I use InsightVM for vulnerability scanning, to follow up that patching is done properly, and to control operational teams and ensure they're doing their job.
Head of Cyber security analysis at DNV Poland Sp. z o.o.
Company-saving vulnerability scanner that's easy to set up
Pros and Cons
- "InsightVM's best features are the vulnerability database and remediation steps."
- "InsightVM is getting a little stale and is in danger of falling behind its competitors."
What is our primary use case?
How has it helped my organization?
InsightVM lets me scan our environments and ensure that our operational teams are on top of patching.
What is most valuable?
InsightVM's best features are the vulnerability database and remediation steps.
What needs improvement?
InsightVM is getting a little stale and is in danger of falling behind its competitors. It's also becoming more complicated, and I prefer it to be kept simple. Its cloud coverage could also be stepped up.
Buyer's Guide
Rapid7 InsightVM
December 2024
Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
For how long have I used the solution?
I've been using InsightVM for ten years.
What do I think about the stability of the solution?
Insight VM is very stable.
What do I think about the scalability of the solution?
There used to be some problems with scaling InsightVM, but those limitations have been removed in newer versions.
How are customer service and support?
Rapid7's technical support is brilliant, responsive, and professional.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup was very easy and took a day to complete. I would rate the setup process five out of five.
What about the implementation team?
We used an in-house team.
What was our ROI?
Having a vulnerability scanner has saved us from cyber attacks a number of times, so we've gotten good ROI from Insight VM. I'd rate our ROI as five out of five.
What's my experience with pricing, setup cost, and licensing?
InsightVM is an expensive product, especially compared to its competitors, at around a million NOK per year. Support is included in the license for no extra cost. I would rate their pricing at one out of five.
What other advice do I have?
InsightVM has integration with Kubernetes, which no other solution has. I would give Insight VM a rating of eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Director of Information Technology at a government with 201-500 employees
Good at identifying vulnerabilities but had issues with scans and endpoint accuracy
Pros and Cons
- "The main functionality of identifying item endpoints that weren't properly patched or had vulnerabilities is the solution's most valuable feature."
- "We found that after you passed an endpoint, it didn't always reflect it in the next scan. I'm not sure if it was a glitch or some issue with the product's software. That was never clear. That was always an issue and something that definitely needed improvement."
What is our primary use case?
The solution is primarily used for vulnerability management, specifically vulnerability scanning of the endpoint devices.
What is most valuable?
The main functionality of identifying item endpoints that weren't properly patched or had vulnerabilities is the solution's most valuable feature.
What needs improvement?
We found that after you passed an endpoint, it didn't always reflect it in the next scan. I'm not sure if it was a glitch or some issue with the product's software. That was never clear. That was always an issue and something that definitely needed improvement.
For how long have I used the solution?
We've used the solution for four years.
What do I think about the stability of the solution?
I didn't notice anything in terms of stability issues. There was always data in it, so I didn't, face any problems. We just had an issue once where we would scan and then we would patch and occasionally it wasn't reflected on the next scan that that patch was there. That was the biggest issue we faced. Other than that, it was reliable. We didn't really have glitchiness or bugs. It wasn't crashing or freezing on us.
What do I think about the scalability of the solution?
I probably don't have an opinion on the scalability. It seemed to function, however, beyond that I'm not sure. As an end-user, I just would log in and run reports. I wasn't in charge of expanding the solution. I used it in a pretty non-technical way.
There were only ever about 10 to 15 users on the solution at any given time.
How are customer service and technical support?
I never actually got in touch with technical support. I wouldn't be able to speak t their level of service.
Which solution did I use previously and why did I switch?
The company did not use a different solution before using this product.
How was the initial setup?
I never set up the software myself. I was always just an end-user. I can't speak to if the solution was straightforward or complex.
I have not idea how long deployment took. I'm not sure if it was a long process or not.
Maintenance was handled by our security division. I don't know if there was one person or there were multiple admins that handled that aspect of the solution.
What about the implementation team?
It's my understanding that the solution was set up in-house and an integrator or reseller was not used.
What's my experience with pricing, setup cost, and licensing?
I'm not sure what the solution would cost on a monthly or yearly basis.
Which other solutions did I evaluate?
I'm not sure if the company evaluated other options or not. I wasn't part of that process.
The company I'm working with now is looking at evaluating Tenable.io.
What other advice do I have?
