Rapid7 InsightVM Reviews

One of the most valuable features is it's graphical dashboard feature. It is quite easy to manage the widgets, and we can customize those according to our queries.

The other most valuable feature is that we can integrate Rapid7 InsightVM with JIRA. If a vulnerability in our services or server is found, it directly connects with JIRA and will assign a ticket. We can then share that with our development team or infrastructure team. Within a team, we can share it and assign the ticket, and we can smoothly do the mitigation process.

Also, InsightVM has an image container that can be utilized via a CI/CD pipeline. We can directly integrate with building tools, and we can have vulnerability assessment throughout the development life cycle.

Rapid7's initiative Project Sonar digs out the vulnerabilities arising all over the world and sends feedback to the systems. They then immediately update their databases and begin mitigation processes.

Within InsightVM, there is no feature to assign a ticket. If we can have more API calls, we can do that from InsightVM.

There is room for improvement when it comes to JIRA integration. If they can collaborate with the JIRA team, then it will be easier for people to use it.

If we can configure and define more features such as the critical elite level through InsightVM, it would be better.

I would prefer to have vulnerability assessment with more features, like code analysis, code coverage, etc.

I would also prefer to have a method of custom image analysis for assessment.

In the SDLC (software development lifecycle), if we could easily integrate with a particular lifecycle, then we could have more descriptive reports.

I have worked with this solution for two years now.

It is definitely stable.

The scalability is quite good. We can increase the number of assets by paying either onsite or online. Also, we have an onsite engine, and we can install it in our cloud or AWS cloud, for instance.

The technical support team has answered our questions within a couple of hours. They have provided precise answers so far to all the questions we have asked them.

The initial setup was an easy task because we have a Linux server installed.

InsightVM has a framework that's very interesting, and they have very detailed documentation. They have step-by-step directions for the installation process, and we can download them from their site. This means that anyone can easily install it and configure it.

The harder part is writing the queries. We need to have knowledge of InsightVM and how queries, assets, and conditional formats occur. Extensive knowledge can be valuable at this stage of the process.

Pricing is reasonable because we pay according to asset usage. We can define our assets and sites according to our preference.

I recommend doing a comparison of Qualys, Rapid7, and Nessus. Because the scope is different from company to company and cluster to cluster, it would be good to research each product and decide according to your needs.

If I were to rate Rapid7 InsightVM, I would rate it at seven on a scale from one to ten.

Our company uses the solution to discover, identify, and patch vulnerabilities or disable certain services. The solution provides the patch recommendations that we implement via another tool. 

Four team members manage the solution internally and for various clients who each have fifty users. 

The solution helps to identify lots of misconfigurations, flaws, or security risks. Anything insecure is exposed easily. 

The solution is automatically scheduled so it runs by itself. 

The solution should include a tighter integration with third-party threat modeling and threat intelligence tools. Rapid7 is the solution's own threat intelligence platform but third-party platforms would be a great addition. 

It would be nice to have patching capabilities built within the solution rather than using third-party products. 

I have been using the solution for three years. 

The solution is extremely stable. 

The solution is easily scalable with the purchase of additional licenses. 

Technical support is extremely good and we get support quite fast. Technical support is rated a ten out of ten. 

Positive

The setup is very straightforward so I rate it a ten out of ten. 

We implement the solution for customers. 

The solution is a bit more reasonably priced than other products. 

Most products in this category are similar with no real difference so it all comes down to price. 

It is important to have a strong patch management plan that prioritizes what and how you need to patch. 

The solution does the vast majority of work but you need a proper system so you can take output to your operations team for patching. A good workflow between teams is important. 

I rate the solution a ten out of ten. 

We use the solution mainly for servers and vulnerability management.

The solution's user interface is good and has some vulnerability prioritization. Rapid7 InsightVM has good integrations with ServiceNow and its own remediation project creation options.

Rapid7 InsightVM is not PCI certified, which didn't help us in the London office because of the Cyber Essentials Plus certification, which is mandatory there. We had to outsource the vulnerability management for the London office.

One of the most important things for a vulnerability management tool is the identification of vulnerabilities. When it comes to Rapid7 InsightVM, the vulnerabilities are not updated within its database. This is one of the major things that should be changed in Rapid7 when it comes to customer reliability. If the database is not updated, it could jeopardize the customer's servers and data.

The solution's support staff does not reply on time, which should be improved. Rapid7 InsightVM should improve its threat intelligence.

I have been using Rapid7 InsightVM for the last few years.

The solution's initial setup is good.

Overall, I rate the solution a six out of ten.

We use the solution for vulnerability management. We perform scanning and security patching in selected network zones utilizing it.

The solution's most valuable features are the simplicity of use, identifying vulnerable assets, and the ability to create remediation projects.

They should integrate the solution with multiple products along with ServiceNow.

We have been using the solution for two or three months.

I rate the solution's stability as an eight.

We have a few tens of users of the solution. They include IT specialists, engineers, and administrators. We can easily install scan engines in different zones of our network. But, we face difficulties pairing the scan engines to the management console. 

I rate the solution's scalability as an eight.

The vendor team helps us install the solution.

The solution's pricing depends on the number of users per month as per our contract. We have a limit of scanning around 4000 appliances. It covers a sufficient scope regarding our requirements.

The solution works well. I recommend it to others and rate it as an eight.

We'll use Rapid7 InsightVM for on-premises scanning and the virtual machine option for cloud-based environments.

