Try our new research platform with insights from 80,000+ expert users

Pentera vs Rapid7 InsightVM comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Pentera
Average Rating
7.8
Reviews Sentiment
7.2
Number of Reviews
9
Ranking in other categories
Penetration Testing Services (2nd), Breach and Attack Simulation (BAS) (1st)
Rapid7 InsightVM
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
61
Ranking in other categories
Risk-Based Vulnerability Management (4th)
 

Mindshare comparison

Pentera and Rapid7 InsightVM aren’t in the same category and serve different purposes. Pentera is designed for Breach and Attack Simulation (BAS) and holds a mindshare of 30.4%, up 27.2% compared to last year.
Rapid7 InsightVM, on the other hand, focuses on Risk-Based Vulnerability Management, holds 14.4% mindshare, up 14.0% since last year.
Breach and Attack Simulation (BAS)
Risk-Based Vulnerability Management
 

Featured Reviews

Richard Marlow - PeerSpot reviewer
Provides good features and helps monitor the status of ransomware protection in an organization
The tool is quite scalable. There's a one-to-one relationship between the engine and how many scans we can do. We can only do one scan with one engine. We had some issues around the password assessments because we added a lot of users. It took a long time. I rate the scalability a seven out of ten. We have three users in our organization.
Mahmoud Elhamaymy - PeerSpot reviewer
Reliable scanning and integration strengthen security infrastructure
InsightVM has a very organized GUI with ease of use. The vulnerability scans are reliable, and the credential scan is a beneficial feature. The solution is efficient and trustworthy. It's based on the CVSS risk scoring system, which is well-recognized and effective. The integration capabilities through APIs allow easy integration with existing security infrastructure.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature of Pentera is that you can do continuous vulnerability assessment, which is automated."
"The tool showed us that our ransomware protection wasn’t working on some machines."
"The product is easy to use."
"What I like the most about Pentera is its solution-oriented approach."
"Maybe there are some remediation steps on the website, we can mask sensitive information on the website better."
"Pentera has many authentic features."
"The solution is SaaS-based. From a cloud perspective, it has Pentera Surface and Pentera Core. The Core is the on-prem deployed solution, while the Surface is the cloud-hosted solution that scans your public infrastructure. From the Surface perspective, the most valuable feature so far has been the attack surface mapping."
"Pentera has many authentic features."
"The most valuable feature is the vulnerability scan."
"most valuable features of Rapid7 InsightVM for me are creating dynamic asset tags, generating reports, and deploying the agent. The agent scans assets every four hours, providing real-time data on any devices. Although there weren't any significant new features compared to our previous tool, having both SIEM and vulnerability management handled by one tool made things easier. We could gather logs from different devices and cloud sources, and perform detailed investigations without switching tools. I haven't worked with the automation capabilities of InsightVM. For remediation prioritization, we check the vulnerability, search for solutions on open platforms, and work with different teams to apply patches after proper testing. Currently, we don’t have any AI or ASM projects assisted by InsightVM"
"We can create our own templates."
"When it comes to the process, installation is very easy and does not take long."
"Using Rapid7, we can install a scan engine, we can do our VPN connections, and we can conduct internal scans of remote sites. We prefer the web application. It's smarter and more accurate from an application perspective."
"The pricing is reasonable."
"I liked the dashboard on it. I could customize my dashboard with different widgets and different heat maps."
"The product's initial setup phase was very easy."
 

