Try our new research platform with insights from 80,000+ expert users
Rajat-Srivastava - PeerSpot reviewer
Cyber Security Engineer at Unemployed
Real User
Top 20
A high-performing solution that collects real-time data, is capable of more detections, and allows you to use the Scheduled Forensics feature
Pros and Cons
  • "most valuable features of Rapid7 InsightVM for me are creating dynamic asset tags, generating reports, and deploying the agent. The agent scans assets every four hours, providing real-time data on any devices. Although there weren't any significant new features compared to our previous tool, having both SIEM and vulnerability management handled by one tool made things easier. We could gather logs from different devices and cloud sources, and perform detailed investigations without switching tools. I haven't worked with the automation capabilities of InsightVM. For remediation prioritization, we check the vulnerability, search for solutions on open platforms, and work with different teams to apply patches after proper testing. Currently, we don’t have any AI or ASM projects assisted by InsightVM"
  • "I’d like to see Rapid7 InsightVM improve by adding a knowledge base similar to what Qualys offers. This would help us easily check and search for vulnerabilities using Rapid7 IDs associated with CVs or CVSS. From a features perspective, everything was fine at the time, and the security features of Rapid7 InsightVM were effective."

What is our primary use case?

We mainly use it for vulnerability management, generating monthly reports to address and resolve vulnerabilities. The main use cases involve receiving alerts based on predefined settings by Rapid7, investigating these alerts to understand their causes, and performing fine-tuning activities.

What is most valuable?

The most valuable features of Rapid7 InsightVM for me are creating dynamic asset tags, generating reports, and deploying the agent. The agent scans assets every four hours, providing real-time data on any devices. Although there weren't any significant new features compared to our previous tool, having both SIEM and vulnerability management handled by one tool made things easier. We could gather logs from different devices and cloud sources, and perform detailed investigations without switching tools.

I haven't worked with the automation capabilities of InsightVM. For remediation prioritization, we check the vulnerability, search for solutions on open platforms, and work with different teams to apply patches after proper testing. Currently, we don’t have any AI or ASM projects assisted by InsightVM

What needs improvement?

I’d like to see Rapid7 InsightVM improve by adding a knowledge base similar to what Qualys offers. This would help us easily check and search for vulnerabilities using Rapid7 IDs associated with CVs or CVSS.

From a features perspective, everything was fine at the time, and the security features of Rapid7 InsightVM were effective.

For how long have I used the solution?

I've been working with Rapid7 InsightVM since December.

Buyer's Guide
Rapid7 InsightVM
December 2024
Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.

What other advice do I have?

Overall, I would recommend Rapid7 InsightVM to others. My advice would be to first understand your requirements and infrastructure before implementing the product. I would rate InsightVM as an eight.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
reviewer1388853 - PeerSpot reviewer
Marketing Expert at a comms service provider with 51-200 employees
Reseller
Top 5
Useful to identify and assess vulnerabilities but needs to provide a pure cloud-based version
Pros and Cons
  • "The product's initial setup phase was very easy."
  • "There are certain limitations because of the product being used on a hybrid model. Rapid7 InsightVM doesn't offer a solution purely in the cloud."

What needs improvement?

The product is not a cloud solution. The tool can only be used as a hybrid solution, meaning it can be used on the cloud and on an on-premises deployment model. There are certain limitations because of the product being used on a hybrid model. Rapid7 InsightVM doesn't offer a solution purely in the cloud.

Competitors of Rapid7 InsightVM, like Tenable.io and Qualys, offer pure cloud solutions.

For how long have I used the solution?

I have been using Rapid7 InsightVM for seven or eight years. My company serves as a distributor of the tool.

What do I think about the stability of the solution?

Sometimes, there were certain parts and programs of the product about which the customer used to complain.

Stability-wise, I rate the solution a six to seven out of ten.

What do I think about the scalability of the solution?

It is a highly scalable solution. One of my company's customers uses the tool on 1,30,000 devices.