It is a good tool for comprehensive risk management, including prioritization and remediation.

It is a great endpoint agent. It gives you reliable information about that infrastructure and offers strong accuracy for risk management. However, unlike other management tools that have improved precision testing, InsightVM requires an additional purchase for full access to some of its advanced features.

Other solutions, like Cisco, have strengths, but Rapid7 InsightVM has some solid features, such as the RapidServer Active Response, the ability to create endpoint agents, and a live dashboard. However, the main concern is the system's reliability. For instance, during a scan on an Ubuntu machine, the system mistakenly identified the OS as Windows. This kind of inaccuracy is problematic.

I have been using Rapid7 InsightVM for a year. 

The response takes some time.

Neutral

Rapid7 is a bit expensive.

Tenable has 20% lower pricing and includes built-in web application testing, which gives it an advantage over Rapid7 InsightVM.

I recommend Tennable for small and Rapid for big enterprises.

Overall, I rate the solution an eight out of ten.

We implemented it to scan all the assets. In terms of deployment, in my previous organization, it was deployed on-prem, but in my current organization, it is on the cloud.

The assessment is most valuable.

Their customer support should be improved, and the effectiveness of scans also needs to be improved.

I am an implementor. I have been working with this product from time to time. I started working with it around 2016 for a project. After that, we implemented it in 2019 for another project. Currently, I am not using it, but it is being used in the organization.

Its stability is fine.

Its scalability is okay. We have approximately 3,000 members. Every asset gets scanned. So, indirectly or directly, everyone is using this product.

We plan to keep using this tool. We don't want to get into another scanning tool right now. It has been selected as an enterprise tool, and we aren't going to move to another tool. Any new employees would get added to this tool.

Their support could be better. I would rate them a three out of five.

We were using Qualys. We switched because of the organization's standard.

It is not complex. I would rate it a three out of five in terms of the ease of the setup.

I would rate this solution a seven out of ten.

We are system integrators. Our clients normally use it to detect vulnerabilities in terms of a lack of patches in certain systems and databases. Its console can be installed on-premise or on the Rapid7 data center.

When you connect any new device to the network, Rapid7 has the ability to detect the new device immediately. It can scan that device to detect if it has any vulnerability. 

It tells you what is vulnerable and what has been misconfigured. It also tells you what is the risk of that misconfiguration or lack of patches and how to resolve the problem.

In terms of improvements, its price could be better. Our main issue with Rapid7 is that it is too expensive. You can only sell it to enterprise accounts. 

In terms of new features, Rapid7 came up with a product called InsightIDR a couple of years ago, which is a good SIEM solution. We expect that Rapid7 will work on some sort of integration between InsightVM and InsightIDR, where vulnerability or anomaly detected by InsightVM can be reported in InsightIDR in some sort of real-time.

Rapid7 doesn't patch. For example, if you have a vulnerability, some products can scan and also do the patching, but Rapid7 does not do the patching. It would be nice if it can also patch.

We have been working with this solution for the last three years or so. 

It has been stable. There is nothing that has caused any major damage to our customers. Normally, what happens is that when something goes wrong, the customer normally blames the tool first before admitting that they touched something or whatever the case may be.

We have a couple of customers with various company sizes, and we haven't had any scalability issues. Rapid7 is pretty much an enterprise solution. We're talking about customers with more than 1500 nodes to scan.

Their technical support is very good.

I don't handle the installation, but it was not difficult to implement. The basic setup took us about four days or so.

Normally, for a product like this, the complexity of implementation is proportional to the size of the infrastructure that is going to be scanned and also how heterogeneous it is. An enterprise product like this is not like using a coffee maker. You need to have some knowledge of where you are installing it. You also need to have some knowledge of the technology that you are going to scan. You can't scan everything in the same way.

Its price is too high. My only concern or issue with Rapid7 is its pricing.

Our clients evaluate Qualys, Tenable, and Rapid7. It doesn't really matter which one you choose. You cannot go wrong with all of these products. They have been very well ranked by Gartner. The main difference is probably the pricing.

I would recommend this solution. I would rate Rapid7 InsightVM an eight out of ten.

We mainly use it for vulnerability management, generating monthly reports to address and resolve vulnerabilities. The main use cases involve receiving alerts based on predefined settings by Rapid7, investigating these alerts to understand their causes, and performing fine-tuning activities.

The most valuable features of Rapid7 InsightVM for me are creating dynamic asset tags, generating reports, and deploying the agent. The agent scans assets every four hours, providing real-time data on any devices. Although there weren't any significant new features compared to our previous tool, having both SIEM and vulnerability management handled by one tool made things easier. We could gather logs from different devices and cloud sources, and perform detailed investigations without switching tools.

I haven't worked with the automation capabilities of InsightVM. For remediation prioritization, we check the vulnerability, search for solutions on open platforms, and work with different teams to apply patches after proper testing. Currently, we don’t have any AI or ASM projects assisted by InsightVM

I’d like to see Rapid7 InsightVM improve by adding a knowledge base similar to what Qualys offers. This would help us easily check and search for vulnerabilities using Rapid7 IDs associated with CVs or CVSS.

From a features perspective, everything was fine at the time, and the security features of Rapid7 InsightVM were effective.

I've been working with Rapid7 InsightVM since December.

Overall, I would recommend Rapid7 InsightVM to others. My advice would be to first understand your requirements and infrastructure before implementing the product. I would rate InsightVM as an eight.