is no exception."

What is our primary use case?

The solution is similar to Tenable, but Rapid7 also comes with Insight - Detection and Response, which integrates with InsightVM. This alerts the customer in the event of an attack or updates him about the status of a vulnerability. The solution provides increased visibility in the environment when integrating between these two products. 

What needs improvement?

All products have room for increased security and Rapid7 InsightVM is no exception. This is why I do not give a perfect score to any product on principle. 

For how long have I used the solution?

We have been using Rapid7 InsightVM for a couple of months.

What do I think about the stability of the solution?

The solution is stable. 

Buyer's Guide
Rapid7 InsightVM
February 2024
Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: February 2024.
756,650 professionals have used our research since 2012.

What do I think about the scalability of the solution?

The solution is scalable. 

We have plans to increase its usage.

Which solution did I use previously and why did I switch?

I have some experience with Tenable Nessus, although I did not use it on a professional basis. 

How was the initial setup?

When it comes to the process, installation is very easy and does not take long. As a matter of course, installing a VM and connecting to a portal is easy. That is all that is needed. Time-wise, this may take an hour. Once the portal and scanner are connected one can start getting the environment. 

What's my experience with pricing, setup cost, and licensing?

The license is annual and this is the optimal approach when it comes to most software. 

What other advice do I have?

The solution is hybrid, meaning that if installation is required it must be done on the environment itself, on-premises, the portal being cloud-based. 

The solution has very good integration, so I see no need for improvements in this regard at present. 

I have no issues with the stability, security, user interface, reporting, monitoring board or Techstar reports. These are all good. 

The documentation is quite detailed and straightforward. It is provided to me via the internet. 

Off the top of my head, I cannot think of anything needing improvement.

We have a single customer who is utilizing the solution, but he makes use of IDR, not IVM.

I would recommend the solution to others.

I rate Rapid7 InsightVM as an eight out of ten. 

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Security Engineer at a computer software company with 51-200 employees
Reseller
Provides good discovery and prioritization of vulnerabilities; unfortunately no multitenancy feature yet
Pros and Cons
  • "The discovery and prioritization of vulnerabilities."

    What is our primary use case?

    We're mainly using this solution in-house for now and our primary use case is for Red Teaming. I'm a security engineer and we are resellers of Rapid7. 

    What is most valuable?

    The discovery and prioritization of vulnerabilities is a good feature along with the investigation, the trials function. It's also user friendly. 

    What needs improvement?

    The solution is not multitenancy and it would be great if they could add some of that to the platform. 

    What do I think about the stability of the solution?

    The solution is stable. 

    What do I think about the scalability of the solution?

    It's scaled to the cloud so scalability is not an issue and it's pretty flexible. 

    How are customer service and technical support?

    I haven't used tech support. I've done all my troubleshooting online, it offers thorough explanations.

    How was the initial setup?

    The initial setup is definitely straightforward.

    What's my experience with pricing, setup cost, and licensing?

    There is an annual license fee which is pretty expensive because it's price per aspect. The pricing could definitely be cheaper.

    What other advice do I have?

    If your company has the budget for this product, I would recommend it. 

    I rate the solution seven out of 10. 

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer:
    PeerSpot user
    Buyer's Guide
    Rapid7 InsightVM
    February 2024
    Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: February 2024.
    756,650 professionals have used our research since 2012.
    Enterprise ICT Security Architect at a tech services company with 1-10 employees
    Real User
    Good scalability, reporting, and technical support
    Pros and Cons
    • "We are very satisfied with the reports, as they provide us with the information that is required for our management."
    • "There have been instances where technical support takes a long time to update the status of a ticket, which is something that can be improved."

    What is our primary use case?

    The primary use is to protect against cybersecurity attacks in your digital infrastructure. One example of such an attack is credential-grabbing.

    What is most valuable?

    We have put in some requests for enhancements and they are listening quite well. When there is something that we want to have enhanced then we can easily chat with the people at Rapid7. If it makes sense and another customer thinks that it makes sense then it will be built into the next release.