My company deals with clients who own small as well as enterprise-sized businesses.

How are customer service and support?

In the past, the support offered for the product was good. Unfortunately, over a period of time, the support offered has become poor.

I rate the technical support a four to five out of ten.

How would you rate customer service and support?

Neutral

How was the initial setup?

The product's initial setup phase was very easy.

The solution can be deployed in a few hours. The time required depends on the scale of the deployment. If there are 1,000 or 10,000 deployments to be done, then it takes time. If the customer provides a Q&A to calculate the design of the network, then the process becomes easier. If the customer does not know about their network, then the deployment process takes time since our company has to discuss several things with them before starting the process.

What's my experience with pricing, setup cost, and licensing?

The product is cheaper than the other similar tools available in the market.

What other advice do I have?

My company uses Rapid7 InsightVM to identify and assess vulnerabilities.

The product has improved our company's vulnerability remediation process. The tool finds vulnerabilities by scanning devices and networks. The solution is also useful in the area of database scanning.

The product area I find to be valuable in vulnerability management workflow stems from many aspects, like reporting, which is very useful. Rapid7 InsightVM's integration with Jira is also very effective and useful for end users. The coverage of the vulnerability offered by the product is very good. The GUI for Japanese users is good.

The product's integration capabilities have improved my company's security posture, as many other systems can be integrated with it. The export feature of the product helps users deal with other products like ServiceNow or Splunk.

The product is more useful for scanning than for its real-time visibility, but I can say that its functionalities come very close to real-time features. The product scans every six hours.

In large and diverse environments, the performance and the scalability of the product are not bad.

The product is easy to understand, making it good for companies that doesn't have much expertise in the area of security. It is an easy to use product. The product also provides a GUI in Japanese, while taking care of the reporting part efficiently, making it very convenient for the end users in Japan.

I rate the product's capacity to offer ease of use an eight out of ten.

I rate the overall tool a six to seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
PeerSpot user
Buyer's Guide
Rapid7 InsightVM
December 2024
Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
reviewer996729 - PeerSpot reviewer
Head of Cyber Security at a tech services company with 51-200 employees
Real User
Easy deployment, but technical support could respond faster
Pros and Cons
  • "The ease of deployment and configuration allows users to onboard quickly."
  • "Technical support does not respond quickly."

What is our primary use case?

The core domain use of the solution is verification, scanning, and finding out the vulnerabilities in real time.

How has it helped my organization?

The ease of deployment and configuration allows users to onboard quickly, aligning smoothly with various functionalities.

What is most valuable?

The data sheet is good in pricing and promises. The customers are very price-conscious. You have to satisfy technical requirements. This combo makes the product valuable and usable.

What needs improvement?

Two things are consistent. The rest of the things run fine. The technical side does not respond quickly. They take a lot of time. The priority should be to respond to the customer to serve the customer.

For how long have I used the solution?

I have been using Rapid7 InsightVM for more than three years.

What do I think about the stability of the solution?

The solution’s stability is good. It keeps on running. There are no system complaints.

What do I think about the scalability of the solution?

The solution’s scalability is linked to the new scope and the cost.

Which solution did I use previously and why did I switch?

We are actively seeking alternatives. If you can offer a better solution, superior after-sales service, and overall better everything, we would like to explore what you have to offer.

How was the initial setup?

The initial setup is not so complex. It is quickly deployable configurable and integrated with your existing setup.

The common process for Rapid7 InsightVM involves comparing it against their standard procedures to ensure compliance with the required licenses and resources. Users download the necessary files and initiate/reactivate licenses. Certain configurations are also set up. This process typically takes two to three days for the department, but we usually allocate a week for completion.

Our team feels enabled enough after completing the training session on Rapid7 InsightVM. We conduct our tests independently, and whenever we need support, we seek assistance directly from Rapid7. This process isn't overly complex or time-consuming. We ensure thorough preparation by gathering all necessary information, addressing internet concerns, and informing the customer. Once fully prepared, we proceed forward.

