Rapid7 InsightVM Reviews

We handle a lot of video equipment and Rapid7 InsightVM helps us to scan subnets, around 150,000 of them.

Rapid7 InsightVM is more focused on proactive liability management. However, when there's an incident, our team can handle it, but it's not a top priority for me. I think having another solution, like a response automation tool, would be more helpful. Vulnerability management can't prevent incidents once they're in progress, but it's essential to prevent them before they happen.

The remediation project is pretty effective because it allows us to choose specific assets and set limitations on them for a certain period which allows us to track and follow up on those limitations.

However, when it comes to real-time monitoring and live dashboards, InsightVM doesn't quite fit the bill. It's not a real-time solution and is not instant.

Rapid7 InsightVM, has impressive capabilities, especially when it comes to managing video equipment. However, we've noticed that Rapid7 also offers a cloud solution called CloudSec, and we don't have that. We think it would be better if InsightVM had all the features for both on-premise and cloud management.

I have been using Rapid7 InsightVM for the past 6 years.

I would rate it nine out of ten, especially when it is deployed on Linux Box.

It is very scalable and I would rate it ten out of ten. 

As for deployment time, it varies based on the size of the organization and network sensitivity. For example, in a bank, scans might only happen at specific times, like during the night. Generally, deployment can be quick, but there are many factors to consider. You install the console and the scan engine, and then configure them based on network complexity. Scans themselves take less than 20-30 minutes, but the non-technical aspects, like setting up profiles and firewall rules, can take more time.I would rate it 8 out of 10. 

I would rate it 8 out of 10. 

The product is not a cloud solution. The tool can only be used as a hybrid solution, meaning it can be used on the cloud and on an on-premises deployment model. There are certain limitations because of the product being used on a hybrid model. Rapid7 InsightVM doesn't offer a solution purely in the cloud.

Competitors of Rapid7 InsightVM, like Tenable.io and Qualys, offer pure cloud solutions.

I have been using Rapid7 InsightVM for seven or eight years. My company serves as a distributor of the tool.

Sometimes, there were certain parts and programs of the product about which the customer used to complain.

Stability-wise, I rate the solution a six to seven out of ten.

It is a highly scalable solution. One of my company's customers uses the tool on 1,30,000 devices.

My company deals with clients who own small as well as enterprise-sized businesses.

In the past, the support offered for the product was good. Unfortunately, over a period of time, the support offered has become poor.

I rate the technical support a four to five out of ten.

Neutral

The product's initial setup phase was very easy.

The solution can be deployed in a few hours. The time required depends on the scale of the deployment. If there are 1,000 or 10,000 deployments to be done, then it takes time. If the customer provides a Q&A to calculate the design of the network, then the process becomes easier. If the customer does not know about their network, then the deployment process takes time since our company has to discuss several things with them before starting the process.

The product is cheaper than the other similar tools available in the market.

My company uses Rapid7 InsightVM to identify and assess vulnerabilities.

The product has improved our company's vulnerability remediation process. The tool finds vulnerabilities by scanning devices and networks. The solution is also useful in the area of database scanning.

The product area I find to be valuable in vulnerability management workflow stems from many aspects, like reporting, which is very useful. Rapid7 InsightVM's integration with Jira is also very effective and useful for end users. The coverage of the vulnerability offered by the product is very good. The GUI for Japanese users is good.

The product's integration capabilities have improved my company's security posture, as many other systems can be integrated with it. The export feature of the product helps users deal with other products like ServiceNow or Splunk.

The product is more useful for scanning than for its real-time visibility, but I can say that its functionalities come very close to real-time features. The product scans every six hours.

In large and diverse environments, the performance and the scalability of the product are not bad.

The product is easy to understand, making it good for companies that doesn't have much expertise in the area of security. It is an easy to use product. The product also provides a GUI in Japanese, while taking care of the reporting part efficiently, making it very convenient for the end users in Japan.

I rate the product's capacity to offer ease of use an eight out of ten.

I rate the overall tool a six to seven out of ten.

With InsightVM, I continuously monitor my network by setting up regular scans to identify vulnerabilities in real-time. It IS particularly useful for focusing on customer-facing systems at our perimeter, helping me prioritize and quickly address any security risks.

InsightVM offers a robust platform for identifying, prioritizing, and addressing vulnerabilities across an organization's IT infrastructure.

One area I would like to improve in InsightVM is its integration with other solutions, particularly for better compatibility with upcoming tools we plan to adopt. Enhanced functionality for budget management or change management databases could also be beneficial.

