No more typing reviews! Try our Samantha, our new voice AI agent.

Cisco Vulnerability Management (formerly Kenna.VM) vs Rapid7 InsightVM comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cisco Vulnerability Managem...
Ranking in Risk-Based Vulnerability Management
23rd
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
1
Ranking in other categories
Cisco Security Portfolio (11th)
Rapid7 InsightVM
Ranking in Risk-Based Vulnerability Management
4th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
66
Ranking in other categories
Vulnerability Management (12th)
 

Mindshare comparison

As of July 2026, in the Risk-Based Vulnerability Management category, the mindshare of Cisco Vulnerability Management (formerly Kenna.VM) is 2.2%, down from 2.4% compared to the previous year. The mindshare of Rapid7 InsightVM is 7.8%, down from 14.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Risk-Based Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Rapid7 InsightVM7.8%
Cisco Vulnerability Management (formerly Kenna.VM)2.2%
Other90.0%
Risk-Based Vulnerability Management
 

Featured Reviews

AshishPaliwal - PeerSpot reviewer
Self-employed at Self-employed
Offers contextual prioritization and risk-based remediation of vulnerability
An improvement would be some sort of an integration with any GRC suite. There are a lot of GRC suites available, like Archer, MetricStream, Rsam, Protiviti, for example. So how would a solution like this work if my company has already invested thousands or maybe millions in a GRC solution? Do I still need it and how does it fit into an existing SAP environment? There could be interoperability, having more data sources, integrating Splunk, Qualys, FireEye, Rapid7, Carbon Black. I'm sure all that can be done to an extent, with a little more insight and a little more accuracy on the industry numbers and trends. I'd like the solution to offer any sort of assistance in any way with the remediation part, not just identification of vulnerability risk, and that is second.
reviewer2775840 - PeerSpot reviewer
Manager at a financial services firm with 5,001-10,000 employees
Manages vulnerabilities effectively over time but needs improvement in web coverage and dashboard flexibility
Most of the dynamic asset tagging we use is manual, not dynamic. To manage the assets, we employed the manual approach because we have a limitation regarding the license, so we don't use the dynamic approach much. I don't know how the configuration assessment has assisted with meeting compliance standards. The product that we use is the on-premise solution where we configure assets and dynamically scan them. However, we use the default policies more, the template, so Rapid7 InsightVM on-premise version is not that effective in the web-related systems. However, it is best on the OS to identify and discover the OS-related vulnerabilities, more of open ports and the discovery of vulnerable ports or services. It would be better to improve Rapid7 InsightVM by including or working better to add web-related templates because it's not that effective in regard to web. I don't know if they may have a separate product regarding the web, but for the on-premise type, they are not strong in this area. I would prefer to see web-related templates in addition to improving the dashboard-related things because the dashboard has been constant for a very long time. It would be better to see various kinds of, perhaps a flexible type of dashboard. If it's not customizable at all, I would want to see the risk and asset over time with more flexibility. The current dashboard is not flexible in this regard; I have to dig down every day, so they should work on this as well, in addition to the web.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The risk context of any vulnerability is a valuable feature; that is what it is used for and then data from different sources can be fed into it, and they have good dashboards, risk meters, and virtualization."
"The risk context of any vulnerability is a valuable feature."
"InsightVM provides a reliable and efficient solution with a very organized GUI, excellent ease of use, and reliable vulnerability scanning."
"Overall, it's a nice tool."
"Has great reporting features."
"We feel the interface is very good. It is very easy to use, even a nontechnical person can use it."
"InsightVM is good; it's easy to use, it's fast, it's a powerful, easy to access tool."
"The most valuable features are its reporting capabilities and the host discovery functionality."
"The solution has very good integration, so I see no need for improvements in this regard at present."
"The assessment is most valuable."
 

Cons

"An improvement would be some sort of an integration with any GRC suite."
"We are a registered reseller and a trusted partner. However, for us to get any support from them I can't log a call directly with Rapid7 InsightVM. I have to work with the distributor to log the call for me."
"Reporting could be expanded."
"There was functionality present previously, however, currently, we can't integrate directly with Jira Service Desk - only the cloud version."
"The reporting could be better."
"I do not like the fact that as a vulnerability scanner, this product has a fault to a certain extent."
"The platform could be more intuitive and user-friendly."
"It would be great to have a mobile application client."
"It gives false positives at times, and this a problem. It causes problems with reporting."
 

Pricing and Cost Advice

"I think the pricing is based on the number of endpoints, so it's more subscription-based."
"The license is annual and this is the optimal approach when it comes to most software."
"It is less expensive compared to other competitors."
"The product is cheaper than the other similar tools available in the market."
"The license is IP based. How many IPs you are using to scan is the amount of the license you have to buy. The number of users doesn't matter; many users can use it or only person. It depends on the culture of the organization."
"Our licensing costs are somewhere around $40,000 annually. There are no additional fees."
"Its pricing depends on the number of users per month."
"Its price is too high. My only concern or issue with Rapid7 is its pricing."
"It is pretty expensive. It depends on what you consider pricey, however, if you only look at vulnerability management solutions, such as within VM or VMDR, there are, I suppose the prices are almost the same. But I believe you will discover that for yourself."
report
Use our free recommendation engine to learn which Risk-Based Vulnerability Management solutions are best for your needs.
903,257 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Retailer
15%
Computer Software Company
14%
Financial Services Firm
10%
Construction Company
10%
Financial Services Firm
12%
Manufacturing Company
9%
Computer Software Company
7%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business29
Midsize Enterprise14
Large Enterprise25
 

Questions from the Community

Ask a question
Earn 20 points
How would you choose between Rapid7 InsightVM and Tenable Nessus?
You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. You can easily prioritize vulnerabilities using attacker analytics. Overall, Rapid...
What is your experience regarding pricing and costs for Rapid7 InsightVM?
My experience with the pricing, setup cost, and licensing is that both the setup cost and licensing are great.
What needs improvement with Rapid7 InsightVM?
To improve Rapid7 InsightVM, I wish to have integration with patching systems, which would be useful to us. The usability of Rapid7 InsightVM is excellent, and the reporting module is one of the mo...
 

Also Known As

Kenna.VM, Kenna Security, Kenna, Kenna Security Platform
InsightVM, NeXpose
 

Overview

 

Sample Customers

TransUnion
ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM
Find out what your peers are saying about Qualys, Horizon3.ai, Tenable and others in Risk-Based Vulnerability Management. Updated: June 2026.
903,257 professionals have used our research since 2012.