    We are very satisfied with the reports, as they provide us with the information that is required for our management. You can perform the queries that you need.

    What needs improvement?

    There have been instances where technical support takes a long time to update the status of a ticket, which is something that can be improved.

    For how long have I used the solution?

    I have been using this product for about two and a half years.

    What do I think about the stability of the solution?

    The stability is okay.

    What do I think about the scalability of the solution?

    In terms of scalability, this product is awesome. We have more than 5,000 users and we plan to increase our usage in the future.

    How are customer service and technical support?

    The technical support is very nice. They are good and they listen to the customers, which is very important in my opinion.

    There is always a demand for technical support to be faster. That said, I think it is much more important to have quality and communication. If I am going to be updated during the course of the case that is running, then that is okay with me. Also, as long as the quality stays in the system and they keep on improving, I am satisfied.

    Which solution did I use previously and why did I switch?

    We switched to Rapid7 because we were not satisfied with our previous solution. It was not up to par in terms of our needs and standards.

    How was the initial setup?

    The initial setup is very straightforward and not complex at all. Our deployment took about three months.

    This is mostly a cloud-based solution that works with the assistance of agents and collectors.

    What about the implementation team?

    We implemented and deployed this product on our own.

    What's my experience with pricing, setup cost, and licensing?

    The licensing is asset-based and very straightforward.

    What other advice do I have?

    Overall, this is a product that I am very satisfied with.

    I would rate this solution an eight out of ten.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Infrastructure Security Architect at a comms service provider with 11-50 employees
    Real User
    Good site-level vulnerability scanning capability, and the dashboard is not difficult to manage
    Pros and Cons
    • "The most valuable feature is the site scanning, where we can provide a complete subnet and what it is we need to scan on those devices."
    • "The reporting is a little bit tricky because it can be difficult to exactly pinpoint some of the assets to filter them and generate a report."

    What is our primary use case?

    We use Rapid7 for our vulnerability assessment. It scans the network, identifies all of the assets that are present, and then identifies all of the vulnerabilities due to non-patching those systems. Based on that, we can generate reports and make sure that those applications or servers are patched on both the operating system and application level.

    What is most valuable?

    The most valuable feature is the site scanning, where we can provide a complete subnet and what it is we need to scan on those devices. It will extract all of the information, including the rating and vulnerabilities, in all of the applications that are present, on each of those machines. This is quite relevant because if you have many applications on one server then you don't know if they are individually patched, or not.

    The dashboard is not difficult to manage.

    What needs improvement?

    The reporting is a little bit tricky because it can be difficult to exactly pinpoint some of the assets to filter them and generate a report. Improving the filtering capability would make the reporting easier.

    We would like to have penetration testing features built into Nexpose, as it is the next area that we are going to be concentrating on. We have not yet tried it, but it is on our roadmap.

    For how long have I used the solution?

    We have been using this solution for one year.

    What do I think about the stability of the solution?

    We have not had any issues with stability. For what we are using it for, it is okay, and we use it on a weekly basis.

    What do I think about the scalability of the solution?

    We have five people who are working with Nexpose and we have not yet needed to scale.

    How are customer service and technical support?

    We have been in touch with support on one or two occasions but I was not the person who dealt with them.

    How was the initial setup?

    The initial setup is not complex. As soon as you deploy, you start by opening all of the needed communication tools on all of the target systems. In our situation, we deployed gradually as opposed to doing everyone at the same time.

    We have five people who have access to this solution and can maintain it. They do not work on it full-time but can do site scanning and generate reports when needed.

    What about the implementation team?

    A third-party was brought in to implement this solution. However, I have done some of the upgrades and I would say that it is straightforward enough that it is not necessary to bring in anybody else.

    What other advice do I have?