What's my experience with pricing, setup cost, and licensing?

The solution’s pricing is good because the value proposition delivers a report box. It is not very costly.

What other advice do I have?

Since the product is cloud-based, there's no maintenance. Whatever the information or the customization of the customer needs to be confirmed. The hardware needs maintenance.

Overall, I rate the solution a six out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
it_user1152534 - PeerSpot reviewer
Information Security Senior Expert (Founding member, African Cybersecurity Center) at a financial services firm with 10,001+ employees
Real User
Stable and Scalable solution with good technical support and reporting capabilities
Pros and Cons
  • "The most valuable feature for us is the different types of reporting it provides."
  • "This solution integrates with another module in Metasploit, that doesn't exist in the other solutions. It is subscribed to on our roadmap, but we chose to implement both Nexppose and AppSpider."

What is our primary use case?

The primary use case of this solution is for critical business applications for the web. We have also implemented it to identify when we are changing and an older system like the application client-server, the server two, the network equipment like switch routers, and security solutions.

What is most valuable?

The most valuable feature for us is the different types of reporting it provides. For example, the compliance reporting, compliance with the international standard in which we are certified and compliant. This is important for us to escalate the dashboard to our top management.

What needs improvement?

We need to scan and identify the different RPGs, the critical ones and the major ones that can generate risk or a measure of risk. We generate the reporting from the system and relay the report to our internal developers. We have our internal developers in the bank.

This solution integrates with another module in Metasploit, that doesn't exist in the other solutions. It is subscribed to on our roadmap, but we chose to implement both Nexppose and AppSpider.

For how long have I used the solution?

I have been using this solution for six months.

What do I think about the stability of the solution?

This solution is stable. It's a good solution.

What do I think about the scalability of the solution?

This solution is scalable.

It takes two people to manage this solution and to be the backup for the succession plan. Our manager has access and performs audits.

How are customer service and technical support?

Technical support is good and responsive.

Which solution did I use previously and why did I switch?

In this current company, they were using Qualys and I convinced the management to change to Rapid 7.

After every event, we are required to automize with information control tools like Sandbox, IPS, and vulnerability management. All of those security tools need to be implemented and automized.

That is not the case with Rapid 7. It can be automized and we are dependant on ourselves. We can perform in having this solution customized with the confines of our text.

How was the initial setup?

The initial setup was not complex and it was easy to implement.

It took a week to prepare and install the virtual machine, and to implement the solution it took one month.

Our Regulatory requires that all banks must implement all security solutions on-premises, not on the cloud because they are worried that the data will be compromised and available on different data centers around the world.

What about the implementation team?

We had the help of an integrator to implement this solution. There were three engineers to help. One was for Nexpose and two for Appsider.

What's my experience with pricing, setup cost, and licensing?

This solution is expensive, but it's fine for us as we have an open budget for security solutions. Protection and having the system secured is more important.

What other advice do I have?

Rapid 7 is a leading solution that has been implemented in many companies.

In Nexpose you have the console and the app assistant for Rapid 7. The design can be implemented in all of the segments of the network to scan, perform the scale of the scan, perform the reporting, generate the reports, and send it to the central console.

I would suggest that customers acquire this solution.

In addition to management, we are subscribed to the security dispense team and the company emergency dispense team. We always receive the bulletins, so we are always aware of the vulnerabilities.

I appreciate this solution. All of the features that are included are enough for me.

This is an excellent solution and I would rate it a ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
MuhammadMurtaza - PeerSpot reviewer
Information security engineer at Cyberisk
Real User
Top 5
Comprehensive vulnerability management with robust set of features, making it highly effective for enhancing security posture and mitigating risks
Pros and Cons
  • "The most valuable features are its reporting capabilities and the host discovery functionality."
  • "There is a significant learning curve, that non-technical individuals, especially those not specialized in computer science or the information security industry, might face."

