Rapid7 InsightVM provides advanced vulnerability scanning and remediation tracking with real-time data integration. Its intuitive interface supports both agent and agentless modes, enhancing cybersecurity by reducing exploitable vulnerabilities.
| Product | Mindshare (%) |
|---|---|
| Rapid7 InsightVM | 8.1% |
| Qualys VMDR | 9.8% |
| Tenable Security Center | 7.6% |
| Other | 74.5% |
| Type | Title | Date | |
|---|---|---|---|
| Category | Risk-Based Vulnerability Management | Jun 21, 2026 | Download |
| Product | Reviews, tips, and advice from real users | Jun 21, 2026 | Download |
| Comparison | Rapid7 InsightVM vs Qualys VMDR | Jun 21, 2026 | Download |
| Comparison | Rapid7 InsightVM vs The NodeZero Platform by Horizon3.ai | Jun 21, 2026 | Download |
| Comparison | Rapid7 InsightVM vs Tenable Security Center | Jun 21, 2026 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| Wiz | 4.4 | N/A | 97% | 46 interviewsAdd to research |
| Snyk | 4.1 | N/A | 100% | 51 interviewsAdd to research |
| Company Size | Count |
|---|---|
| Small Business | 24 |
| Midsize Enterprise | 13 |
| Large Enterprise | 22 |
| Company Size | Count |
|---|---|
| Small Business | 319 |
| Midsize Enterprise | 172 |
| Large Enterprise | 475 |
Rapid7 InsightVM integrates smoothly with existing security infrastructure, supporting detailed dashboards and reporting features for efficient risk scoring and vulnerability management. Users value its comprehensive asset tagging and the ability to prioritize vulnerabilities, appreciating host discovery capabilities. While InsightVM requires enhancements in reporting flexibility and patch management integration, and users seek improved support response times and extended security measures. Desired improvements also include greater integration with other tools and expanded dashboard customization.
What are the key features of Rapid7 InsightVM?InsightVM's implementation spans several industries, offering robust solutions in vulnerability management, patch management, and cybersecurity compliance facilitation. Organizations leverage its capacity for comprehensive network monitoring and critical vulnerability visibility to enhance their cybersecurity posture.
Rapid7 InsightVM was previously known as InsightVM, NeXpose.
ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM
| Author info | Rating | Review Summary |
|---|---|---|
| Manager at a financial services firm with 5,001-10,000 employees | 3.0 | I've used Rapid7 InsightVM on-premise for several years to identify OS-level vulnerabilities effectively, though it lacks robust web-related features and dashboard flexibility, making the tool average in value despite solid visualization and historical tracking capabilities. |
| Senior Manager - Pre-Sales at Trillium Information Security Systems | 3.5 | I use Rapid7 InsightVM for vulnerability assessment of assets to identify and remediate vulnerabilities. The Live Risk Score feature is valuable, though I feel the automation in remediation needs improvement, as it's currently a manual process. |
| Manager, Information Security at ePlus Technology | 4.0 | I use Rapid 7 primarily for vulnerability management, appreciating its excellent UI, reporting, and managed services. It reduced our exploitable vulnerabilities by 50%, though product integrations and the cloud version could improve. I've used it for over 20 years and find pricing fair. |
| Enterprise Security Architect at a energy/utilities company with 10,001+ employees | 4.0 | I use Rapid7 InsightVM for effective vulnerability scanning, appreciating its agentless capabilities and risk scoring system. While it surpasses QualysGuard in user-friendliness, its customer support response time needs improvement. I deploy it through Microsoft Azure. |
| Head Of Cyber Security at Super Secure | 3.0 | We resell Rapid7 InsightVM to enhance cybersecurity for banks and manufacturers. While valued for robust features, the key improvement area is prompt support. Its subscription model offers budget flexibility, competing with Tenable and Invicti, despite some escalated technical challenges. |
| Professional services team lead at a tech services company with 1,001-5,000 employees | 4.0 | I find InsightVM a reliable, stable, on-premises vulnerability management solution with an organized GUI and efficient scans. I recommend it, though I desire improved documentation and the ability to build custom audit files. |
| IT Manager at Hermanus Investments, LLC | 4.5 | I use Rapid7 InsightVM in my company for cybersecurity, valuing its agent and scanning features. It needs faster updates between the cloud and scanner. Despite this, it provides cost-saving benefits and is superior to alternatives like Nessus, offering comprehensive network security. |
| 0 at a tech vendor with 5,001-10,000 employees | 4.5 | I find Rapid7 InsightVM valuable for its connectivity and integration with SIEM and antivirus solutions, although it could be more user-friendly. I recommend Tenable Nessus for its cost-effectiveness, having experience with it in previous roles. |
| Information Security, Cyber Operations Analyst at a consultancy with 5,001-10,000 employees | 3.0 | We primarily use Rapid7 InsightVM for servers and vulnerability management. It has a good user interface and integrations, but lacks PCI certification and timely updates, affecting reliability. The support response time needs improvement, as does its threat intelligence. |
| Senior Security Engineer at DRS | 4.0 | We use Rapid7 InsightVM to scan around 150,000 subnets for video equipment. While it excels in remediation projects, its lack of real-time monitoring is a drawback. We wish it integrated both on-premise and cloud management capabilities like CloudSec. |
Rapid7 InsightVM's primary use case for us is to check the vulnerability and the exposure of our internal system.
