Rapid7 InsightVM Room for Improvement

DA
Cyber ​​Security Analyst at a tech services company with 1-10 employees

In order to be able to properly test the solution and make a decision, I would like to receive the test license code instantly and eliminate the wait time. If I have to wait a week to test the solution it may force me to move on to another solution.

View full review »
Shakeel Ahmad - PeerSpot reviewer
Sr Cyber Security Consultant at Google

The solution cannot scan third-party tools that have firewalls within them. The firewalls detect and block the solution. Conversely, Nexus is able to bypass firewalls because it has low detectability. We use Nexus when the solution cannot bypass a firewall. The solution can scan 60% of the time but Nexus can scan 90% of the time. 

The solution needs to improve its vulnerability design to include CVC results. Nexus has a good, long range and a good database for finding CVC numbers. We need this level of security detail but the solution does not seem to provide it.  

View full review »
RW
IT Security Architect at a government with 1,001-5,000 employees

There are some difficulties with the online reporting and lack of integrations, the information that you can get from the APIs in the software is not the best. There's still some fleshing out of their API that I think could benefit them as well. 

I'd like to see more integrations with ticketing systems. Right now, JIRA and ServiceNow are the only ticketing systems that have integration with Rapid7. Extending that would be big. Some additional integrations with some patch management solutions would be good too. IBM BigFix and SCCM. Microsoft has integrations there. In our situation, we're not using either of those and that feature doesn't really give us a whole lot. If there were to be new integrations added on, both on the patch management and the ITMS side, that would be a big improvement.

Additional features would be the additional integrations for ticketing systems that I mentioned. There are always updates rolling out for new scans and things. 

View full review »
Buyer's Guide
Rapid7 InsightVM
March 2024
Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
Christian Kyony - PeerSpot reviewer
Senior Security Engineer at DRS

Rapid7 InsightVM, has impressive capabilities, especially when it comes to managing video equipment. However, we've noticed that Rapid7 also offers a cloud solution called CloudSec, and we don't have that. We think it would be better if InsightVM had all the features for both on-premise and cloud management.

View full review »
SonNguyen3 - PeerSpot reviewer
Technical Manager at a computer software company with 11-50 employees

The team needs to improve the speed and focus on the new bandwidth feed. Sometimes, it takes a while to scan, especially with new updates. So, they should update the database quickly for the scanning to work more efficiently. Additionally, they should add pack management solutions for better integration with products like Microsoft FC and IBM Bigfoot.

They need to add more features or focus on work screening, and adding pack management solutions would be great. Moreover, there is room for improvement in technical support.

View full review »
JonathanShilling - PeerSpot reviewer
System Analyst II at a energy/utilities company with 1,001-5,000 employees

There are some issues with how it scans patches. Sometimes one patch will have been superseded by another but it won't see that, because one little key hasn't changed. 

View full review »
AP
IRM Technical Consultant at Shell

Their customer support should be improved, and the effectiveness of scans also needs to be improved.

View full review »
UdayaSri Kariyawasam - PeerSpot reviewer
Engineering Lead - DevOps at Persistent Systems

Within InsightVM, there is no feature to assign a ticket. If we can have more API calls, we can do that from InsightVM.

There is room for improvement when it comes to JIRA integration. If they can collaborate with the JIRA team, then it will be easier for people to use it.

If we can configure and define more features such as the critical elite level through InsightVM, it would be better.

I would prefer to have vulnerability assessment with more features, like code analysis, code coverage, etc.

I would also prefer to have a method of custom image analysis for assessment.

In the SDLC (software development lifecycle), if we could easily integrate with a particular lifecycle, then we could have more descriptive reports.

View full review »
DS
Cyber Security Architect at a healthcare company with 11-50 employees

The solution should include a tighter integration with third-party threat modeling and threat intelligence tools. Rapid7 is the solution's own threat intelligence platform but third-party platforms would be a great addition. 

It would be nice to have patching capabilities built within the solution rather than using third-party products. 

View full review »
Andrei Bigdan - PeerSpot reviewer
Executive Manager at B2B-solutions.pro

One area I would like to improve in InsightVM is its integration with other solutions, particularly for better compatibility with upcoming tools we plan to adopt. Enhanced functionality for budget management or change management databases could also be beneficial.

View full review »
AD
IT Manager at a aerospace/defense firm with 10,001+ employees

They should integrate the solution with multiple products along with ServiceNow.

