Rapid7 InsightVM Reviews

We are using the solution for configuration review and vulnerability management.

I am using the latest version.

We have fewer false positives.

We feel the interface is very good. It is very easy to use, even a nontechnical person can use it.

The reporting has room for improvement. You cannot customize any report. If I need a specific requirement, I have to create a new report for it. I cannot pull up two or three things in one report.

Three years.

It is stable. For the last three years, we haven't faced any bugs.

It's very easily scalable. You just have to renew your license, and the scalability is already done.

Currently, we have three people who are use the solution. We manage this solution for the whole organization.

The technical support is very helpful, but too slow. Overall, it usually takes 24 hours for them to reply, but the support that they provide is good.

It's very straightforward. The deployment took less than an hour.

We implemented it on our own.

The license is IP based. How many IPs you are using to scan is the amount of the license you have to buy. The number of users doesn't matter; many users can use it or only person. It depends on the culture of the organization.

We have 600 to 700 licenses.

We tested two to three solutions where we had a couple of false positives. 

Rapid7 InsightVM has very low false positives, so you don't have to go in manually and verify them. This solution is efficient.

I would recommend the product. The product is very good.

I would rate the product between a nine and a nine point five (out of 10).

Our primary use case for this solution is to gain insight into internal systems vulnerabilities and remediation tasks.

Rapid7 InsightVM has given us a practical view of the vulnerabilities present in our organization. Not only does it verify the vulnerability, but scores it against the skill level of an attacker.

The feature that we find most valuable is the granularity. You can view your assets however makes the most sense to your business. We found that we could isolate systems easily via tagging and site setup.

A definite improvement would be to make it easier to run ad-hoc scans without needing to assign the asset to a site or group.

There are not enough templates, and the reporting is weak with this solution. It would be great if there were more templates for the analytical reports, such as patch management reports. At present, these do not exist. 

In addition, there are false positives.

It is quite stable. 

The scalability is good. 

The tech support is quite good. 

I have previously used Qualys, and I find the Rapid7 is a bit limited in terms of reporting.

The initial setup was easy and straightforward.

The price is cheaper than other products on the market.

We looked at Rapid7 vs Tenable Nessus.

Users need to customize the policy compliance in order to optimize usage.

It is basically used for scanning.

When it comes to the automation, we use the plug-ins that are compatible with the dimensions. Once the builder is done, we run the test cases. Then it is installed onto the server and we run the test cases on the server after the installation.

It gives false positives at times, and this a problem. It causes problems with reporting. 

In addition, I did not find plug-ins for a Rapid7 InsightVM. It would be much more informational to run it through directly, so once the app is installed, once the software is installed on that particular server, it would find what exactly that application is open for. This would make things easier for us.

It is scalable. It definitely handles everything we need, without a problem.

I have not interacted with tech support.

I previously used Tenable Nessus and Nessus Scan. Insight VM vs Tenable Nessus is a more user-friendly product.

The setup was straightforward, and not complex.

I was not involved with the purchase of the product. This is dealt with by our sales team.

Our primary use case is looking for people who are using Tor, or VPNs generally, and the only way we can see that is if they log in and then they log in in a foreign country right away, which means they're jumping on to the "escalator".

We really didn't have any visibility at all and now we do. It's like night and day.

NeXpose is a pretty good vulnerability scanner, good enough. There's a nice dashboard and it's a pretty cool SIEM.

We could always have a cheaper price, but other than that it's pretty good stuff.

Also, if they’d expand their product line, that would be good, and they are doing so, but they're not done yet.

Stability is rock solid.

We're at a pretty big scale already. I don't expect us to get any bigger and it's handling our scale now. If anything, we’ll probably shrink.

We're a school district and, in this area, there are three big districts, and they have open enrollment. We're not on the marketing end of our school district. If the marketing doesn't do well, we’ll shrink.

Tech support is satisfactory.

Last year got a new person in the position of information security officer, and he brought the news with him.

We went with NeXpose because we wanted to get as many products as we could from the same vendor. A full suite would have been fantastic, but that doesn't exist yet. Rapid7 had the vulnerability scanner, the penetration testing, and the SIEM, and the web app evaluator. They're adding other things. They acquired another company recently that will benefit us if we get that product. It's the all-in-one works we like.

My most important criterion when selecting a vendor is that they have to have a purchasing vehicle that is approved for school districts. It's harder than it sounds. We can't just say, "We want that, send us a bill."

It's easy to install.

We started with SentinelOne, we looked at CrowdStrike, we looked at Red Canary. The funny thing was, Red Canary was just remarketing CrowdStrike, or something like that. It got to a point where I realized these weren’t additional vendors. They were just additional packagers of the same solution.