What is our primary use case?

It's a vulnerability scanning tool utilized within the vulnerability management process. We employ it to conduct internal vulnerability assessments of company or organizational host IPs.

How has it helped my organization?

It aids in enhancing the overall security posture within our organization. It uncovered numerous vulnerabilities that had been overlooked, which was quite beneficial.

What is most valuable?

The most valuable features are its reporting capabilities and the host discovery functionality.

What needs improvement?

The primary issue I encountered initially with this tool was related to configuration. There is a significant learning curve, that non-technical individuals, especially those not specialized in computer science or the information security industry, might face.

For how long have I used the solution?

I have been working with it for six months.

What do I think about the stability of the solution?

I am satisfied with the stability provided.

How was the initial setup?

The initial setup went smoothly, but after completing it, I encountered difficulties when attempting to use features like the dashboard and the scan now option. Specifically, I faced challenges with scanning the host, which proved to be quite frustrating.

What about the implementation team?

The initial setup wasn't overly difficult, so it took me around one to two days due to troubleshooting issues. Overall deployment took about two to three days in total.

What other advice do I have?

I highly recommend Rapid7 as my experience with it is very positive. Overall, I would rate it eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Information Technology Security Specialist at Digitaltrack
Real User
Top 5Leaderboard
Easy to use with good dashboards and decent reporting
Pros and Cons
  • "We can create our own templates."
  • "The authentication scan is not working."

What is our primary use case?

We primarily use the solution for scanning. It will support the agent and collect scanning information on particular hotspots. 

What is most valuable?

We like that you can create your own inputs using the chat.

The integration capabilities are good.

It has good reporting.

We can create our own templates.

The dashboard is very easy to use for customers. 

What needs improvement?

The firewall could be better.

We've had struggles with new scanning on Cisco routers. We have to do a lot of troubleshooting. The authentication scan is not working. 

We'd like better risk levels for assets in terms of reporting. 

For how long have I used the solution?

I've been using the solution since 2019. I've only used it for a few years at this point. 

What do I think about the stability of the solution?

The solution is quite stable. It's reliable. There are no bugs or glitches. It doesn't crash or freeze. I'd rate the stability eight out of ten. 

What do I think about the scalability of the solution?

The solution is scalable. It offers pretty high scalability. I'd rate it nine out of ten. 

Our clients are medium to large-scale businesses. 

How was the initial setup?

The initial setup is very easy. It is very customizable and easy to understand. 

I'm not sure how long the deployment took. The POC took about 30 days to allow the clients to try it out. We requested a POC to test out some use cases. 

What other advice do I have?

I'm a reseller. 

I'm not sure which version of the solution I'm using. It might be version six or seven. 

I'd recommend the solution to others. 

I would rate the solution eight out of ten. 

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
Agustinus DWIJOKO - PeerSpot reviewer
Network & Security Engineer at PT. Centrin Online Prima
Reseller
Top 5
Reliable, easy to set up, and has good active scan capabilities
Pros and Cons
  • "It's very scalable."
  • "We'd like the agent to cover more compliance issues."

What is our primary use case?

There are so many cases for InsightVM. It's used for customers that need the ICS compiler or if they need users to work from home right now. It allows them to manage assets from anywhere. 

What is most valuable?

Using active scan is good.

If you have a history with the solution, the initial setup is easy.

The solution is stable and reliable.

It's very scalable.

What needs improvement?

The agent must be covered if the customer wants to do a combined thing. InsightVM cannot do that if they are using an agent. We'd like the agent to cover more compliance issues.

For how long have I used the solution?

I've been using the solution for three or four years. 

What do I think about the stability of the solution?

The product is stable. There aren't bugs or glitches. It doesn't crash or freeze. It's reliable and the performance is good.

What do I think about the scalability of the solution?

If you want to scan more than 1,000 assets, then we need to show the requirement first. It will use the server with maximum CPU, and maximum RAM. The scalability is quite higher than on the previous one we used. It keeps getting better.