    My advice for anybody who is implementing this solution is to begin by clearly identifying infrastructure and the most critical assets. This tool will give you good visibility into the network and the assets, but it is only the starting point. It is really the input for the process that you have in place to follow up and patch the assets. Simply knowing that they are vulnerable is not good enough, so the right process has to be put into place before it will work effectively.

    I would rate this solution an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Vice President at INET Managed Services Co.,LTD.
    Reseller
    Great scanning capabilities, fast, powerful, easy to access
    Pros and Cons
    • "It's easy to use. It's fast, it's a powerful easy to access tool."
    • "The InsightVM cannot scan if we connect to our customer by the VPN."

    What is most valuable?

    InsightVM is good. It's easy to use. It's fast, it's a powerful, easy to access tool.

    What needs improvement?

    I have had some difficult problems with InsightVM. The InsightVM cannot scan if we connect to our customer by the VPN. I asked the Rapid7 support, they told me that the InsightVM can only work on the same network. We cannot use InsightVM by VPN. It also consumes a lot of memory. It would be good if they could resolve that.

    For how long have I used the solution?

    We worked with Rapid7 InsightVM for one year.

    What do I think about the stability of the solution?

    It is very stable, but it consumes a lot of memory.

    What do I think about the scalability of the solution?

    Scalability is good on the same network but not if you have to connect to another network.

    How are customer service and technical support?

    I think the support is okay. They responded very quickly, and it was sufficient.

    How was the initial setup?

    InsightVM is Window-based. It is easy to install and easy to use.

    What about the implementation team?

    It took us about half a day to set up. When we bought from the distributor in Thailand, the distributor sent an engineer to install and explain how to use it and how to customize the report.

    Which other solutions did I evaluate?

    My team uses a small tool such as Tenable Nessus and Rapid7 InsightVM, but when we use both tools and compared the report, Tenable Nessus is very easy to consolidate, to expand to our customer, but InsightVM is very difficult. We would have to cancel it to explain the daily part to our customers.

    What other advice do I have?

    I would recommend having the distributor help you to explain how this software works and to help with the details. I would rate it at an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    PeerSpot user
    IT Security Analyst at a financial services firm with 1,001-5,000 employees
    Real User
    Could be better on the cloud side and offer more reporting, overall - recommended to check other options
    Pros and Cons
    • "The feature that I have found most valuable is its dashboards."
    • "There is room for improvement on its cloud side. In the next release I would like to see better reporting."

    What is our primary use case?

    We use it for vulnerability scanning.

    What is most valuable?

    The feature that I have found most valuable is its dashboards.

    What needs improvement?

    There is room for improvement on its cloud side.

    In the next release I would like to see better reporting.

    For how long have I used the solution?

    I have been using Rapid7 InsightVM for seven years.

    What do I think about the stability of the solution?

    It is stable.

    What do I think about the scalability of the solution?

    Rapid7 InsightVM is scalable.

    In my company, it is just my team of less than five people using it.

    It requires one engineer for deployment and maintenance of the solution.

    We do not have plans to increase the usage of the solution in the future.

    How are customer service and support?

    Their customer support is really bad. On a scale of 1 to 10 I would probably give it a 1.

    How was the initial setup?

    The initial cloud setup was difficult. It took months even though we worked with their professional services.

    What about the implementation team?

    We used a consultant to implement.

    What was our ROI?

    We had a good return, but it could be better.

    What's my experience with pricing, setup cost, and licensing?

    We pay 100,000 yearly.

    What other advice do I have?

    We are thinking about changing right now. We have always used Rapid7, but we are thinking about changing now.

    My advice to anyone considering Rapid7 InsightVM is to look at the other vendors first.

    On a scale of one to ten, I would give Rapid7 InsightVM a 3.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Smriti Rani - PeerSpot reviewer
    System Engineer at a tech services company with 201-500 employees
    MSP
    It's a good solution for capacity forecasting
    Pros and Cons
    • "I rate InsightVM eight out of 10 for ease of setup. It takes two or three engineers to deploy. The solution requires some maintenance. It's mainly cleaning up data."

