No more typing reviews! Try our Samantha, our new voice AI agent.

Cisco Vulnerability Management (formerly Kenna.VM) vs Rapid7 InsightVM comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cisco Vulnerability Managem...
Ranking in Risk-Based Vulnerability Management
23rd
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
1
Ranking in other categories
Cisco Security Portfolio (11th)
Rapid7 InsightVM
Ranking in Risk-Based Vulnerability Management
4th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
66
Ranking in other categories
Vulnerability Management (12th)
 

Mindshare comparison

As of July 2026, in the Risk-Based Vulnerability Management category, the mindshare of Cisco Vulnerability Management (formerly Kenna.VM) is 2.2%, down from 2.4% compared to the previous year. The mindshare of Rapid7 InsightVM is 7.8%, down from 14.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Risk-Based Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Rapid7 InsightVM7.8%
Cisco Vulnerability Management (formerly Kenna.VM)2.2%
Other90.0%
Risk-Based Vulnerability Management
 

Featured Reviews

AshishPaliwal - PeerSpot reviewer
Self-employed at Self-employed
Offers contextual prioritization and risk-based remediation of vulnerability
An improvement would be some sort of an integration with any GRC suite. There are a lot of GRC suites available, like Archer, MetricStream, Rsam, Protiviti, for example. So how would a solution like this work if my company has already invested thousands or maybe millions in a GRC solution? Do I still need it and how does it fit into an existing SAP environment? There could be interoperability, having more data sources, integrating Splunk, Qualys, FireEye, Rapid7, Carbon Black. I'm sure all that can be done to an extent, with a little more insight and a little more accuracy on the industry numbers and trends. I'd like the solution to offer any sort of assistance in any way with the remediation part, not just identification of vulnerability risk, and that is second.
reviewer2775840 - PeerSpot reviewer
Manager at a financial services firm with 5,001-10,000 employees
Manages vulnerabilities effectively over time but needs improvement in web coverage and dashboard flexibility
Most of the dynamic asset tagging we use is manual, not dynamic. To manage the assets, we employed the manual approach because we have a limitation regarding the license, so we don't use the dynamic approach much. I don't know how the configuration assessment has assisted with meeting compliance standards. The product that we use is the on-premise solution where we configure assets and dynamically scan them. However, we use the default policies more, the template, so Rapid7 InsightVM on-premise version is not that effective in the web-related systems. However, it is best on the OS to identify and discover the OS-related vulnerabilities, more of open ports and the discovery of vulnerable ports or services. It would be better to improve Rapid7 InsightVM by including or working better to add web-related templates because it's not that effective in regard to web. I don't know if they may have a separate product regarding the web, but for the on-premise type, they are not strong in this area. I would prefer to see web-related templates in addition to improving the dashboard-related things because the dashboard has been constant for a very long time. It would be better to see various kinds of, perhaps a flexible type of dashboard. If it's not customizable at all, I would want to see the risk and asset over time with more flexibility. The current dashboard is not flexible in this regard; I have to dig down every day, so they should work on this as well, in addition to the web.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The risk context of any vulnerability is a valuable feature."
"The risk context of any vulnerability is a valuable feature; that is what it is used for and then data from different sources can be fed into it, and they have good dashboards, risk meters, and virtualization."
"We are very satisfied with the reports, as they provide us with the information that is required for our management."
"Using Rapid7, we can install a scan engine, we can do our VPN connections, and we can conduct internal scans of remote sites. We prefer the web application. It's smarter and more accurate from an application perspective."
"The main functionality of identifying item endpoints that weren't properly patched or had vulnerabilities is the solution's most valuable feature."
"InsightVM's best features are the vulnerability database and remediation steps."
"We really didn't have any visibility at all and now we do, it's like night and day."
"Rapid7 InsightVM is an on-premise type product that has helped us manage potential vulnerabilities effectively."
"The discovery and prioritization of vulnerabilities is a good feature along with the investigation, the trials function, and it's also user friendly."
"InsightVM provides a reliable and efficient solution with a very organized GUI, excellent ease of use, and reliable vulnerability scanning."
 

Cons

"An improvement would be some sort of an integration with any GRC suite."
"Customer service needs significant improvement. There are delays in support response times, and support is not available promptly, especially when issues are escalated to another region."
"We found that after you passed an endpoint, it didn't always reflect it in the next scan. I'm not sure if it was a glitch or some issue with the product's software. That was never clear. That was always an issue and something that definitely needed improvement."
"They should improve the cybersecurity feature of the solution."
"We'd like the agent to cover more compliance issues."
"This solution integrates with another module in Metasploit, that doesn't exist in the other solutions. It is subscribed to on our roadmap, but we chose to implement both Nexppose and AppSpider."
"The product's documentation could be enhanced with clearer and more detailed instructions."
"The solution should include a tighter integration with third-party threat modeling and threat intelligence tools."
"In terms of improvements, its price could be better. Our main issue with Rapid7 is that it is too expensive."
 

Pricing and Cost Advice

"I think the pricing is based on the number of endpoints, so it's more subscription-based."
"It is pretty expensive. It depends on what you consider pricey, however, if you only look at vulnerability management solutions, such as within VM or VMDR, there are, I suppose the prices are almost the same. But I believe you will discover that for yourself."
"We purchase annual licenses."
"The solution is a bit more reasonably priced than other products."
"We have an annual license to use Rapid7 InsightVM and if we want to extend it, we will possibly choose more than one year."
"This solution is expensive, but it's fine for us as we have an open budget for security solutions. Protection and having the system secured is more important."
"The license is annual and this is the optimal approach when it comes to most software."
"The price of the solution is less than the competitors."
"Comparing the price with the value that we receive, I am not happy with it."
report
Use our free recommendation engine to learn which Risk-Based Vulnerability Management solutions are best for your needs.
904,928 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Retailer
15%
Computer Software Company
14%
Construction Company
10%
Financial Services Firm
10%
Financial Services Firm
12%
Manufacturing Company
8%
Computer Software Company
7%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business29
Midsize Enterprise14
Large Enterprise25
 

Questions from the Community

Ask a question
Earn 20 points
How would you choose between Rapid7 InsightVM and Tenable Nessus?
You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. You can easily prioritize vulnerabilities using attacker analytics. Overall, Rapid...
What is your experience regarding pricing and costs for Rapid7 InsightVM?
My experience with the pricing, setup cost, and licensing is that both the setup cost and licensing are great.
What needs improvement with Rapid7 InsightVM?
To improve Rapid7 InsightVM, I wish to have integration with patching systems, which would be useful to us. The usability of Rapid7 InsightVM is excellent, and the reporting module is one of the mo...
 

Also Known As

Kenna.VM, Kenna Security, Kenna, Kenna Security Platform
InsightVM, NeXpose
 

Overview

 

Sample Customers

TransUnion
ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM
Find out what your peers are saying about Qualys, Horizon3.ai, Tenable and others in Risk-Based Vulnerability Management. Updated: June 2026.
904,928 professionals have used our research since 2012.