View full review »
Agustinus DWIJOKO - PeerSpot reviewer
Network & Security Engineer at PT. Centrin Online Prima

The agent must be covered if the customer wants to do a combined thing. InsightVM cannot do that if they are using an agent. We'd like the agent to cover more compliance issues.

View full review »
ES
Owner at Sidif Del Caribe Corporation

In terms of improvements, its price could be better. Our main issue with Rapid7 is that it is too expensive. You can only sell it to enterprise accounts. 

In terms of new features, Rapid7 came up with a product called InsightIDR a couple of years ago, which is a good SIEM solution. We expect that Rapid7 will work on some sort of integration between InsightVM and InsightIDR, where vulnerability or anomaly detected by InsightVM can be reported in InsightIDR in some sort of real-time.

Rapid7 doesn't patch. For example, if you have a vulnerability, some products can scan and also do the patching, but Rapid7 does not do the patching. It would be nice if it can also patch.

View full review »
ME
Chief Executive Officer at a outsourcing company with 11-50 employees

I see ongoing progress constantly. There isn't much opportunity to make recommendations for improvement from our end. Technology does what we want it to do.

The only issue I have with their business plan is how they interact with South African enterprises. 

They have one singular distributor that I must work with, and that is where my two points go. 

I can't interact with Rapid7 directly. I must work via the local incumbent, the distributor. And working with this third party can be tiresome at times.

Rapid7 InsightVM doesn't work with us directly. I have to work with a  distributor. If I need quotes or technical support, for example, I have to work with the distributor rather than Rapid7 InsightVM directly.

We are a registered reseller and a trusted partner. However, for us to get any support from them I can't log a call directly with Rapid7 InsightVM. I have to work with the distributor to log the call for me.

View full review »
KM
Head of Cyber security analysis at DNV Poland Sp. z o.o.

InsightVM is getting a little stale and is in danger of falling behind its competitors. It's also becoming more complicated, and I prefer it to be kept simple. Its cloud coverage could also be stepped up.

View full review »
SH
Head of Cyber Security at a tech services company with 51-200 employees

Two things are consistent. The rest of the things run fine. The technical side does not respond quickly. They take a lot of time. The priority should be to respond to the customer to serve the customer.

View full review »
TW
Cybersecurity Consultant at a wholesaler/distributor with 51-200 employees

At times, some customers want more on-premises solutions, and yet vendors want us to load features onto the cloud. While it works in a hybrid way, they need to ensure they keep a customer's needs in mind.

There should be containerization within the VM.

View full review »
BV
Security Specialist at a financial services firm with 1,001-5,000 employees

The drawback is that it is still not a fully SaaS solution, so you have to deploy a console.

View full review »
it_user1152534 - PeerSpot reviewer
Information Security Senior Expert (Founding member, African Cybersecurity Center) at a financial services firm with 10,001+ employees

We need to scan and identify the different RPGs, the critical ones and the major ones that can generate risk or a measure of risk. We generate the reporting from the system and relay the report to our internal developers. We have our internal developers in the bank.

This solution integrates with another module in Metasploit, that doesn't exist in the other solutions. It is subscribed to on our roadmap, but we chose to implement both Nexppose and AppSpider.

View full review »
MuhammadMurtaza - PeerSpot reviewer
Information security engineer at CYBERISK

The primary issue I encountered initially with this tool was related to configuration. There is a significant learning curve, that non-technical individuals, especially those not specialized in computer science or the information security industry, might face.

View full review »
KW
IT Security Engineer

The solution isn't missing any features, and I haven't noticed any shortcomings. 

There was functionality present previously, however, currently, we can't integrate directly with Jira Service Desk - only the cloud version. That, or we must share to the internet on-prem Jira Service Desk. It's not easy for us since we use only the on-prem Service Desk service, and we don't straight to the internet for our service.

InsightVM can only directly connect to the internet. So, we can't use this integration and send tasks to our technical team from InsightVM. We, therefore, need better integration with Jira Service Desk. 

View full review »
Muhammad Ali Aziz - PeerSpot reviewer
Senior Manager Cyber Security Services & Solutions at Trillium

InsightVM could be improved by providing passive scanning as an option. They could also introduce license packages for fewer than 128 users for smaller organizations.

View full review »
Khizar Butt - PeerSpot reviewer
Country Sales Lead at securic systems

Their channel program and the process of their deal registration could be improved.

Some of our customers want to be completely cloud based, and Rapid7 doesn't offer this as an option. 

View full review »
JE
Information Technology Security Specialist at Digitaltrack

The firewall could be better.

We've had struggles with new scanning on Cisco routers. We have to do a lot of troubleshooting. The authentication scan is not working. 