Take a test drive. If you don't test drive it, how do you know you're going to like it or if it even works. Would you buy a car without test driving it? Absolutely not. In this case, it’s a sales contract. It's a service for one to three years. Backing out of it is pretty much impossible.

I rate it at eight out of 10. It just works. We haven't had any trouble with it. We've had good support. What's not to like? But it's an eight because the software that can be purchased is not the ultimate software. It's hard to give anybody a 10.

Rapid 7 offers the community edition, a free of charge edition( 32 IP's) that helps small companies to secure their IT environment. Also with this edition it helps the students to learn about Vulnerability Management.

The report from Nexpose is very big, and gives you a description of the problems you have on your servers, and the solution for remediation.

Other valuable feature is the ability to check the vulnerability with Metasploit with only one click.

I use Nexpose to scan my production servers, check the patching level on those servers, and use the reports to show the evolution of security on my servers.

For the community edition one of the big issues is with the registration. Rapid 7 only supports paid domains for registration, so no .gmail.com , .yahoo.com domains (once it was possible) . Also the resources needed by the scans can be an issue.

I used Nexpose for more than 6 years.

Some of issues apear on Linux instalation, but most of the issues are regarding the DB connection. On windows installation, usually the installation is smooth.In my latest test I have used the VM and everything was smooth.

The application is very stable, but sometimes I have issues with the comunication to the update server.

I have tried all Nexpose editions, and I didn't had any issues with any of them. Starting this year Rapid 7 offers hardware appliances.

i'll rate is 10/10. I had some presentation with them, and the person who presented us the solution really knew what to say to make us look on his screen.

I never used technical support from Rapid 7.

I have tried Nessus when it was a free edition. After that I have used OpenVAS and Qualys.

Qualys is another good solution.

The initial setup was straightforward, with small user input.

All the Nexpose and Metasploit implemenations were made by me for various clients and for my firm for testing purposes.

When you buy a vulnerability management tool, always count your IP's. If you miss one IP, and that server is compromised, you have left the door open for attackers into your enviorment.

OpenVAS, Nessus , Qualys, SAINT8,Beyond Trust

Nexpose is one of the best solution on the market with very good development. One of it's key features was the On-Premise installation and Community Edition. Also it integrates flawless with Metasploit.

The main use cases of Rapid7 InsightVM are finding configuration vulnerability checks and patching recommendations. These two are the main use cases that everybody's looking for.

The most valuable features of Rapid7 InsightVM are the accurate level of scanning and the workflows are good.

The on-premise updates could improve from Rapid7 InsightVM.

I have been using Rapid7 InsightVM for approximately three years.

Rapid7 InsightVM is scalable. You could use it for as many assets as you like. It is very scalable and flexible. 

The technical support is good in their knowledge, but they are a little slow.

The initial setup of Rapid7 InsightVM was straightforward.

I would rate the ease of setup of Rapid7 InsightVM a three out of five.

I rate Rapid7 InsightVM an eight out of ten.

I'm helping customers manage vulnerabilities in their organization. It's for vulnerability scanning. 

It helps with the scanning of vulnerabilities. It's great at handling remediation after you've found an issue and managing the process of vulnerability remediation. The solution provides great advice.

The solution offers very good intelligence and tracking the process of remediation.

It goes very deep and doesn't just find the problem - it helps fix things too. 

The setup is easy.

The solution is easy to use.

It offers good scalability.

It's stable.

The pricing is reasonable. 

The solution can scale.

At times, some customers want more on-premises solutions, and yet vendors want us to load features onto the cloud. While it works in a hybrid way, they need to ensure they keep a customer's needs in mind.

There should be containerization within the VM.

I've been using the solution for two years. 

It is stable and reliable. I haven't had issues with it. There are no bugs or glitches. It doesn't crash or freeze. 

The solution offers very good scalability. One license allows you to have three consoles. It's good for a distributed environment. 

I didn't use different solutions previously.

The initial setup is quite easy. It's easy to use. You can deploy it in less than one hour. Everything happens very fast. It just depends on how long you want to test before implementation. The tuning, however, is a bigger process. 

The solution isn't too expensive. The company offers good bundles. The pricing is simple and based on assets. It's transparent. 

I did evaluate other solutions before using this solution. I looked online. 

I'm a partner, not a customer.

I've been using the solution's latest version and updating it often. 

I'd advise people to use the product as a vulnerability scanner and as a remediation tool. They should look at the whole brand and see if any of their other products can integrate with the scanner. 

I would rate the solution nine out of ten.