No more typing reviews! Try our Samantha, our new voice AI agent.

Cisco Vulnerability Management (formerly Kenna.VM) vs Rapid7 InsightVM comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cisco Vulnerability Managem...
Ranking in Risk-Based Vulnerability Management
23rd
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
1
Ranking in other categories
Cisco Security Portfolio (11th)
Rapid7 InsightVM
Ranking in Risk-Based Vulnerability Management
4th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
66
Ranking in other categories
Vulnerability Management (12th)
 

Mindshare comparison

As of July 2026, in the Risk-Based Vulnerability Management category, the mindshare of Cisco Vulnerability Management (formerly Kenna.VM) is 2.2%, down from 2.4% compared to the previous year. The mindshare of Rapid7 InsightVM is 7.8%, down from 14.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Risk-Based Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Rapid7 InsightVM7.8%
Cisco Vulnerability Management (formerly Kenna.VM)2.2%
Other90.0%
Risk-Based Vulnerability Management
 

Featured Reviews

AshishPaliwal - PeerSpot reviewer
Self-employed at Self-employed
Offers contextual prioritization and risk-based remediation of vulnerability
An improvement would be some sort of an integration with any GRC suite. There are a lot of GRC suites available, like Archer, MetricStream, Rsam, Protiviti, for example. So how would a solution like this work if my company has already invested thousands or maybe millions in a GRC solution? Do I still need it and how does it fit into an existing SAP environment? There could be interoperability, having more data sources, integrating Splunk, Qualys, FireEye, Rapid7, Carbon Black. I'm sure all that can be done to an extent, with a little more insight and a little more accuracy on the industry numbers and trends. I'd like the solution to offer any sort of assistance in any way with the remediation part, not just identification of vulnerability risk, and that is second.
reviewer2775840 - PeerSpot reviewer
Manager at a financial services firm with 5,001-10,000 employees
Manages vulnerabilities effectively over time but needs improvement in web coverage and dashboard flexibility
Most of the dynamic asset tagging we use is manual, not dynamic. To manage the assets, we employed the manual approach because we have a limitation regarding the license, so we don't use the dynamic approach much. I don't know how the configuration assessment has assisted with meeting compliance standards. The product that we use is the on-premise solution where we configure assets and dynamically scan them. However, we use the default policies more, the template, so Rapid7 InsightVM on-premise version is not that effective in the web-related systems. However, it is best on the OS to identify and discover the OS-related vulnerabilities, more of open ports and the discovery of vulnerable ports or services. It would be better to improve Rapid7 InsightVM by including or working better to add web-related templates because it's not that effective in regard to web. I don't know if they may have a separate product regarding the web, but for the on-premise type, they are not strong in this area. I would prefer to see web-related templates in addition to improving the dashboard-related things because the dashboard has been constant for a very long time. It would be better to see various kinds of, perhaps a flexible type of dashboard. If it's not customizable at all, I would want to see the risk and asset over time with more flexibility. The current dashboard is not flexible in this regard; I have to dig down every day, so they should work on this as well, in addition to the web.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The risk context of any vulnerability is a valuable feature; that is what it is used for and then data from different sources can be fed into it, and they have good dashboards, risk meters, and virtualization."
"The risk context of any vulnerability is a valuable feature."
"The most valuable feature for me is the risk calculation based on monthly effects."
"The feature that I have found most valuable is its dashboards."
"When you connect any new device to the network, Rapid7 has the ability to detect the new device immediately."
"The stability of Rapid7 InsightVM is excellent."
"Rapid7 gave us the ability to do a lot of that, and it was not a cumbersome tool to implement."
"InsightVM offers a robust platform for identifying, prioritizing, and addressing vulnerabilities across an organization's IT infrastructure."
"The risk score that they provide makes it easier to find out the biggest risks. It helped the security officers to understand where the biggest risks are so that they can act on them. They can instruct their IT teams to give them a higher priority and mitigate them."
"Rapid7 InsightVM has very low false positives, so you don't have to go in manually and verify them."
 

Cons

"An improvement would be some sort of an integration with any GRC suite."
"In terms of improvements, its price could be better. Our main issue with Rapid7 is that it is too expensive."
"It would be great to have a mobile application client. Currently, you have to use a mobile web browser on a device, but it is not similar to the desktop web browser in terms of user experience. It would be nice to have a mobile application to access the platform."
"There have been instances where technical support takes a long time to update the status of a ticket, which is something that can be improved."
"Rapid 7 could be improved as some of the integrations between their different products could be better, and that's probably the main thing."
"The team needs to improve the speed and focus on the new bandwidth feed. Sometimes, it takes a while to scan, especially with new updates."
"A definite improvement would be to make it easier to run ad-hoc scans without needing to assign the asset to a site or group."
"The solution could improve by being more secure."
"There are certain limitations because of the product being used on a hybrid model. Rapid7 InsightVM doesn't offer a solution purely in the cloud."
 

Pricing and Cost Advice

"I think the pricing is based on the number of endpoints, so it's more subscription-based."
"Its licensing is yearly. Everything is included in the price for one year."
"InsightVM is an expensive product, especially compared to its competitors, at around a million NOK per year."
"The solution's pricing is better than Nexus which charges a high amount for very little use."
"It is less expensive compared to other competitors."
"I do not have experience with the pricing of the solution."
"The product is cheaper than the other similar tools available in the market."
"Pricing is reasonable because we pay according to asset usage. We can define our assets and sites according to our preference."
"This solution is expensive, but it's fine for us as we have an open budget for security solutions. Protection and having the system secured is more important."
report
Use our free recommendation engine to learn which Risk-Based Vulnerability Management solutions are best for your needs.
903,118 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Retailer
15%
Computer Software Company
14%
Financial Services Firm
10%
Construction Company
10%
Financial Services Firm
12%
Manufacturing Company
9%
Computer Software Company
7%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business29
Midsize Enterprise14
Large Enterprise25
 

Questions from the Community

Ask a question
Earn 20 points
How would you choose between Rapid7 InsightVM and Tenable Nessus?
You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. You can easily prioritize vulnerabilities using attacker analytics. Overall, Rapid...
What is your experience regarding pricing and costs for Rapid7 InsightVM?
My experience with the pricing, setup cost, and licensing is that both the setup cost and licensing are great.
What needs improvement with Rapid7 InsightVM?
To improve Rapid7 InsightVM, I wish to have integration with patching systems, which would be useful to us. The usability of Rapid7 InsightVM is excellent, and the reporting module is one of the mo...
 

Also Known As

Kenna.VM, Kenna Security, Kenna, Kenna Security Platform
InsightVM, NeXpose
 

Overview

 

Sample Customers

TransUnion
ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM
Find out what your peers are saying about Qualys, Horizon3.ai, Tenable and others in Risk-Based Vulnerability Management. Updated: June 2026.
903,118 professionals have used our research since 2012.