      What is our primary use case?

      We use InsightVM for capacity forecasting.

      For how long have I used the solution?

      I've been working around, I don't know, it's about three years.

      What do I think about the stability of the solution?

      I rate Rapid7 nine out of 10 for stability.

      What do I think about the scalability of the solution?

      I rate Rapid7 nine out of 10 for scalability.

      How are customer service and support?

      I rate Rapid7 support nine out of 10.

      How would you rate customer service and support?

      Positive

      How was the initial setup?

      I rate InsightVM eight out of 10 for ease of setup. It takes two or three engineers to deploy. The solution requires some maintenance. It's mainly cleaning up data. 

      What other advice do I have?

      I rate Rapid7 InsightVM 10 out of 10.

      Which deployment model are you using for this solution?

      Public Cloud
      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      PeerSpot user
      PeerSpot user
      ITSM & AntiFraud Consultant with 51-200 employees
      Consultant
      It scans my production servers, checks their patching levels, and reports on their security. But, the community edition only supports paid domain registrations (so no free emails, such as gmail.com).

      What is most valuable?

      Rapid 7 offers the community edition, a free of charge edition( 32 IP's) that helps small companies to secure their IT environment. Also with this edition it helps the students to learn about Vulnerability Management.

      The report from Nexpose is very big, and gives you a description of the problems you have on your servers, and the solution for remediation.

      Other valuable feature is the ability to check the vulnerability with Metasploit with only one click.

      How has it helped my organization?

      I use Nexpose to scan my production servers, check the patching level on those servers, and use the reports to show the evolution of security on my servers.

      What needs improvement?

      For the community edition one of the big issues is with the registration. Rapid 7 only supports paid domains for registration, so no .gmail.com , .yahoo.com domains (once it was possible) . Also the resources needed by the scans can be an issue.

      For how long have I used the solution?

      I used Nexpose for more than 6 years.

      What was my experience with deployment of the solution?

      Some of issues apear on Linux instalation, but most of the issues are regarding the DB connection. On windows installation, usually the installation is smooth.In my latest test I have used the VM and everything was smooth.

      What do I think about the stability of the solution?

      The application is very stable, but sometimes I have issues with the comunication to the update server.

      What do I think about the scalability of the solution?

      I have tried all Nexpose editions, and I didn't had any issues with any of them. Starting this year Rapid 7 offers hardware appliances.

      How are customer service and technical support?

      Customer Service:

      i'll rate is 10/10. I had some presentation with them, and the person who presented us the solution really knew what to say to make us look on his screen.

      Technical Support:

      I never used technical support from Rapid 7.

      Which solution did I use previously and why did I switch?

      I have tried Nessus when it was a free edition. After that I have used OpenVAS and Qualys.

      Qualys is another good solution.

      How was the initial setup?

      The initial setup was straightforward, with small user input.

      What about the implementation team?

      All the Nexpose and Metasploit implemenations were made by me for various clients and for my firm for testing purposes.

      What's my experience with pricing, setup cost, and licensing?

      When you buy a vulnerability management tool, always count your IP's. If you miss one IP, and that server is compromised, you have left the door open for attackers into your enviorment.

      Which other solutions did I evaluate?

      OpenVAS, Nessus , Qualys, SAINT8,Beyond Trust

      What other advice do I have?

      Nexpose is one of the best solution on the market with very good development. One of it's key features was the On-Premise installation and Community Edition. Also it integrates flawless with Metasploit.

      Disclosure: My company has a business relationship with this vendor other than being a customer: We are an consulting firm, and I have installed this product to some of our clients.
      PeerSpot user
      Buyer's Guide
      Download our free Rapid7 InsightVM Report and get advice and tips from experienced pros sharing their opinions.
      Updated: February 2024
      Buyer's Guide
      Download our free Rapid7 InsightVM Report and get advice and tips from experienced pros sharing their opinions.