The company I worked for was just a customer and I was just an end-user. There was no business relationship between the two companies that I was aware of.
The company is considering moving from on-premises to the cloud.
I am unsure of which version of the solution is being used currently. I'm no longer at the company where I used the product.
While the solution worked well, I have never compared other solutions, so I don't know if it's best in class or not.
I'd rate the solution six out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Rapid7 InsightVM
December 2024
Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Senior Security Analyst at a financial services firm with 1,001-5,000 employees
We have fewer false positives when using it
Pros and Cons
- "We feel the interface is very good. It is very easy to use, even a nontechnical person can use it."
- "The reporting has room for improvement. You cannot customize any report. If I need a specific requirement, I have to create a new report for it."
What is our primary use case?
We are using the solution for configuration review and vulnerability management.
I am using the latest version.
How has it helped my organization?
We have fewer false positives.
What is most valuable?
We feel the interface is very good. It is very easy to use, even a nontechnical person can use it.
What needs improvement?
The reporting has room for improvement. You cannot customize any report. If I need a specific requirement, I have to create a new report for it. I cannot pull up two or three things in one report.
For how long have I used the solution?
Three years.
What do I think about the stability of the solution?
It is stable. For the last three years, we haven't faced any bugs.
What do I think about the scalability of the solution?
It's very easily scalable. You just have to renew your license, and the scalability is already done.
Currently, we have three people who are use the solution. We manage this solution for the whole organization.
How are customer service and technical support?
The technical support is very helpful, but too slow. Overall, it usually takes 24 hours for them to reply, but the support that they provide is good.
How was the initial setup?
It's very straightforward. The deployment took less than an hour.
What about the implementation team?
We implemented it on our own.
What's my experience with pricing, setup cost, and licensing?
The license is IP based. How many IPs you are using to scan is the amount of the license you have to buy. The number of users doesn't matter; many users can use it or only person. It depends on the culture of the organization.
We have 600 to 700 licenses.
Which other solutions did I evaluate?
We tested two to three solutions where we had a couple of false positives.
Rapid7 InsightVM has very low false positives, so you don't have to go in manually and verify them. This solution is efficient.
What other advice do I have?
I would recommend the product. The product is very good.
I would rate the product between a nine and a nine point five (out of 10).
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Service Delivery Manager at a security firm with 11-50 employees
Easy to deploy and flexible licensing but the reporting could be better
Pros and Cons
- "The product is scalable."
- "The reporting could be better."
What is our primary use case?
We primarily use the solution for vulnerability management.
What is most valuable?
From a scanning perspective, it’s great. The customization associated with each and every scan is very good. It actually provides functionality from a CIS control perspective as well.
It is easy to deploy.
The product is scalable.
The solution is very stable.
What needs improvement?
The reporting could be better.
We do not need any additional features.
For how long have I used the solution?
I’ve been using the solution for two years.
What do I think about the stability of the solution?
The solution is very stable. The reliability is good. There are no bugs or glitches. It doesn’t crash or freeze.
What do I think about the scalability of the solution?
The solution is absolutely scalable.
From a footprint perspective, there are about 780 servers. In totality, there's a license entitlement for about 1000 clients.
How are customer service and support?
Technical support has been accurate.
How would you rate customer service and support?
Neutral
How was the initial setup?
The solution is straightforward to set up and simple to deploy. It’s not overly complex. We only need one technical person to handle the setup process.
How long it takes to deploy depends on multiple instances whereby multiple factors, depending on client, on-prem, et cetera. Your average deployment time would be anything from three to five days.
What about the implementation team?
As partners, we can handle the implementation.
What was our ROI?
The ROI is fair to mild.
What's my experience with pricing, setup cost, and licensing?
The licensing is market-related.
The cost depends on the number of assets per annum.
It is very flexible. What's nice about it is, from a client's perspective, the environment can either grow and you can chew up, or it can shrink, and it meets whatever needs you have.
The licensing includes technical support.
What other advice do I have?
We’re partners.
We’re always using the latest version of the solution.
There's a mix of deployments. There's an on-prem deployment in certain customer areas. However, there's also a cloud deployment from the MSSV point of view as well.
The scanner is always on-prem. The majority of the scanners that we've deployed are on-prem. Although some of the consoles are selling cloud-deployed, other consoles would be on-prem.