Remediation is not done by the VM tool; we communicate internally with system owners and handle it in that manner. The system itself has not remediated the vulnerability; we more use it to identify and discover the vulnerabilities on each asset we manage.
Rapid7 InsightVM is an on-premise type product that has helped us manage potential vulnerabilities effectively.
The dashboard is excellent as it helps in visualizing our vulnerability management data. We are able to see the historical data in the dashboard, the assets, and the vulnerability in parallel. We can also see each site and manage both per-site as well as the grand information for all sites in the first dashboard.
Most of the dynamic asset tagging we use is manual, not dynamic. To manage the assets, we employed the manual approach because we have a limitation regarding the license, so we don't use the dynamic approach much.
I don't know how the configuration assessment has assisted with meeting compliance standards. The product that we use is the on-premise solution where we configure assets and dynamically scan them. However, we use the default policies more, the template, so Rapid7 InsightVM on-premise version is not that effective in the web-related systems. However, it is best on the OS to identify and discover the OS-related vulnerabilities, more of open ports and the discovery of vulnerable ports or services.
It would be better to improve Rapid7 InsightVM by including or working better to add web-related templates because it's not that effective in regard to web. I don't know if they may have a separate product regarding the web, but for the on-premise type, they are not strong in this area.
I would prefer to see web-related templates in addition to improving the dashboard-related things because the dashboard has been constant for a very long time. It would be better to see various kinds of, perhaps a flexible type of dashboard. If it's not customizable at all, I would want to see the risk and asset over time with more flexibility. The current dashboard is not flexible in this regard; I have to dig down every day, so they should work on this as well, in addition to the web.
We have worked with Rapid7 InsightVM for the past three or four years.
For the technical support by Rapid7, I would give a six out of ten because our web-related systems are very important to identify the vulnerabilities. I believe it would be better to work on the web-related issues and include those kinds of templates in their product.
Neutral
We have utilized the predictive analytics feature.
The pricing of Rapid7 is not cheap; I would say it's medium. It's not very expensive; it's not cheap, but if they included the web and addressed the comments I made, the price would not be that expensive. For now, it is expensive.
Our overall review rating for this product is six out of ten.
The main use case is the vulnerability assessment of their assets. Assets include Windows or Linux platforms. This is the only use case. They want to highlight and identify vulnerabilities in their platform to remediate them. For the remediation part, they want to integrate their IT teams with the Rapid7 InsightVM platform so their IT team can get insights into the vulnerabilities, remediate them, and update over the same platform. These are the functionalities of their Rapid7 InsightVM solution.
The most valuable feature of the Rapid7 InsightVM solution is the Live Risk Score. It provides dynamic Live Risk Scoring of the assets. Vulnerabilities can be classified between most critical and less critical vulnerabilities, which are dynamically updated in their dashboard. This is the most interesting and valuable feature from my perspective.
It provides different compliance reports regarding PCI DSS, GDPR, and HIPAA. For compliance, it is a good solution for customers, and in this domain there is no improvement required for Rapid7 InsightVM.
The automation capability remediation needs improvement. The current process requires manually telling IT teams to remediate vulnerabilities, and then they update the status of these vulnerabilities in the platform. This basic feature that Rapid7 calls an automated remediation process is actually manual. We can update the status of vulnerabilities in the Rapid7 InsightVM platform and collectively see how many vulnerabilities we have identified and how many are remediated by our IT team.
More automation in the remediation feature is a basic demand from many customers. The remediation part and vulnerability identification of network devices or rigid devices are not currently supported by Rapid7 InsightVM. More integration and automation are the two areas Rapid7 needs to improve in their product.
I have been working with Rapid7 InsightVM for about one and a half years.
This is a very stable solution. I rate it around eight because I have faced only one problem in the Rapid7 InsightVM solution when configuring it for a customer due to a malfunction or bug.
Other than that, there have been no specific issues ever recorded or noticed by my team or myself. Rapid7 continuously updates it, which is why I rate it eight out of ten.
This is a very scalable solution that I would rate eight out of ten. Scalability in the Rapid7 InsightVM solution is straightforward. We just need to deploy multiple scanning engines for scanning the assets. If we exceed assets from 5,000 to 10,000, we need to deploy more scanning engines to scan the solutions and assets. We simply need to deploy another scan engine to make it scalable.
I cannot comment specifically regarding the support part because I have never needed Rapid7 support for the InsightVM solution as it is very stable. There were no bugs or specific problems that required raising a support ticket. Their support appears good, and some of their representatives are in direct contact with me through phone numbers. Their support seems good, but I cannot provide a specific rating.
Positive
In the Pakistan region, there are multiple customers using Rapid7 InsightVM solution, including Rapid7 Nexpose. Nexpose and InsightVM are the same solution, with the difference being cloud versus on-premises versions. The on-premises version is called Nexpose, and the cloud version is called Rapid7 InsightVM solution. Their functionalities are almost the same. In Pakistan, I have deployed this solution in more than 15 organizations, and approximately 30 plus organizations are using this solution in total.
Initial setup is very easy as this is a cloud solution. We just need to create the account and use it for integration with other assets. I would rate the initial setup nine out of ten.
The customers are mostly SMBs, though some enterprise organizations have also deployed the solution. This is neither a cheap nor the most expensive solution. Qualys and some other vendors are more expensive than Rapid7 InsightVM.
I have experience with the Rapid7 VMDR solution - not with other solutions. I am exploring the differences between these solutions for customer pitches.
Currently, there is no AI embedded in the solution available on the website. According to Rapid7, they are working on the Sonar project and will soon launch this project to enhance their AI capability in the solution.
My overall rating for Rapid7 InsightVM is seven out of ten.
My main use case for Rapid 7 typically revolves around vulnerability management, but we use it for a number of other things as well.
A specific example of how we're using it for vulnerability management is that we use it to scan and discover vulnerabilities on endpoints, and we use agents as well to discover vulnerabilities, present those in a console, and we work on remediations based upon those findings.
We have a unique setup with Rapid 7 as we're using a variety of their products, including their SIEM, Threat Command, and a few other things as well, and we're just starting to look into their ransomware offerings.
The best features Rapid 7 offers include their presentation of information and UI, which I think is actually very good, along with very good reporting, and their managed services, which I think provide a good value for what they charge.
What stands out to me about the presentation of information and UI is the dashboard, which is excellent, as they provide statistics that I can use to make my case for remediation and for addressing vulnerabilities. With managed services, probably the most valuable thing I find is the single point of contact and a regular point of contact as well, providing good communication from them on a consistent basis.
Rapid 7 has positively impacted my organization by reducing the risk to the environment, specifically by reducing the number of vulnerabilities and the number of vulnerable hosts. We have reduced exploitable vulnerabilities by around 50%, which has made a significant difference for my team.
Rapid 7 could be improved as some of the integrations between their different products could be better, and that's probably the main thing.
There are needed improvements around specific integrations, especially from a vulnerability perspective, as they're trying to push to the cloud-hosted version, which currently does not measure up to the legacy console and the way information is presented on that.
I have been using Rapid 7 for over 20 years.
We didn't use different solutions before Rapid 7 ; we've always used Rapid 7, so there was no need to switch.
I have seen a return on investment from Rapid 7 in the form of risk reduction.
My experience with pricing, setup cost, and licensing for Rapid 7 is that they are generally pretty good in terms of their pricing, their setup cost is reasonable, and licensing is among the easier companies to work with.
Before choosing Rapid 7, we evaluated other options, including Tenable.
I would not add anything else about the features, as there is nothing else that stands out to me. I did not purchase Rapid 7 through the AWS Marketplace. I would rate this solution an 8 out of 10.
We are still using Rapid7 InsightVM.
I personally still use Rapid7 InsightVM.
We use Rapid7 InsightVM for vulnerability scanning. It supports both agent-based and agentless scanning, which is part of our vulnerability management strategy.
The agentless scan in Rapid7 InsightVM is effective and represents the functionality I primarily work with. The risk scoring system in Rapid7 InsightVM is another valuable feature. When comparing to the main competitor QualysGuard, Rapid7 InsightVM is more preferable for me.
Customer support in Rapid7 InsightVM could be improved. The response time needs improvement.
I have performed scans and explored the components of the product over the last three to four years.
I would rate the stability of Rapid7 InsightVM as seven out of ten.
Rapid7 InsightVM rates approximately 8.5 for scalability. Rapid7 InsightVM is recommended for large-scale companies with more than 30,000 users.
The response time for customer service needs improvement.
Positive
My first tool was QualysGuard, which had more than 100,000 users. QualysGuard is more technical and problematic when implementing things, making it not as easy to use as Rapid7 InsightVM.
Setup for Rapid7 InsightVM was simple. It was not complex because I had previous experience with Rapid7 when it was Nexpose.
I would rate the pricing for Rapid7 InsightVM as eight out of ten.
QualysGuard is more challenging if you are not proficient in technical or environmental aspects, making deployment difficult. With Rapid7 InsightVM, the deployment process is more user-friendly.
I would recommend Rapid7 InsightVM for large-scale companies. I can recommend it to other users. Overall, I rate Rapid7 InsightVM eight out of ten.
We are resellers of Rapid7 InsightVM in this market. We typically recommend it to banks and manufacturing groups interested in enhancing their cybersecurity.
We started with a couple of Rapid7 products, including Rapid7 InsightVM, and it runs quite fine with our customers. Although some customers raised issues, we resolved them with our technical team. Customers are interested in this product as it helps heighten their cybersecurity posture. Aside from technical challenges, the products offer comparable packages and services to other vendors in the market, such as Tenable.
The major improvement needed is prompt support. When issues arise, the customer's satisfaction is tied to how quickly they receive a response and a resolution. There have been delays, particularly when technical issues needed escalation, and we had to coordinate with business personnel to address them. Improving this area would be beneficial for Rapid7 InsightVM.
I have been dealing with Rapid7 InsightVM for about three to four years.
There have been some challenges, especially with support response times, which affect stability. However, the product itself runs fine.
Integration with other tools has been fine, with no major issues reported. We did not face any specific equipment or device that could not be integrated.
Customer service needs significant improvement. There are delays in support response times, and support is not available promptly, especially when issues are escalated to another region.
Negative
The initial setup was straightforward. We train our technical team before undertaking deployment, ensuring smoother setups.
The return on investment is something the customers evaluate themselves. Since it is a subscription-based service, they do not own hardware, and it fits within their budgetary requirements.
Pricing is reasonable and competitive compared to other solutions in the market. Customers are generally satisfied and do not ask for drastic price reductions during renewals.
I would rate Rapid7 InsightVM a six out of ten. Improvements in support responsiveness are crucial. Customers like Habib Bank faced delays, leading them to switch to other vendors. Addressing these support issues could enhance the product's effectiveness.
We are working in a region where all the regulations require security solutions to be implemented as on-premises solutions. We cannot use any cloud providers or vendors proposing services in a SaaS model. We use InsightVM as an on-premises solution for vulnerability management practices.
InsightVM provides a reliable and efficient solution with a very organized GUI, excellent ease of use, and reliable vulnerability scanning. The credential scan is a reliable feature, and everything about the product works well.
InsightVM has a very organized GUI with ease of use. The vulnerability scans are reliable, and the credential scan is a beneficial feature. The solution is efficient and trustworthy. It's based on the CVSS risk scoring system, which is well-recognized and effective. The integration capabilities through APIs allow easy integration with existing security infrastructure.
The product's documentation could be enhanced with clearer and more detailed instructions. Having the ability to build our own audit file, similar to a feature in Tenable, would be beneficial. This would provide a significant advantage for users.
We have been using InsightVM for approximately four to five years.
InsightVM is a very stable product. We have not faced any issues with stability, and I would rate it a nine out of ten.
The solution is very scalable. According to the environment requirements, we can scale the solution as needed.
The customer service deserves an eight out of ten rating. The only issue is the response time, likely due to the time region differences. Sometimes support requests coincide with holidays in their support region, causing slight delays.
Positive
The initial setup was very simple and straightforward.
Our customers usually come to our company to purchase the solution, and we communicate with the vendor as one of the largest local partners. We provide the solution and professional services to customers.
I also work with Tenable. In my opinion, Tenable is preferable because it offers fast updates in terms of its vulnerability database and allows for extensive customization. The ability to customize audit files is a significant benefit.
I rate InsightVM an overall eight out of ten. It is a reliable product, and I can recommend it to other users. The integration with existing infrastructure is achievable, and with a little talent in coding, you can achieve the integration easily.
I use the solution in my company for cybersecurity purposes.
The most valuable features of the solution are the agent and the scanning.
I think the improvement in the tool should be to provide a better update to users because sometimes the information within the cloud and the scanner are not synchronized very fast.
For example, like, when we upgrade to a patch with the devices, it should be able to make it up to date right away, but it takes more than hours to update in the portal. We need to then do a rescan manually.
I have been using Rapid7 InsightVM for six years. I am just a customer of the tool.
Stability-wise, I rate the solution a nine out of ten.
The scalability of the product is very good. Scalability-wise, I rate the solution a nine out of ten.
In my organization, around five people use the product.
The product is used most of the time in my company.
I may plan to increase the use of the solution in the future if my business grows.
I rate the technical support an eight out of ten.
Sometimes when I submit a case to Rapid7's support team, it takes them a very long time to provide a resolution. It is not very smooth.
Positive
I have experience with Nessus and GFI LanGuard. I started using Rapid7 InsightVM since I used some other products in the past. I think Rapid7 bought the company whose tool I was using. Rapid7 purchased a tool with a network sensor, after which the company offered our organization the use of Rapid7.
As I had managed the tool's initial setup phase in my previous company, it would be easy for me. For the first-time user of the app, I think because the tool has an onboarding process, it should be very straightforward.
Regarding the product's deployment phase, I have all the instructions from Dell, and I can do everything by myself based on the documentation. The process may take a long time because I need to fix an appointment with Rapid7's team to start the onboarding process. Sometimes, it took at least four weeks to have an appointment. After I have an appointment, during the onboarding, the tool's team just does the syncing part, and then I follow all the steps to make sure everything is in place.
The solution is deployed on a combination, so even though the solution is deployed on the cloud, we have a console, so it is on-premise. It's like a combination consisting of a console and a cloud. Rapid7 has its own cloud.
The solution can be deployed in a month.
The product's deployment was carried out with the help of my company's in-house team, and I mostly managed it myself.
The product has helped with cost-savings. The tool is used to manage areas like updating and monitoring everything. It is good to have an outstanding cybersecurity defense system instead of having to fix a problem when somebody has to deal with high vulnerabilities due to ransomware.
The tool's price is neither too high nor too low. My company needs to pay 65,000 per year. There are no additional costs apart from the licensing fees attached to the solution.
I tried some tools and compared some other products with Rapid7 InsightVM. I considered Tenable Nessus against Rapid7 InsightVM. Tenable Nessus only has a real-time scanner, so it is not a complete solution.
Rapid7 InsightVM fits into our organization's overall security posture in a critical manner.
Most of the features of Rapid7 InsightVM are helpful for identifying and managing vulnerabilities. The reporting part is very useful.
The live monitoring feature in Rapid7 InsightVM has enhanced your security measures in a very critical manner. With Rapid7 and InsightVM, the measurements are critical because we are based on the report, so we know exactly what endpoint or device needs to be patched. Based on the agent and report, we can identify what device we need to handle critically based on the priority.
My company does not have to meet any compliance requirements. In the previous company, there was a need to meet some compliance requirements.