We'd like better risk levels for assets in terms of reporting. 

View full review »
LM
Information Security Officer at Umniah

The integration with other solutions like JIRA could be better. Perhaps there could be some additional updates in the next phase that could integrate with it, so then you can proceed with the VT much easier.

View full review »
JS
Director of Information Technology at a government with 201-500 employees

We found that after you passed an endpoint, it didn't always reflect it in the next scan. I'm not sure if it was a glitch or some issue with the product's software. That was never clear. That was always an issue and something that definitely needed improvement.

View full review »
ZR
Senior Security Analyst at a financial services firm with 1,001-5,000 employees

The reporting has room for improvement. You cannot customize any report. If I need a specific requirement, I have to create a new report for it. I cannot pull up two or three things in one report.

View full review »
FH
Senior manager at Software Productivity Group

They should improve the cybersecurity feature of the solution.

View full review »
BR
Security Solution Engineer II at a security firm with 501-1,000 employees

It is still not a fully cloud-based solution. It will be helpful for customers if it is a complete cloud solution. It is a hybrid solution at the moment.

View full review »
SK
Service Delivery Manager at a security firm with 11-50 employees

The reporting could be better.

We do not need any additional features.

View full review »
DM
Security Analyst at Zavarovalnica Triglav dd

It would be nice to have an additional feature that would provide reports on who has logged onto the console or who did what on the console. I don't have the time to log onto the console and use SSH to go through the logs. 

We have some users with certain privileges, and sometimes they do things that I don't like.  This is why it would be nice to have an easy way to report what is in the logs.

In the next release, I would like to see reporting added to the console. It would be helpful to have reports to tell you who did what, who created reports, who created groups or who created tags.

View full review »
JV
Cyber Security Engineer at a manufacturing company with 5,001-10,000 employees

It would be very helpful to have integration. There are many plugins that can be used for tasks that would help the visibility and be able to locate the exact problem.

I would like to see more integration. 

I would also like to see more flexibility when scheduling the scans. We should be able to schedule scans when we want them to be scheduled. Currently, they have to be scheduled before a certain day of the week.

View full review »
DB
CoFounder & Head of Technology at intuity

It would be great to have a mobile application client. Currently, you have to use a mobile web browser on a device, but it is not similar to the desktop web browser in terms of user experience. It would be nice to have a mobile application to access the platform. 

It would be nice to have someone in the technical support team who speaks Italian. 

View full review »
PR
Information Security Manager at a educational organization with 5,001-10,000 employees

We could always have a cheaper price, but other than that it's pretty good stuff.

Also, if they’d expand their product line, that would be good, and they are doing so, but they're not done yet.

View full review »
AA
Material Coordinator at a energy/utilities company with 1,001-5,000 employees

Rapid7 InsightVM could be easier to use for those who are using it for the first time.

The updates should be fixed in the next release.

View full review »
FA
Head of Cybersecurity Assurance & Controls Director at a tech services company with 1,001-5,000 employees

The reporting is very bad when you compare it with other vulnerability assessment tools.

This product is for basic vulnerability assessments, only, and is lacking in features such as compliance, assessment, assets, inventory, and batch management.

View full review »
MH
Owner at a tech services company with 1-10 employees

They just need to fix it to make it more fluid. If it shows you vulnerabilities, I want to be able to click on the vulnerability and drill down into the vulnerability. If it's rating it as a 10 and it says it's got 30 hosts in it for this vulnerability, I want to click on that vulnerability and get a separate report that says, "Here's the vulnerability specific and here's the host involved." That way I could export it and say, "Hey, this vulnerability's out there, it matches a CVE number that is critical, that Microsoft, Cisco, whatever, has put a patch out there, and here guys, here's what it is and here's the proof. Here's your host that's vulnerable. Here's a change request, fix it, send me back the proof that you fixed it, then allow me to rerun a scan specific to that, on-demand, to say 'Yes, boss, we have mitigated it.'"

I want to be able to just drill down on the reports. If it showing me there's a vulnerability and there's a said number of nodes that's vulnerable to it, I want to be able to drill down and export that list without having to come back out of it, going into my assets, trying to find the name of the vulnerability, which doesn't match what the dashboard says. To me, that was backward.

View full review »
JG
Enterprise Manager Infrastructure and Operations at McGrath RentCorp

A definite improvement would be to make it easier to run ad-hoc scans without needing to assign the asset to a site or group.

View full review »
PD
Assistant Engineer at Harel Mallac Technologies Ltd

The solution could improve by being more secure.

View full review »
it_user988146 - PeerSpot reviewer
Director of Cyber Security (CISO) at a marketing services firm with 201-500 employees

Now that we have been using it, I think there are some things Rapid7 needs to consider and address in improving InsightsVM. I think the reporting piece has room for improvement. While they have a lot of reporting, and some of the reporting is really good, there are some things that I think they can do better on. They need to add some categories that are not covered and expand a few things that have only surface coverage.  

I would love to be on a customer advisory board so that I could provide feedback to them and show them what their solution does not do. For example, I could point out things that I can not do with a widget on the dashboard that I would expect it to be able to do. Things like that might help them improve the product from a real user's perspective. That could amount to a lot of different things, but ideally, it would focus on your most common issues.  

There were a couple of things I know that the security analyst and I were looking at and we were wondering why Rapid7 would choose to implement it that way. Like if they did not include something we needed as part of a report, we could not do what we expected when running the report. That is a little frustrating. I would say that they need to spend some more time evaluating enhancements suggested by customers so that they can get those things implemented and round out the user experience. That is the reason why I think a CAB (Customer Advisory Board) is important for vendors like Rapid7.  

View full review »
Khaoula Saidi - PeerSpot reviewer
Cloud and Cyber-Security Technician at Software Productivity Group

Patch management is the only missing feature I can think of. Rapid7 detects vulnerabilities, but it should also help you manage patches.  

View full review »
it_user1336563 - PeerSpot reviewer
Technical Consultant at Yip Intsoi

The solution needs to improve its smart monitoring. 

There needs to be much clearer instructions surrounding scanning. 

As for new features, I can't think of anything that's lacking. It's pretty good overall in terms of feature offerings.

View full review »
GN
Security Engineer at a computer software company with 51-200 employees

The solution is not multitenancy and it would be great if they could add some of that to the platform. 

View full review »
FA
Senior Consultant at a tech services company with 11-50 employees

All products have room for increased security and Rapid7 InsightVM is no exception. This is why I do not give a perfect score to any product on principle. 

View full review »
TJ
IT Security Analyst at a financial services firm with 1,001-5,000 employees

There is room for improvement on its cloud side.

In the next release I would like to see better reporting.

View full review »
IS
Enterprise ICT Security Architect at a tech services company with 1-10 employees

There have been instances where technical support takes a long time to update the status of a ticket, which is something that can be improved.

View full review »
PJ
Vice President at INET Managed Services Co.,LTD.

I have had some difficult problems with InsightVM. The InsightVM cannot scan if we connect to our customer by the VPN. I asked the Rapid7 support, they told me that the InsightVM can only work on the same network. We cannot use InsightVM by VPN. It also consumes a lot of memory. It would be good if they could resolve that.

View full review »
MF
Infrastructure Security Architect at a comms service provider with 11-50 employees

The reporting is a little bit tricky because it can be difficult to exactly pinpoint some of the assets to filter them and generate a report. Improving the filtering capability would make the reporting easier.

We would like to have penetration testing features built into Nexpose, as it is the next area that we are going to be concentrating on. We have not yet tried it, but it is on our roadmap.

View full review »
it_user121395 - PeerSpot reviewer
ITSM & AntiFraud Consultant with 51-200 employees

For the community edition one of the big issues is with the registration. Rapid 7 only supports paid domains for registration, so no .gmail.com , .yahoo.com domains (once it was possible) . Also the resources needed by the scans can be an issue.

View full review »
NK
Security Team Lead at a tech services company with 10,001+ employees

It gives false positives at times, and this a problem. It causes problems with reporting. 

In addition, I did not find plug-ins for a Rapid7 InsightVM. It would be much more informational to run it through directly, so once the app is installed, once the software is installed on that particular server, it would find what exactly that application is open for. This would make things easier for us.

View full review »
AJ
Security Consultant at a tech vendor with 11-50 employees

The on-premise updates could improve from Rapid7 InsightVM.

View full review »
ME
Senior Cyber Security Specialist at a tech services company with 1,001-5,000 employees

Rapid7 could be easier to manage. When you compare it to other similar solutions, it is a bit difficult to manage.

The reporting could be improved.

View full review »
it_user606432 - PeerSpot reviewer
Works at a insurance company with 501-1,000 employees

There are not enough templates, and the reporting is weak with this solution. It would be great if there were more templates for the analytical reports, such as patch management reports. At present, these do not exist. 

In addition, there are false positives.

View full review »
Buyer's Guide
Rapid7 InsightVM
March 2024
Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.