I have been working with InsightVM for over two years.

I would rate the stability of the solution as a nine out of ten.

InsightVM's scalability is top-notch and I would rate it a solid nine out of ten. Being a cloud-based solution, it effortlessly adjusts to accommodate varying needs and can easily scale from small to large environments.

Rapid7's technical support is highly responsive and helpful. I would rate them as a nine out of ten.

Positive

I chose Rapid7 over Tenable Nessus because of its better performance, comprehensive functionality, and stronger support for operating systems and services. While Tenable Nessus may be cheaper, it lacks integration with other features and is more suited for SMBs rather than enterprises.

Implementing InsightVM was straightforward. Setting it up to scan external networks at the perimeter was effortless; I just needed to create a cloud account and start using the solution. For internal network scanning, I installed the software on my notebook, which took about five to ten minutes for a single version setup, but it is important to note that it doesn't support Windows platforms.

InsightVM's pricing can vary depending on the coverage needed. While it may not be the cheapest option, purchasing an unlimited license could be cost-effective for larger environments. For smaller needs, it might be more expensive compared to competitors. I would rate the affordability of the product at a four out of ten.

I prioritize vulnerabilities in InsightVM by first focusing on customer-facing systems at our perimeter, which helps me quickly identify and address any security risks. Then, I utilize the cloud-based engine to scan internal networks and ensure comprehensive coverage without the need for complex on-premise solutions, making it easy to manage from my notebook connected to the internet.

Additionally, in InsightVM, we prioritize vulnerabilities by utilizing comprehensive data sources like the NVD and Rapid7's specialized risk calculation methods. The solution provides detailed information, including exploitability and impact, and evaluates whether vulnerabilities could be exploited in specific environments like NetApp.

I would recommend InsightVM to others. Overall, I would rate the product as an eight out of ten.

The core domain use of the solution is verification, scanning, and finding out the vulnerabilities in real time.

The ease of deployment and configuration allows users to onboard quickly, aligning smoothly with various functionalities.

The data sheet is good in pricing and promises. The customers are very price-conscious. You have to satisfy technical requirements. This combo makes the product valuable and usable.

Two things are consistent. The rest of the things run fine. The technical side does not respond quickly. They take a lot of time. The priority should be to respond to the customer to serve the customer.

I have been using Rapid7 InsightVM for more than three years.

The solution’s stability is good. It keeps on running. There are no system complaints.

The solution’s scalability is linked to the new scope and the cost.

We are actively seeking alternatives. If you can offer a better solution, superior after-sales service, and overall better everything, we would like to explore what you have to offer.

The initial setup is not so complex. It is quickly deployable configurable and integrated with your existing setup.

The common process for Rapid7 InsightVM involves comparing it against their standard procedures to ensure compliance with the required licenses and resources. Users download the necessary files and initiate/reactivate licenses. Certain configurations are also set up. This process typically takes two to three days for the department, but we usually allocate a week for completion.

Our team feels enabled enough after completing the training session on Rapid7 InsightVM. We conduct our tests independently, and whenever we need support, we seek assistance directly from Rapid7. This process isn't overly complex or time-consuming. We ensure thorough preparation by gathering all necessary information, addressing internet concerns, and informing the customer. Once fully prepared, we proceed forward.

The solution’s pricing is good because the value proposition delivers a report box. It is not very costly.

Since the product is cloud-based, there's no maintenance. Whatever the information or the customization of the customer needs to be confirmed. The hardware needs maintenance.

Overall, I rate the solution a six out of ten.

Our company uses the Nexpose automation tools for validity, deactivation, assessment, and penetration testing. We can easily see if something has been exposed and manually focus on or follow main vulnerabilities. 

We have 28 users and a JV license key for using the solution in our offline systems on a trial basis. 

The audit report and scorecard are brilliant. 

The solution is very user friendly and easy to manage. Users who have a year of experience with this type of tool will have no issues. 

The solution cannot scan third-party tools that have firewalls within them. The firewalls detect and block the solution. Conversely, Nexus is able to bypass firewalls because it has low detectability. We use Nexus when the solution cannot bypass a firewall. The solution can scan 60% of the time but Nexus can scan 90% of the time. 

The solution needs to improve its vulnerability design to include CVC results. Nexus has a good, long range and a good database for finding CVC numbers. We need this level of security detail but the solution does not seem to provide it.  

I have been using the solution for five years. 

The solution updates without interruption and has no database issues. 

Nexus sometimes has issues with plugging time where all the paper is gone so we need to run the tool again.  

