Try our new research platform with insights from 80,000+ expert users

Pentera vs Rapid7 InsightVM comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Pentera
Average Rating
7.8
Reviews Sentiment
7.2
Number of Reviews
9
Ranking in other categories
Penetration Testing Services (2nd), Breach and Attack Simulation (BAS) (1st)
Rapid7 InsightVM
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
62
Ranking in other categories
Risk-Based Vulnerability Management (4th)
 

Mindshare comparison

Pentera and Rapid7 InsightVM aren’t in the same category and serve different purposes. Pentera is designed for Breach and Attack Simulation (BAS) and holds a mindshare of 30.4%, up 27.2% compared to last year.
Rapid7 InsightVM, on the other hand, focuses on Risk-Based Vulnerability Management, holds 14.4% mindshare, up 14.0% since last year.
Breach and Attack Simulation (BAS)
Risk-Based Vulnerability Management
 

Featured Reviews

Richard Marlow - PeerSpot reviewer
Provides good features and helps monitor the status of ransomware protection in an organization
The tool is quite scalable. There's a one-to-one relationship between the engine and how many scans we can do. We can only do one scan with one engine. We had some issues around the password assessments because we added a lot of users. It took a long time. I rate the scalability a seven out of ten. We have three users in our organization.
Mahmoud Elhamaymy - PeerSpot reviewer
Reliable scanning and integration strengthen security infrastructure
InsightVM has a very organized GUI with ease of use. The vulnerability scans are reliable, and the credential scan is a beneficial feature. The solution is efficient and trustworthy. It's based on the CVSS risk scoring system, which is well-recognized and effective. The integration capabilities through APIs allow easy integration with existing security infrastructure.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The product is easy to use."
"The solution is SaaS-based. From a cloud perspective, it has Pentera Surface and Pentera Core. The Core is the on-prem deployed solution, while the Surface is the cloud-hosted solution that scans your public infrastructure. From the Surface perspective, the most valuable feature so far has been the attack surface mapping."
"Pentera has many authentic features."
"The most valuable feature of Pentera is that you can do continuous vulnerability assessment, which is automated."
"Pentera has many authentic features."
"Maybe there are some remediation steps on the website, we can mask sensitive information on the website better."
"The platform's most valuable features are credential management and vulnerability management."
"The tool showed us that our ransomware protection wasn’t working on some machines."
"The remediation project is a pretty effective because it allows us, as clients or countries, to choose specific assets and set limitations on them for a certain period which allows us to track and follow up on those limitations. However, when it comes to real-time monitoring and live dashboards, InsightVM doesn't quite fit the bill. It's not a real-time solution and is not instant."
"The connectivity provided by Rapid7 InsightVM is valuable."
"The solution works well."
"There are many integrations with things like the VMware NSX that are great, the reporting is really solid."
"The reports in Rapid7 InsightVM are useful when compared to competitors."
"NeXpose is a pretty good vulnerability scanner... There's a nice dashboard."
"The assessment is most valuable."
"We can create our own templates."
 

Cons

"Maybe scalability. I know that the Pentera right now is high level in order to scan big deals over 500 IPs and not less, and not less. That can be more granular. This will be useful."
"The automated penetration testing features must be improved."
"The licensing and IP management need improvement. When the IP is imported into a system, we cannot withdraw or revoke the license."
"There is room for improvement in virtualization compatibility."
"One of the big issues we have is that the tool has an additional license for compromised credentials. Suppose compromised credentials for any of your domains appear in leaks, dumps, or are being sold. In that case, they try to aggregate that data and highlight that, for example, ten users appeared in recent dumps as compromised credentials. However, they don't provide much information about where those compromises came from or their source information, probably to protect their sources."
"The licensing and IP management need improvement."
"The vulnerability scanner, exploit achievements, and remediation actions are all great."
"One area for product improvement could be the inclusion of a dashboard to cover multiple branches and subsidiaries, allowing for centralized monitoring."
"I think the improvement in the tool should be to provide a better update to users because sometimes the information within the cloud and the scanner are not synchronized very fast."
"The solution could improve by being more secure."
"There have been instances where technical support takes a long time to update the status of a ticket, which is something that can be improved."
"It would be great to have a mobile application client. Currently, you have to use a mobile web browser on a device, but it is not similar to the desktop web browser in terms of user experience. It would be nice to have a mobile application to access the platform."
"It would be nice to have an additional feature that would provide reports on who has logged onto the console or who did what on the console."
"The reporting is very bad when you compare it with other vulnerability assessment tools."
"Rapid7 could be easier to manage."
"In terms of improvements, its price could be better. Our main issue with Rapid7 is that it is too expensive. You can only sell it to enterprise accounts. In terms of new features, Rapid7 came up with a product called InsightIDR a couple of years ago, which is a good SIEM solution. We expect that Rapid7 will work on some sort of integration between InsightVM and InsightIDR, where vulnerability or anomaly detected by InsightVM can be reported in InsightIDR in some sort of real-time. Rapid7 doesn't patch. For example, if you have a vulnerability, some products can scan and also do the patching, but Rapid7 does not do the patching. It would be nice if it can also patch."
 

Pricing and Cost Advice

"We have to pay a yearly licensing cost for Pentera."
"The product's cost is reasonable. I rate the pricing a three out of ten."
"The tool is relatively cheap."
"It's not that expensive, but it could be more cost-effective."
"This solution is expensive, but it's fine for us as we have an open budget for security solutions. Protection and having the system secured is more important."
"The tool's price is neither too high nor too low. My company needs to pay 65,000 per year. There are no additional costs apart from the licensing fees attached to the solution."
"Pricing is reasonable because we pay according to asset usage. We can define our assets and sites according to our preference."
"I do not have experience with the pricing of the solution."
"We purchase annual licenses."
"The price of the solution is less than the competitors."
"The product is cheaper than the other similar tools available in the market."
"The solution is a bit more reasonably priced than other products."
report
Use our free recommendation engine to learn which Breach and Attack Simulation (BAS) solutions are best for your needs.
849,190 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
14%
Computer Software Company
13%
Manufacturing Company
9%
Educational Organization
6%
Educational Organization
39%
Computer Software Company
9%
Financial Services Firm
8%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Pentera?
What I like the most about Pentera is its solution-oriented approach.
What needs improvement with Pentera?
The licensing and IP management need improvement. When the IP is imported into a system, we cannot withdraw or revoke the license.
What is your primary use case for Pentera?
I am using the OpenIntra solution for pentesting and managing candidates in my environment. I also use this solution for house customers.
How would you choose between Rapid7 InsightVM and Tenable Nessus?
You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. You can easily prioritize vulnerabilities using attacker analytics. Overall, Rapid...
What do you like most about Rapid7 InsightVM?
The product's initial setup phase was very easy.
What is your experience regarding pricing and costs for Rapid7 InsightVM?
Rapid7 InsightVM is expensive, possibly one of the highest in pricing among similar products.
 

Also Known As

No data available
InsightVM, NeXpose
 

Overview

 

Sample Customers

Blackstone Group Caterpillar Apria Healthcare Taylor Vinters Sandler Capital Management Drawbridge BNP Paribas British Red Cross
ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM
Find out what your peers are saying about Pentera, Cymulate, Picus Security and others in Breach and Attack Simulation (BAS). Updated: March 2025.
849,190 professionals have used our research since 2012.