Coming October 25: PeerSpot Awards will be announced! Learn more

Rapid7 InsightVM Room for Improvement

Bill Young - PeerSpot reviewer
Director of Cyber Security (CISO) at a marketing services firm with 201-500 employees

Now that we have been using it, I think there are some things Rapid7 needs to consider and address in improving InsightsVM. I think the reporting piece has room for improvement. While they have a lot of reporting, and some of the reporting is really good, there are some things that I think they can do better on. They need to add some categories that are not covered and expand a few things that have only surface coverage.  

I would love to be on a customer advisory board so that I could provide feedback to them and show them what their solution does not do. For example, I could point out things that I can not do with a widget on the dashboard that I would expect it to be able to do. Things like that might help them improve the product from a real user's perspective. That could amount to a lot of different things, but ideally, it would focus on your most common issues.  

There were a couple of things I know that the security analyst and I were looking at and we were wondering why Rapid7 would choose to implement it that way. Like if they did not include something we needed as part of a report, we could not do what we expected when running the report. That is a little frustrating. I would say that they need to spend some more time evaluating enhancements suggested by customers so that they can get those things implemented and round out the user experience. That is the reason why I think a CAB (Customer Advisory Board) is important for vendors like Rapid7.  

View full review »
Owner at a tech services company with 1-10 employees

They just need to fix it to make it more fluid. If it shows you vulnerabilities, I want to be able to click on the vulnerability and drill down into the vulnerability. If it's rating it as a 10 and it says it's got 30 hosts in it for this vulnerability, I want to click on that vulnerability and get a separate report that says, "Here's the vulnerability specific and here's the host involved." That way I could export it and say, "Hey, this vulnerability's out there, it matches a CVE number that is critical, that Microsoft, Cisco, whatever, has put a patch out there, and here guys, here's what it is and here's the proof. Here's your host that's vulnerable. Here's a change request, fix it, send me back the proof that you fixed it, then allow me to rerun a scan specific to that, on-demand, to say 'Yes, boss, we have mitigated it.'"

I want to be able to just drill down on the reports. If it showing me there's a vulnerability and there's a said number of nodes that's vulnerable to it, I want to be able to drill down and export that list without having to come back out of it, going into my assets, trying to find the name of the vulnerability, which doesn't match what the dashboard says. To me, that was backward.

View full review »
UdayaSri Kariyawasam - PeerSpot reviewer
Engineering Lead - DevOps at Persistent Systems

Within InsightVM, there is no feature to assign a ticket. If we can have more API calls, we can do that from InsightVM.

There is room for improvement when it comes to JIRA integration. If they can collaborate with the JIRA team, then it will be easier for people to use it.

If we can configure and define more features such as the critical elite level through InsightVM, it would be better.

I would prefer to have vulnerability assessment with more features, like code analysis, code coverage, etc.

I would also prefer to have a method of custom image analysis for assessment.

In the SDLC (software development lifecycle), if we could easily integrate with a particular lifecycle, then we could have more descriptive reports.

View full review »
Buyer's Guide
Rapid7 InsightVM
September 2022
Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
633,572 professionals have used our research since 2012.
Owner at Sidif Del Caribe Corporation

In terms of improvements, its price could be better. Our main issue with Rapid7 is that it is too expensive. You can only sell it to enterprise accounts. 

In terms of new features, Rapid7 came up with a product called InsightIDR a couple of years ago, which is a good SIEM solution. We expect that Rapid7 will work on some sort of integration between InsightVM and InsightIDR, where vulnerability or anomaly detected by InsightVM can be reported in InsightIDR in some sort of real-time.

Rapid7 doesn't patch. For example, if you have a vulnerability, some products can scan and also do the patching, but Rapid7 does not do the patching. It would be nice if it can also patch.

View full review »
Service Delivery Manager at a outsourcing company with 11-50 employees

The reporting could be better.

We do not need any additional features.