I’d rate the solution seven out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Security Analyst at Zavarovalnica Triglav dd
Vulnerability management that is easy to use and install, with good technical support
Pros and Cons
- "This solution is very easy to use and easy to install."
- "It would be nice to have an additional feature that would provide reports on who has logged onto the console or who did what on the console."
What is our primary use case?
The primary use case of this solution is for vulnerability management.
We have monthly scans and reporting. The results are in QRadar, which is our SIEM.
What is most valuable?
This solution is very easy to use and easy to install.
It has nice features.
What needs improvement?
It would be nice to have an additional feature that would provide reports on who has logged onto the console or who did what on the console. I don't have the time to log onto the console and use SSH to go through the logs.
We have some users with certain privileges, and sometimes they do things that I don't like. This is why it would be nice to have an easy way to report what is in the logs.
In the next release, I would like to see reporting added to the console. It would be helpful to have reports to tell you who did what, who created reports, who created groups or who created tags.
For how long have I used the solution?
I have been working with this solution for five years.
What do I think about the stability of the solution?
The stability is good. I am running it on Linux and from that point of view, Linux is stable.
We are using this solution daily.
What do I think about the scalability of the solution?
This solution is easy to scale.
I am working at Triglav Group which is the leading insurance-financial group in Slovenia andin the Adria region and one of the leading groups in South-East Europe
Triglav Group operates together with its subsidiaries and associated companies on seven markets and in six countries.
We use with two consoles, one is international for subdiraies and other is for the Slovenia all thogether we have 15 scan engines on locations.
How are customer service and technical support?
Approximately a year ago, we had an issue with the dashboard. We contacted technical support to ask a question. Unfortunately, we were not able to resolve the issue that we were having. It could have been something in our network, but we don't know. It was not a big issue.
The technical support is good, they do give you answers and they are pretty quick.
How was the initial setup?
The initial setup was easy and straightforward.
I deployed this solution. It took a couple of days with ten engines.
What about the implementation team?
We did not use a vendor or integrator to implement this solution. We have five thousand people in this firm and I am the only one in technical team.
What other advice do I have?
My advice would be to just use it.
As a whole, it's a pretty good product. I don't have any problem with it.
If they had the audit reporting then I would rate it a ten out of ten, but as it is now, I would rate this solution a nine out of then.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Specialist at a financial services firm with 1,001-5,000 employees
Simple to install, user interface is both professional and user-friendly
Pros and Cons
- "This solution's most useful feature is that it is entirely a single-page application."
- "The drawback is that it is still not a fully SaaS solution, so you must deploy a console."
What is our primary use case?
We use Rapid7 InsightVM to increase vulnerability scanning, which is why we tried Qualys as well.
What is most valuable?
This solution's most useful feature is that it is entirely a single-page application.
The UI is both professional and user-friendly.
What needs improvement?
The drawback is that it is still not a fully SaaS solution, so you have to deploy a console.
For how long have I used the solution?
I have been working with Rapid7 InsightVM for six weeks.
What do I think about the stability of the solution?
Rapid7 InsightVM is stable.
What do I think about the scalability of the solution?
Rapid7 InsightVM is a scalable solution.
How are customer service and support?
We have two dedicated technicians to assist us.
Which solution did I use previously and why did I switch?
We are also testing Qualys. If you look at both options, I believe they are the same. Both are in the top market leader position.
Both tools have the same features. The most essential consideration in choosing one of those two experiences with it and whether it fits inside your business.
I can't decide, we are still in the comparison phases.
How was the initial setup?
It is very easy to set up.
It can be deployed in a matter of weeks.
What's my experience with pricing, setup cost, and licensing?
It is pretty expensive. It depends on what you consider pricey, however, if you only look at vulnerability management solutions, such as within VM or VMDR, there are, I suppose the prices are almost the same. But I believe you will discover that for yourself.
What other advice do I have?
Experiment with it and gain some experience with it.
I would rate Rapid7 InsightVM an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cyber Security Engineer at a manufacturing company with 5,001-10,000 employees
Good reporting, useful automation features, and has good technical support
Pros and Cons
- "It's a relevant management tool."
- "I would like to see more integration."
What is our primary use case?
We use this solution for our internal server for scanning. We can scan for vulnerabilities and locate them.
We also generate reports for the patching team. We assign tasks to the patching team.
What is most valuable?
It's a relevant management tool.
