Try our new research platform with insights from 80,000+ expert users

Rapid7 InsightVM vs XM Cyber comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Average Rating
9.6
Reviews Sentiment
8.1
Number of Reviews
3
Ranking in other categories
Vulnerability Management (27th), Continuous Threat Exposure Management (CTEM) (6th)
Rapid7 InsightVM
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
62
Ranking in other categories
Risk-Based Vulnerability Management (4th)
XM Cyber
Average Rating
8.0
Reviews Sentiment
7.7
Number of Reviews
2
Ranking in other categories
Continuous Controls Monitoring (7th), Vulnerability Management (30th), Cloud Security Posture Management (CSPM) (25th), Continuous Threat Exposure Management (CTEM) (4th)
 

Mindshare comparison

Risk-Based Vulnerability Management
Continuous Threat Exposure Management (CTEM)
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
Mahmoud Elhamaymy - PeerSpot reviewer
Reliable scanning and integration strengthen security infrastructure
InsightVM has a very organized GUI with ease of use. The vulnerability scans are reliable, and the credential scan is a beneficial feature. The solution is efficient and trustworthy. It's based on the CVSS risk scoring system, which is well-recognized and effective. The integration capabilities through APIs allow easy integration with existing security infrastructure.
HolgerHeimann - PeerSpot reviewer
Reliable with no false-positives and helpful support
There's a lot of improvement possible, however, most of it is in the details. I personally like the concept, as it's pretty straightforward and the product is not trying to overload functionality. It's a clean and straightforward approach. You know what you get. Most of the improvements are detail improvements. They're pretty open to future requests as well, so we send them a lot of suggestions. For example, at the moment, they have something called Battleground. That's a visualization of the network, and it's a visualization of the attack paths that are possible. The program uses so-called scenarios, and we say, "Okay, I'm watching traffic for maybe 24 hours," and then you get a result for that scenario, what happens in that time with what the attack paths are, et cetera. The result of the same scenario yesterday or tomorrow may be different as something might change. In that, one of the things I'm currently missing, which is on the list to be added, is some kind of diff visualization. For example, showing a two-screen split of activity. On the left side of the screen, that's how it was yesterday; on the right side, that's how it is today; and here are the differences. We'd like to see a cheaper price.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran is an excellent tool."
"Zafran has become an indispensable tool in our cybersecurity arsenal."
"We are able to see the real risk of a vulnerability on our environment with our security tools."
"InsightVM offers a robust platform for identifying, prioritizing, and addressing vulnerabilities across an organization's IT infrastructure."
"It's very scalable."
"This solution is much more user-friendly than past solutions I have used."
"The solution's user interface is good and has some vulnerability prioritization."
"Rapid7 have a good distribution network with good support and market presence."
"The solution is good because it has a lot of options."
"The solution scales well."
"Rapid7 InsightVM has given us a practical view of the vulnerabilities present in our organization."
"The platform's most valuable feature is attack simulation."
"What I personally like very much, from my experience, is that it is very reliable."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"We found that after you passed an endpoint, it didn't always reflect it in the next scan. I'm not sure if it was a glitch or some issue with the product's software. That was never clear. That was always an issue and something that definitely needed improvement."
"Reporting could be expanded."
"There should be containerization within the VM."
"The InsightVM cannot scan if we connect to our customer by the VPN."
"Some difficulties with the online reporting and lack of integrations."
"We have some issues with how it scans patches."
"I would like to see more integration."
"The authentication scan is not working."
"XM Cyber could identify all areas of vulnerability. They could expand the identification span for different areas."
"We'd like to see a cheaper price."
 

Pricing and Cost Advice

Information not available
"The license is annual and this is the optimal approach when it comes to most software."
"Comparing the price with the value that we receive, I am not happy with it."
"The solution is a bit more reasonably priced than other products."
"The solution's pricing is better than Nexus which charges a high amount for very little use."
"It is pretty expensive. It depends on what you consider pricey, however, if you only look at vulnerability management solutions, such as within VM or VMDR, there are, I suppose the prices are almost the same. But I believe you will discover that for yourself."
"Licensing fees are paid on a yearly basis."
"This solution is expensive, but it's fine for us as we have an open budget for security solutions. Protection and having the system secured is more important."
"The licensing is asset-based and very straightforward."
"We have to pay standard licensing fees."
report
Use our free recommendation engine to learn which Risk-Based Vulnerability Management solutions are best for your needs.
848,989 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
11%
Manufacturing Company
7%
Retailer
6%
Educational Organization
40%
Computer Software Company
9%
Financial Services Firm
8%
Manufacturing Company
6%
Computer Software Company
16%
Financial Services Firm
15%
Manufacturing Company
10%
Retailer
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
I find that the pricing for Zafran aligns well with the comprehensive features it offers. The asset and user-based li...
What needs improvement with Zafran Security?
While Zafran Security is already a powerful tool, there are areas where it could be further improved to provide even ...
What is your primary use case for Zafran Security?
Our primary use case for Zafran involves leveraging it to enhance our vulnerability risk scoring methodology. In toda...
How would you choose between Rapid7 InsightVM and Tenable Nessus?
You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. Yo...
What do you like most about Rapid7 InsightVM?
The product's initial setup phase was very easy.
What is your experience regarding pricing and costs for Rapid7 InsightVM?
Rapid7 InsightVM is expensive, possibly one of the highest in pricing among similar products.
What do you like most about XM Cyber?
The platform's most valuable feature is attack simulation.
What is your experience regarding pricing and costs for XM Cyber?
We have to pay standard licensing fees. There are no additional costs. It is an expensive product. I rate the pricing...
What needs improvement with XM Cyber?
XM Cyber could identify all areas of vulnerability. They could expand the identification span for different areas.
 

Also Known As

No data available
InsightVM, NeXpose
No data available
 

Overview

 

Sample Customers

Information Not Available
ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM
Hamburg Port Authority, Plymouth Rock Corporation
Find out what your peers are saying about Tenable, Qualys, Rapid7 and others in Risk-Based Vulnerability Management. Updated: March 2025.
848,989 professionals have used our research since 2012.