How was the initial setup?

Typically, the initial setup is easy. If a user has the experience, it is straightforward. However, if we work together with an organization that has never used it before, there's more configuration that needs to be done.

What other advice do I have?

We're working with the latest version of the solution, however, I cannot recall the exact version number.

While our clients are using a hybrid cloud, the customers still need to install on-premise. Your console right now is like a dashboard; it's moved to the cloud.

I'd advise users to try the solution. If they are using InsightVM they will be able to quickly understand what the vulnerabilities are on their assets.

I'd rate the solution eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Google
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1043379 - PeerSpot reviewer
Chief Executive Officer at a outsourcing company with 11-50 employees
Reseller
A single pane of glass with good functionality, and is easy to manage
Pros and Cons
  • "The cost is what is most valuable. Compared to the other products on the market, the cost is more palatable."
  • "We are a registered reseller and a trusted partner. However, for us to get any support from them I can't log a call directly with Rapid7 InsightVM. I have to work with the distributor to log the call for me."

What is our primary use case?

The main purpose for using Rapid7 InsightVM is vulnerability management and visibility.

What is most valuable?

The cost is what is most valuable. Compared to the other products on the market, the cost is more palatable. Also the functionality. 

It is a single pane of glass that I can do most things.

What needs improvement?

I see ongoing progress constantly. There isn't much opportunity to make recommendations for improvement from our end. Technology does what we want it to do.

The only issue I have with their business plan is how they interact with South African enterprises. 

They have one singular distributor that I must work with, and that is where my two points go. 

I can't interact with Rapid7 directly. I must work via the local incumbent, the distributor. And working with this third party can be tiresome at times.

Rapid7 InsightVM doesn't work with us directly. I have to work with a  distributor. If I need quotes or technical support, for example, I have to work with the distributor rather than Rapid7 InsightVM directly.

We are a registered reseller and a trusted partner. However, for us to get any support from them I can't log a call directly with Rapid7 InsightVM. I have to work with the distributor to log the call for me.

For how long have I used the solution?

I have been working with Rapid7 InsightVM for two to three years.

We are using the latest version.

What do I think about the stability of the solution?

Rapid7 InsightVM is very stable. I would rate the stability a five out of five.

What do I think about the scalability of the solution?

Rapid7 InsightVM is a scalable product. I would rate the scalability a five out of five.

We have approximately 1, 500 endpoints in our company.

It's not users, but endpoints, because the model is built around the endpoints you want to monitor. We run on around 1,500 endpoints. It is not user-specific.

One person can easily manage this solution, but we have a team of four engineers to manage our environment.

How are customer service and support?

I have not contacted technical support directly.

Which solution did I use previously and why did I switch?

We also use Tenable Nessus.

How was the initial setup?

I am not involved with the initial setup. I have a support team that is managing that.

We deploy it depending on our client's requirements. We use it as well as our clients.

What about the implementation team?

The deployment was done in-house. We do it ourselves.

We had four, and all four worked on the project. This is not to say that there is just one primary job or four main jobs. Our engineers all work as a team.

What was our ROI?

I can definitely see a return on investment.

It's good. We get the value from the product.

What's my experience with pricing, setup cost, and licensing?

We purchase annual licenses.

We provide our own support. We have resources that have been certified to work on the product. It is purely the license fee.

In terms of affordability, I would rate it a three out of five.

What other advice do I have?

I believe they see us as resellers because we resell it, but when we use it for professional services, they regard us as partners. They use both terms in the same sentence.

We support it.

I strongly recommend it. It's a good product. 

It's only the backend support that needs to be improved. However, there isn't very much that has room for improvement in the product right now.

They are not flawless. We have had problems here and there, but overall, I would rate Rapid7 InsightVM an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
Buyer's Guide
Download our free Rapid7 InsightVM Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free Rapid7 InsightVM Report and get advice and tips from experienced pros sharing their opinions.