The tool is easy to implement, but you need to have a team to work, and keep it up to date. I wouldn't recommend it for one or two people.
I recommend the product to others.
The product is more suitable for enterprise-sized businesses.
I think the tool doesn't have an AI feature.
I rate the overall tool a nine out of ten.
I find Rapid7 InsightVM pretty useful since we are running it on every asset our company has. We are conducting authenticated scans. This is not just getting exposure from outside, but understanding vulnerabilities internally.
The connectivity provided by Rapid7 InsightVM is valuable. We have integrated our SIEM solutions and antivirus with each other through Rapid7. It allows for a lifecycle connection among different solutions. We are using it with CMDB for tagging critical devices. However, the primary purpose remains running vulnerability scans.
The platform could be more intuitive and user-friendly. I cannot comment on technical specifics as it's like a black box, but improvements in user experience would be beneficial.
I joined my current company two and a half years ago, and they already had this solution.
The stability of Rapid7 InsightVM is excellent. I would rate it as a ten out of ten.
Rapid7 InsightVM is suitable for large enterprises and scales well for companies with over 1,000 users.
I haven't interacted with Rapid7's technical support.It is crucial for tech support to resolve issues as quickly as possible, ideally available 24/7. Even if the support is good, there's always room for improvement, so I would rate them around a five because every company can improve.
Neutral
I have recommended Tenable Nessus, which I used at Bitdefender and in previous roles. Tenable Nessus offered a pay-per-asset option that I found economical.
The initial setup can be simple or complex, depending on whether you're conducting authenticated or unauthenticated scans.
Rapid7 InsightVM is expensive, possibly one of the highest in pricing among similar products.
I have experience with Tenable Nessus and have recommended it for its cost-effectiveness.
Overall, I would recommend Rapid7 InsightVM to other users.
We use the solution mainly for servers and vulnerability management.
The solution's user interface is good and has some vulnerability prioritization. Rapid7 InsightVM has good integrations with ServiceNow and its own remediation project creation options.
Rapid7 InsightVM is not PCI certified, which didn't help us in the London office because of the Cyber Essentials Plus certification, which is mandatory there. We had to outsource the vulnerability management for the London office.
One of the most important things for a vulnerability management tool is the identification of vulnerabilities. When it comes to Rapid7 InsightVM, the vulnerabilities are not updated within its database. This is one of the major things that should be changed in Rapid7 when it comes to customer reliability. If the database is not updated, it could jeopardize the customer's servers and data.
The solution's support staff does not reply on time, which should be improved. Rapid7 InsightVM should improve its threat intelligence.
I have been using Rapid7 InsightVM for the last few years.
The solution's initial setup is good.
Overall, I rate the solution a six out of ten.
We handle a lot of video equipment and Rapid7 InsightVM helps us to scan subnets, around 150,000 of them.
Rapid7 InsightVM is more focused on proactive liability management. However, when there's an incident, our team can handle it, but it's not a top priority for me. I think having another solution, like a response automation tool, would be more helpful. Vulnerability management can't prevent incidents once they're in progress, but it's essential to prevent them before they happen.
The remediation project is pretty effective because it allows us to choose specific assets and set limitations on them for a certain period which allows us to track and follow up on those limitations.
However, when it comes to real-time monitoring and live dashboards, InsightVM doesn't quite fit the bill. It's not a real-time solution and is not instant.
Rapid7 InsightVM, has impressive capabilities, especially when it comes to managing video equipment. However, we've noticed that Rapid7 also offers a cloud solution called CloudSec, and we don't have that. We think it would be better if InsightVM had all the features for both on-premise and cloud management.
I have been using Rapid7 InsightVM for the past 6 years.
I would rate it nine out of ten, especially when it is deployed on Linux Box.
It is very scalable and I would rate it ten out of ten.
As for deployment time, it varies based on the size of the organization and network sensitivity. For example, in a bank, scans might only happen at specific times, like during the night. Generally, deployment can be quick, but there are many factors to consider. You install the console and the scan engine, and then configure them based on network complexity. Scans themselves take less than 20-30 minutes, but the non-technical aspects, like setting up profiles and firewall rules, can take more time.I would rate it 8 out of 10.
I would rate it 8 out of 10.