The solution is very scalable. 

The articles and videos provide the information we need so we do not use technical support. 

The setup is straightforward and user friendly. 

New users can rely on the videos or articles to learn about setup. The solution and other tools might be a little bit tricky to setup. If you follow the article's commands, setup is easy. 

We implemented the solution in-house and it took about 25 minutes. 

The solution's pricing is better than Nexus which charges a high amount for very little use. 

We also use Nexus which is a mature tool and gives pretty good results. It offers the best scanning and good reporting files. 

The solution's audit report and scorecard provide better details than Nexus. 

From the feature side, right now we choose Nexus because it can bypass firewalls. From the price side, we choose the solution. 

I recommend the solution from the reporting side but am not sure I recommend it from the scanning side. The issue with firewalls needs to be fixed and then I will definitely recommend the solution. 

I rate the solution a seven out of ten. 

We use the solution mainly for servers and vulnerability management.

The solution's user interface is good and has some vulnerability prioritization. Rapid7 InsightVM has good integrations with ServiceNow and its own remediation project creation options.

Rapid7 InsightVM is not PCI certified, which didn't help us in the London office because of the Cyber Essentials Plus certification, which is mandatory there. We had to outsource the vulnerability management for the London office.

One of the most important things for a vulnerability management tool is the identification of vulnerabilities. When it comes to Rapid7 InsightVM, the vulnerabilities are not updated within its database. This is one of the major things that should be changed in Rapid7 when it comes to customer reliability. If the database is not updated, it could jeopardize the customer's servers and data.

The solution's support staff does not reply on time, which should be improved. Rapid7 InsightVM should improve its threat intelligence.

I have been using Rapid7 InsightVM for the last few years.

The solution's initial setup is good.

Overall, I rate the solution a six out of ten.

We primarily use it for inventory and vulnerability management in our environment. We also use it to identify real risks and focus on container email scanning.

The most valuable feature for me is the risk calculation based on monthly effects. It's interactive, and the risk calculation depends on various factors such as quantity, hardware, and package used.

The team needs to improve the speed and focus on the new bandwidth feed. Sometimes, it takes a while to scan, especially with new updates. So, they should update the database quickly for the scanning to work more efficiently. Additionally, they should add pack management solutions for better integration with products like Microsoft FC and IBM Bigfoot.

They need to add more features or focus on work screening, and adding pack management solutions would be great. Moreover, there is room for improvement in technical support.

I've been using it for about three years now.

It is a stable product, and I would give it a seven.

It is a scalable product. Currently, there are around 1,000 users in my company using Rapid7 InsightVM.

Customer service and support are usually responsive, but there is room for improvement in their response time. The quality of support is good.

The initial setup is simple.

Along with Rapid7 InsightVM, we use Metasploit for already scanning. We also use it for website vulnerability scanning. For vulnerability scanning, we also use solutions from Tenable Network Security. Tenable is better because of its more frequent updates. However, it may depend on the industry and the use case. For now, Nessus is better for vulnerability scanning because of its ability to quickly and accurately detect vulnerabilities. However, Rapid7's team should work on improving the capacity of InsightVM to do the same.

Overall, I would rate the solution an eight out of ten.

We mainly use it for vulnerability management, generating monthly reports to address and resolve vulnerabilities. The main use cases involve receiving alerts based on predefined settings by Rapid7, investigating these alerts to understand their causes, and performing fine-tuning activities.

The most valuable features of Rapid7 InsightVM for me are creating dynamic asset tags, generating reports, and deploying the agent. The agent scans assets every four hours, providing real-time data on any devices. Although there weren't any significant new features compared to our previous tool, having both SIEM and vulnerability management handled by one tool made things easier. We could gather logs from different devices and cloud sources, and perform detailed investigations without switching tools.

I haven't worked with the automation capabilities of InsightVM. For remediation prioritization, we check the vulnerability, search for solutions on open platforms, and work with different teams to apply patches after proper testing. Currently, we don’t have any AI or ASM projects assisted by InsightVM

I’d like to see Rapid7 InsightVM improve by adding a knowledge base similar to what Qualys offers. This would help us easily check and search for vulnerabilities using Rapid7 IDs associated with CVs or CVSS.

From a features perspective, everything was fine at the time, and the security features of Rapid7 InsightVM were effective.

I've been working with Rapid7 InsightVM since December.

Overall, I would recommend Rapid7 InsightVM to others. My advice would be to first understand your requirements and infrastructure before implementing the product. I would rate InsightVM as an eight.