Cons

"One of the big issues we have is that the tool has an additional license for compromised credentials. Suppose compromised credentials for any of your domains appear in leaks, dumps, or are being sold. In that case, they try to aggregate that data and highlight that, for example, ten users appeared in recent dumps as compromised credentials. However, they don't provide much information about where those compromises came from or their source information, probably to protect their sources."
"There is room for improvement in virtualization compatibility."
"Pentera's general dashboards could be improved and made more specific in terms of vulnerabilities that I'm discovering."
"The automated penetration testing features must be improved."
"Maybe scalability. I know that the Pentera right now is high level in order to scan big deals over 500 IPs and not less, and not less. That can be more granular. This will be useful."
"One area for product improvement could be the inclusion of a dashboard to cover multiple branches and subsidiaries, allowing for centralized monitoring."
"The licensing and IP management need improvement. When the IP is imported into a system, we cannot withdraw or revoke the license."
"The vulnerability scanner, exploit achievements, and remediation actions are all great."
"The product's documentation could be enhanced with clearer and more detailed instructions."
"In terms of improvements, its price could be better. Our main issue with Rapid7 is that it is too expensive. You can only sell it to enterprise accounts. In terms of new features, Rapid7 came up with a product called InsightIDR a couple of years ago, which is a good SIEM solution. We expect that Rapid7 will work on some sort of integration between InsightVM and InsightIDR, where vulnerability or anomaly detected by InsightVM can be reported in InsightIDR in some sort of real-time. Rapid7 doesn't patch. For example, if you have a vulnerability, some products can scan and also do the patching, but Rapid7 does not do the patching. It would be nice if it can also patch."
"Within InsightVM, there is no feature to assign a ticket. If we can have more API calls, we can do that from InsightVM."
"There is a significant learning curve, that non-technical individuals, especially those not specialized in computer science or the information security industry, might face."
"This solution integrates with another module in Metasploit, that doesn't exist in the other solutions. It is subscribed to on our roadmap, but we chose to implement both Nexppose and AppSpider."
"The InsightVM cannot scan if we connect to our customer by the VPN."
"The reporting has room for improvement. You cannot customize any report. If I need a specific requirement, I have to create a new report for it."
"It would be nice to have an additional feature that would provide reports on who has logged onto the console or who did what on the console."
 

Pricing and Cost Advice

"The tool is relatively cheap."
"We have to pay a yearly licensing cost for Pentera."
"The product's cost is reasonable. I rate the pricing a three out of ten."
"It's not that expensive, but it could be more cost-effective."
"In some cases, we procure the licenses. In some cases, the customers directly buy the license from Rapid7."
"InsightVM is an expensive product, especially compared to its competitors, at around a million NOK per year."
"Comparing the price with the value that we receive, I am not happy with it."
"The licensing is asset-based and very straightforward."
"This solution is expensive, but it's fine for us as we have an open budget for security solutions. Protection and having the system secured is more important."
"Licensing fees are paid on a yearly basis."
"A full license for the solution is expensive because it is at the organizational level and not by individual users."
"We purchase annual licenses."
report
Use our free recommendation engine to learn which Breach and Attack Simulation (BAS) solutions are best for your needs.
842,767 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
14%
Computer Software Company
14%
Manufacturing Company
9%
Educational Organization
6%
Educational Organization
43%
Computer Software Company
9%
Financial Services Firm
8%
Manufacturing Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Pentera?
What I like the most about Pentera is its solution-oriented approach.
What needs improvement with Pentera?
The licensing and IP management need improvement. When the IP is imported into a system, we cannot withdraw or revoke the license.
What is your primary use case for Pentera?
I am using the OpenIntra solution for pentesting and managing candidates in my environment. I also use this solution for house customers.
How would you choose between Rapid7 InsightVM and Tenable Nessus?
You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. You can easily prioritize vulnerabilities using attacker analytics. Overall, Rapid...
What do you like most about Rapid7 InsightVM?
The product's initial setup phase was very easy.
What is your experience regarding pricing and costs for Rapid7 InsightVM?
Rapid7 InsightVM is expensive, possibly one of the highest in pricing among similar products.
 

Also Known As

No data available
InsightVM, NeXpose
 

Overview

 

Sample Customers

Blackstone Group Caterpillar Apria Healthcare Taylor Vinters Sandler Capital Management Drawbridge BNP Paribas British Red Cross
ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM
Find out what your peers are saying about Pentera, Cymulate, Picus Security and others in Breach and Attack Simulation (BAS). Updated: March 2025.
842,767 professionals have used our research since 2012.