Try our new research platform with insights from 80,000+ expert users

Rapid7 InsightVM vs XM Cyber comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Average Rating
9.6
Reviews Sentiment
8.1
Number of Reviews
3
Ranking in other categories
Vulnerability Management (27th), Continuous Threat Exposure Management (CTEM) (6th)
Rapid7 InsightVM
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
62
Ranking in other categories
Risk-Based Vulnerability Management (4th)
XM Cyber
Average Rating
8.0
Reviews Sentiment
7.7
Number of Reviews
2
Ranking in other categories
Continuous Controls Monitoring (7th), Vulnerability Management (30th), Cloud Security Posture Management (CSPM) (25th), Continuous Threat Exposure Management (CTEM) (4th)
 

Mindshare comparison

Risk-Based Vulnerability Management
Continuous Threat Exposure Management (CTEM)
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
Mahmoud Elhamaymy - PeerSpot reviewer
Reliable scanning and integration strengthen security infrastructure
InsightVM has a very organized GUI with ease of use. The vulnerability scans are reliable, and the credential scan is a beneficial feature. The solution is efficient and trustworthy. It's based on the CVSS risk scoring system, which is well-recognized and effective. The integration capabilities through APIs allow easy integration with existing security infrastructure.
HolgerHeimann - PeerSpot reviewer
Reliable with no false-positives and helpful support
There's a lot of improvement possible, however, most of it is in the details. I personally like the concept, as it's pretty straightforward and the product is not trying to overload functionality. It's a clean and straightforward approach. You know what you get. Most of the improvements are detail improvements. They're pretty open to future requests as well, so we send them a lot of suggestions. For example, at the moment, they have something called Battleground. That's a visualization of the network, and it's a visualization of the attack paths that are possible. The program uses so-called scenarios, and we say, "Okay, I'm watching traffic for maybe 24 hours," and then you get a result for that scenario, what happens in that time with what the attack paths are, et cetera. The result of the same scenario yesterday or tomorrow may be different as something might change. In that, one of the things I'm currently missing, which is on the list to be added, is some kind of diff visualization. For example, showing a two-screen split of activity. On the left side of the screen, that's how it was yesterday; on the right side, that's how it is today; and here are the differences. We'd like to see a cheaper price.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran has become an indispensable tool in our cybersecurity arsenal."
"We are able to see the real risk of a vulnerability on our environment with our security tools."
"Zafran is an excellent tool."
"There are many integrations with things like the VMware NSX that are great, the reporting is really solid."
"I like Rapid7's scan optimization options."
"I really love the new platform. It is really easy to understand, use, and deploy."
"The reports in Rapid7 InsightVM are useful when compared to competitors."
"It is good and fits well with pretty much all of our use case needs."
"NeXpose is a pretty good vulnerability scanner... There's a nice dashboard."
"The stability of Rapid7 InsightVM is excellent."
"The most valuable feature for me is the risk calculation based on monthly effects."
"What I personally like very much, from my experience, is that it is very reliable."
"The platform's most valuable feature is attack simulation."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"The team needs to improve the speed and focus on the new bandwidth feed. Sometimes, it takes a while to scan, especially with new updates."
"I would say that it improved our visibility, but it left things open."
"The on-premise updates could improve from Rapid7 InsightVM."
"The product does not have the capability to do dynamic scanning of non-web applications."
"Their customer support should be improved, and the effectiveness of scans also needs to be improved."
"There should be containerization within the VM."
"In order to be able to properly test the solution and make a decision, I would like to receive the test license code instantly and eliminate the wait time."
"I’d like to see Rapid7 InsightVM improve by adding a knowledge base similar to what Qualys offers. This would help us easily check and search for vulnerabilities using Rapid7 IDs associated with CVs or CVSS. From a features perspective, everything was fine at the time, and the security features of Rapid7 InsightVM were effective."
"XM Cyber could identify all areas of vulnerability. They could expand the identification span for different areas."
"We'd like to see a cheaper price."
 

Pricing and Cost Advice

Information not available
"This solution is expensive, but it's fine for us as we have an open budget for security solutions. Protection and having the system secured is more important."
"Its licensing is yearly. Everything is included in the price for one year."
"I do not have experience with the pricing of the solution."
"Our licensing costs are somewhere around $40,000 annually. There are no additional fees."
"The solution's pricing is better than Nexus which charges a high amount for very little use."
"The solution is a bit more reasonably priced than other products."
"The tool's price is neither too high nor too low. My company needs to pay 65,000 per year. There are no additional costs apart from the licensing fees attached to the solution."
"Its pricing depends on the number of users per month."
"We have to pay standard licensing fees."
report
Use our free recommendation engine to learn which Risk-Based Vulnerability Management solutions are best for your needs.
849,190 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
11%
Manufacturing Company
7%
Retailer
6%
Educational Organization
39%
Computer Software Company
9%
Financial Services Firm
8%
Manufacturing Company
7%
Computer Software Company
16%
Financial Services Firm
15%
Manufacturing Company
10%
Retailer
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
I find that the pricing for Zafran aligns well with the comprehensive features it offers. The asset and user-based li...
What needs improvement with Zafran Security?
While Zafran Security is already a powerful tool, there are areas where it could be further improved to provide even ...
What is your primary use case for Zafran Security?
Our primary use case for Zafran involves leveraging it to enhance our vulnerability risk scoring methodology. In toda...
How would you choose between Rapid7 InsightVM and Tenable Nessus?
You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. Yo...
What do you like most about Rapid7 InsightVM?
The product's initial setup phase was very easy.
What is your experience regarding pricing and costs for Rapid7 InsightVM?
Rapid7 InsightVM is expensive, possibly one of the highest in pricing among similar products.
What do you like most about XM Cyber?
The platform's most valuable feature is attack simulation.
What is your experience regarding pricing and costs for XM Cyber?
We have to pay standard licensing fees. There are no additional costs. It is an expensive product. I rate the pricing...
What needs improvement with XM Cyber?
XM Cyber could identify all areas of vulnerability. They could expand the identification span for different areas.
 

Also Known As

No data available
InsightVM, NeXpose
No data available
 

Overview

 

Sample Customers

Information Not Available
ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM
Hamburg Port Authority, Plymouth Rock Corporation
Find out what your peers are saying about Tenable, Qualys, Rapid7 and others in Risk-Based Vulnerability Management. Updated: March 2025.
849,190 professionals have used our research since 2012.