View full review »
Security Officer at a tech consulting company with 51-200 employees

It is still not a fully cloud-based solution. It will be helpful for customers if it is a complete cloud solution. It is a hybrid solution at the moment.

View full review »
Material Coordinator at a energy/utilities company with 1,001-5,000 employees

Rapid7 InsightVM could be easier to use for those who are using it for the first time.

The updates should be fixed in the next release.

View full review »
Senior Consultant at a tech services company with 11-50 employees

All products have room for increased security and Rapid7 InsightVM is no exception. This is why I do not give a perfect score to any product on principle. 

View full review »
Agustinus DWIJOKO - PeerSpot reviewer
Network & Security Engineer at a comms service provider with 11-50 employees

The agent must be covered if the customer wants to do a combined thing. InsightVM cannot do that if they are using an agent. We'd like the agent to cover more compliance issues.

View full review »
Layth Mansour - PeerSpot reviewer
Information Security Officer at Umniah

The integration with other solutions like JIRA could be better. Perhaps there could be some additional updates in the next phase that could integrate with it, so then you can proceed with the VT much easier.

View full review »
Head of Cyber security analysis at DNV Poland Sp. z o.o.

InsightVM is getting a little stale and is in danger of falling behind its competitors. It's also becoming more complicated, and I prefer it to be kept simple. Its cloud coverage could also be stepped up.

View full review »
Cyber Security Engineer at a manufacturing company with 5,001-10,000 employees

It would be very helpful to have integration. There are many plugins that can be used for tasks that would help the visibility and be able to locate the exact problem.

I would like to see more integration. 

I would also like to see more flexibility when scheduling the scans. We should be able to schedule scans when we want them to be scheduled. Currently, they have to be scheduled before a certain day of the week.

View full review »
Anusha Patnaik - PeerSpot reviewer
IRM Technical Consultant at Shell

Their customer support should be improved, and the effectiveness of scans also needs to be improved.

View full review »
Davide Baudanza - PeerSpot reviewer
CoFounder & Head of Technology at intuity

It would be great to have a mobile application client. Currently, you have to use a mobile web browser on a device, but it is not similar to the desktop web browser in terms of user experience. It would be nice to have a mobile application to access the platform. 

It would be nice to have someone in the technical support team who speaks Italian. 

View full review »
IT Security Analyst at a financial services firm with 1,001-5,000 employees

There is room for improvement on its cloud side.

In the next release I would like to see better reporting.

View full review »
Senior Cyber Security Specialist at a tech services company with 1,001-5,000 employees

Rapid7 could be easier to manage. When you compare it to other similar solutions, it is a bit difficult to manage.

The reporting could be improved.

View full review »
Muhammad Ali Aziz - PeerSpot reviewer
Sr Manager of Cybersecurity at a tech services company with 51-200 employees

InsightVM could be improved by providing passive scanning as an option. They could also introduce license packages for fewer than 128 users for smaller organizations.

View full review »
Khizar Butt - PeerSpot reviewer
Regional Sales Manager at Securic Systems

Their channel program and the process of their deal registration could be improved.

Some of our customers want to be completely cloud based, and Rapid7 doesn't offer this as an option. 

View full review »
Gerald Naude - PeerSpot reviewer
Security Engineer at a computer software company with 51-200 employees

The solution is not multitenancy and it would be great if they could add some of that to the platform. 

View full review »
Head of Cybersecurity Assurance & Controls Director at a tech services company with 1,001-5,000 employees

The reporting is very bad when you compare it with other vulnerability assessment tools.

This product is for basic vulnerability assessments, only, and is lacking in features such as compliance, assessment, assets, inventory, and batch management.

View full review »
Security Consultant at a tech vendor with 11-50 employees

The on-premise updates could improve from Rapid7 InsightVM.

View full review »
ParveshDhurmea - PeerSpot reviewer
Assistant Engineer at Harel Mallac Technologies Ltd

The solution could improve by being more secure.

View full review »
Buyer's Guide
Rapid7 InsightVM
September 2022
Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
633,572 professionals have used our research since 2012.