No more typing reviews! Try our Samantha, our new voice AI agent.

Cisco Vulnerability Management (formerly Kenna.VM) vs Rapid7 InsightVM comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cisco Vulnerability Managem...
Ranking in Risk-Based Vulnerability Management
23rd
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
1
Ranking in other categories
Cisco Security Portfolio (11th)
Rapid7 InsightVM
Ranking in Risk-Based Vulnerability Management
4th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
66
Ranking in other categories
Vulnerability Management (12th)
 

Mindshare comparison

As of July 2026, in the Risk-Based Vulnerability Management category, the mindshare of Cisco Vulnerability Management (formerly Kenna.VM) is 2.2%, down from 2.4% compared to the previous year. The mindshare of Rapid7 InsightVM is 7.8%, down from 14.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Risk-Based Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Rapid7 InsightVM7.8%
Cisco Vulnerability Management (formerly Kenna.VM)2.2%
Other90.0%
Risk-Based Vulnerability Management
 

Featured Reviews

AshishPaliwal - PeerSpot reviewer
Self-employed at Self-employed
Offers contextual prioritization and risk-based remediation of vulnerability
An improvement would be some sort of an integration with any GRC suite. There are a lot of GRC suites available, like Archer, MetricStream, Rsam, Protiviti, for example. So how would a solution like this work if my company has already invested thousands or maybe millions in a GRC solution? Do I still need it and how does it fit into an existing SAP environment? There could be interoperability, having more data sources, integrating Splunk, Qualys, FireEye, Rapid7, Carbon Black. I'm sure all that can be done to an extent, with a little more insight and a little more accuracy on the industry numbers and trends. I'd like the solution to offer any sort of assistance in any way with the remediation part, not just identification of vulnerability risk, and that is second.
reviewer2775840 - PeerSpot reviewer
Manager at a financial services firm with 5,001-10,000 employees
Manages vulnerabilities effectively over time but needs improvement in web coverage and dashboard flexibility
Most of the dynamic asset tagging we use is manual, not dynamic. To manage the assets, we employed the manual approach because we have a limitation regarding the license, so we don't use the dynamic approach much. I don't know how the configuration assessment has assisted with meeting compliance standards. The product that we use is the on-premise solution where we configure assets and dynamically scan them. However, we use the default policies more, the template, so Rapid7 InsightVM on-premise version is not that effective in the web-related systems. However, it is best on the OS to identify and discover the OS-related vulnerabilities, more of open ports and the discovery of vulnerable ports or services. It would be better to improve Rapid7 InsightVM by including or working better to add web-related templates because it's not that effective in regard to web. I don't know if they may have a separate product regarding the web, but for the on-premise type, they are not strong in this area. I would prefer to see web-related templates in addition to improving the dashboard-related things because the dashboard has been constant for a very long time. It would be better to see various kinds of, perhaps a flexible type of dashboard. If it's not customizable at all, I would want to see the risk and asset over time with more flexibility. The current dashboard is not flexible in this regard; I have to dig down every day, so they should work on this as well, in addition to the web.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The risk context of any vulnerability is a valuable feature; that is what it is used for and then data from different sources can be fed into it, and they have good dashboards, risk meters, and virtualization."
"The risk context of any vulnerability is a valuable feature."
"The solution is very user friendly and easy to manage."
"With Rapid7 InsightVM, the deployment process is more user-friendly."
"The report generating and the scanning are very helpful."
"I really love the new platform. It is really easy to understand, use, and deploy."
"The most valuable feature for us is the different types of reporting it provides."
"Overall, it's a nice tool."
"The solution is automatically scheduled so it runs by itself."
"The performance is good."
 

Cons

"An improvement would be some sort of an integration with any GRC suite."
"There are certain limitations because of the product being used on a hybrid model. Rapid7 InsightVM doesn't offer a solution purely in the cloud."
"There are some difficulties with the online reporting and lack of integrations, the information that you can get from the APIs in the software is not the best."
"InsightVM is getting a little stale and is in danger of falling behind its competitors."
"We'd like the agent to cover more compliance issues."
"The reporting could be better."
"However, the main concern is the system's reliability."
"They should integrate the solution with multiple products."
"The team needs to improve the speed and focus on the new bandwidth feed. Sometimes, it takes a while to scan, especially with new updates."
 

Pricing and Cost Advice

"I think the pricing is based on the number of endpoints, so it's more subscription-based."
"Licensing fees are paid on a yearly basis."
"Pricing is reasonable because we pay according to asset usage. We can define our assets and sites according to our preference."
"The solution's pricing is better than Nexus which charges a high amount for very little use."
"A full license for the solution is expensive because it is at the organizational level and not by individual users."
"Our licensing costs are somewhere around $40,000 annually. There are no additional fees."
"The licensing is asset-based and very straightforward."
"The price of the solution is less than the competitors."
"This solution is expensive, but it's fine for us as we have an open budget for security solutions. Protection and having the system secured is more important."
report
Use our free recommendation engine to learn which Risk-Based Vulnerability Management solutions are best for your needs.
904,748 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Retailer
15%
Computer Software Company
14%
Construction Company
10%
Financial Services Firm
10%
Financial Services Firm
12%
Manufacturing Company
8%
Computer Software Company
7%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business29
Midsize Enterprise14
Large Enterprise25
 

Questions from the Community

Ask a question
Earn 20 points
How would you choose between Rapid7 InsightVM and Tenable Nessus?
You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. You can easily prioritize vulnerabilities using attacker analytics. Overall, Rapid...
What is your experience regarding pricing and costs for Rapid7 InsightVM?
My experience with the pricing, setup cost, and licensing is that both the setup cost and licensing are great.
What needs improvement with Rapid7 InsightVM?
To improve Rapid7 InsightVM, I wish to have integration with patching systems, which would be useful to us. The usability of Rapid7 InsightVM is excellent, and the reporting module is one of the mo...
 

Also Known As

Kenna.VM, Kenna Security, Kenna, Kenna Security Platform
InsightVM, NeXpose
 

Overview

 

Sample Customers

TransUnion
ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM
Find out what your peers are saying about Qualys, Horizon3.ai, Tenable and others in Risk-Based Vulnerability Management. Updated: June 2026.
904,748 professionals have used our research since 2012.