It has some useful automation features. The report generating and the scanning are very helpful.
What needs improvement?
It would be very helpful to have integration. There are many plugins that can be used for tasks that would help the visibility and be able to locate the exact problem.
I would like to see more integration.
I would also like to see more flexibility when scheduling the scans. We should be able to schedule scans when we want them to be scheduled. Currently, they have to be scheduled before a certain day of the week.
For how long have I used the solution?
I have been using Rapid7 InsightVm for six months during my internship.
What do I think about the stability of the solution?
Rapid7 InsightVM is a stable product.
What do I think about the scalability of the solution?
We have no issues with the scalability of this solution. We have a vulnerability management team of four who are using it, and in our organization, we have approximately 20 people, including management.
How are customer service and technical support?
Technical support is good.
Which solution did I use previously and why did I switch?
I have used Tenable Nessus previously for my personal projects. I used it for scanning for my projects in college.
How was the initial setup?
I was not involved in the installation. It was already installed previously.
What's my experience with pricing, setup cost, and licensing?
Licensing fees are paid on a yearly basis.
What other advice do I have?
I would recommend this solution to others, but more integration features would be more helpful.
I would rate Rapid7 InsightVM an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Manager at a educational organization with 5,001-10,000 employees
With an effective dashboard, it gives us visibility into people using VPNs
Pros and Cons
- "NeXpose is a pretty good vulnerability scanner... There's a nice dashboard."
What is our primary use case?
Our primary use case is looking for people who are using Tor, or VPNs generally, and the only way we can see that is if they log in and then they log in in a foreign country right away, which means they're jumping on to the "escalator".
How has it helped my organization?
We really didn't have any visibility at all and now we do. It's like night and day.
What is most valuable?
NeXpose is a pretty good vulnerability scanner, good enough. There's a nice dashboard and it's a pretty cool SIEM.
What needs improvement?
We could always have a cheaper price, but other than that it's pretty good stuff.
Also, if they’d expand their product line, that would be good, and they are doing so, but they're not done yet.
What do I think about the stability of the solution?
Stability is rock solid.
What do I think about the scalability of the solution?
We're at a pretty big scale already. I don't expect us to get any bigger and it's handling our scale now. If anything, we’ll probably shrink.
We're a school district and, in this area, there are three big districts, and they have open enrollment. We're not on the marketing end of our school district. If the marketing doesn't do well, we’ll shrink.
How are customer service and technical support?
Tech support is satisfactory.
Which solution did I use previously and why did I switch?
Last year got a new person in the position of information security officer, and he brought the news with him.
We went with NeXpose because we wanted to get as many products as we could from the same vendor. A full suite would have been fantastic, but that doesn't exist yet. Rapid7 had the vulnerability scanner, the penetration testing, and the SIEM, and the web app evaluator. They're adding other things. They acquired another company recently that will benefit us if we get that product. It's the all-in-one works we like.
My most important criterion when selecting a vendor is that they have to have a purchasing vehicle that is approved for school districts. It's harder than it sounds. We can't just say, "We want that, send us a bill."
How was the initial setup?
It's easy to install.
Which other solutions did I evaluate?
We started with SentinelOne, we looked at CrowdStrike, we looked at Red Canary. The funny thing was, Red Canary was just remarketing CrowdStrike, or something like that. It got to a point where I realized these weren’t additional vendors. They were just additional packagers of the same solution.
What other advice do I have?
Take a test drive. If you don't test drive it, how do you know you're going to like it or if it even works. Would you buy a car without test driving it? Absolutely not. In this case, it’s a sales contract. It's a service for one to three years. Backing out of it is pretty much impossible.
I rate it at eight out of 10. It just works. We haven't had any trouble with it. We've had good support. What's not to like? But it's an eight because the software that can be purchased is not the ultimate software. It's hard to give anybody a 10.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Rapid7 InsightVM Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Risk-Based Vulnerability ManagementPopular Comparisons
Qualys VMDR
Tenable Security Center
Tenable Vulnerability Management
Microsoft Defender Vulnerability Management
Nucleus
Arctic Wolf Managed Risk
Cisco Vulnerability Management (formerly Kenna.VM)
SanerNow CyberHygiene Platform
Balbix BreachControl
SecureWorks Taegis VDR
Fortra's Vulnerability Management
Buyer's Guide
Download our free Rapid7 InsightVM Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions: