Try our new research platform with insights from 80,000+ expert users
IT Security Engineer
Real User
Reliable, easy to set up, and has a good remediation feature
Pros and Cons
  • "The solution scales well."
  • "There was functionality present previously, however, currently, we can't integrate directly with Jira Service Desk - only the cloud version."

What is our primary use case?

We primarily use the solution for vulnerability management and monitoring the progress of the remediation process.

What is most valuable?

The remediation feature has been quite useful. 

It's easy to set up the solution. 

It's stable.

The solution scales well.

What needs improvement?

The solution isn't missing any features, and I haven't noticed any shortcomings. 

There was functionality present previously, however, currently, we can't integrate directly with Jira Service Desk - only the cloud version. That, or we must share to the internet on-prem Jira Service Desk. It's not easy for us since we use only the on-prem Service Desk service, and we don't straight to the internet for our service.

InsightVM can only directly connect to the internet. So, we can't use this integration and send tasks to our technical team from InsightVM. We, therefore, need better integration with Jira Service Desk. 

What do I think about the stability of the solution?

The stability has been good overall. I would rate it five out of five in terms of reliability. The performance is good. There are no bugs or glitches, and it doesn't crash or freeze. 

Buyer's Guide
Rapid7 InsightVM
December 2024
Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.

What do I think about the scalability of the solution?

The solution is suitable for big or small organizations. We have clients of different sizes using the product. 

It's used at the engineering level, with security and administrators using it regularly.

I'd rate it five out of five in terms of the ease of scaling. 

How was the initial setup?

The solution is straightforward to set up. I'd rate it four out of five in terms of ease of implementation. 

We have one or two team members that can set up the solution. 

How long it takes to deploy depends on the customer. For a small customer, it's less than one month or sometimes two weeks. For a big customer with many assets and services, it takes two or three months to deploy.

We only need to have one or two people on hand to handle maintenance tasks. 

What's my experience with pricing, setup cost, and licensing?

The solution is not overly expensive.

What other advice do I have?

We use this solution for our clients.

We're dealing with the latest version of the product.

InsightVM is a solution based on on-prem infrastructure connected to the cloud service, so it's a hybrid solution.

Overall, it's a nice tool. 

I'd rate the solution nine out of ten. 

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Muhammad Ali Aziz - PeerSpot reviewer
Senior Manager Cyber Security Services & Solutions at Trillium
Vendor
Top 10
User-friendly and customizable with great risk scoring feature
Pros and Cons
  • "InsightVM's most valuable feature is risk scoring, a formula based on different vectors like the ease of exploitation and the availability of the machine."
  • "InsightVM could be improved by providing passive scanning as an option."

What is our primary use case?

InsightVM is mainly used for vulnerability management.

What is most valuable?

InsightVM's most valuable feature is risk scoring, a formula based on different vectors like the ease of exploitation and the availability of the machine. It can be customized according to the customer's needs - for example, if they have an asset that is more vulnerable, they can adjust the risk score according to their infrastructure. It also has a very robust dashboard system and good integration.

What needs improvement?

InsightVM could be improved by providing passive scanning as an option. They could also introduce license packages for fewer than 128 users for smaller organizations.

For how long have I used the solution?

I've been using InsightVM for almost five years.

What do I think about the stability of the solution?

InsightVM is stable.

What do I think about the scalability of the solution?

InsightVM has the option of implementing the scan engine separately, which helps with scalability.

How are customer service and support?

InsightVM's technical support is very good.

How would you rate customer service and support?

Positive

How was the initial setup?

InsightVM is easy to implement and deploy, even for small and medium businesses.

What's my experience with pricing, setup cost, and licensing?

InsightVM's licensing starts at a minimum of 128 IPs and can scale up to over 1,000.

What other advice do I have?

InsightVM is easy to use, has a well-defined dashboard, and can be customized according to your needs. You can also segregate your assets and define IP ranges. I would give InsightVM a rating of nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
PeerSpot user
Buyer's Guide
Rapid7 InsightVM
December 2024
Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Khizar Butt - PeerSpot reviewer
Country Sales Lead at securic systems
Reseller
Top 5Leaderboard
Vulnerability management solution that has a good distribution network and support in Pakistan
Pros and Cons
  • "Rapid7 have a good distribution network with good support and market presence."
  • "Some of our customers want to be completely cloud based, and Rapid7 doesn't offer this as an option."

What needs improvement?

Their channel program and the process of their deal registration could be improved.

Some of our customers want to be completely cloud based, and Rapid7 doesn't offer this as an option. 

For how long have I used the solution?

I have used this solution for one year. 

What do I think about the stability of the solution?

This solution is fairly stable.

What do I think about the scalability of the solution?

This is a scalable solution suitable for large environments. 

Which solution did I use previously and why did I switch?

We initially worked with Qualys and found that Qualys has a better reputation but it is expensive. Companies with bigger budgets and who would like a cloud solution, usually prefer Qualys. This is also because of the product maturity and the research they provide.

The challenge with Qualys is that they do not have any distributors in Pakistan. They do not have an on-premises product, which caters more towards the enterprise accounts in Pakistan. I prefer going with Rapid7 for this reason. Rapid7 have a good distribution network with good support and market presence. 

What other advice do I have?

My advice is to explore many options and look at the integrations available. My personal experience is that only implementing vulnerability management doesn't solve all of the problems. We also needed evaluator integrations that provide preventative measures.

I would rate this solution an eight out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
reviewer1329348 - PeerSpot reviewer
Material Coordinator at a energy/utilities company with 1,001-5,000 employees
Real User
Useful reports, stable, and good vendor support
Pros and Cons
  • "The reports in Rapid7 InsightVM are useful when compared to competitors."
  • "Rapid7 InsightVM could be easier to use for those who are using it for the first time."

What is our primary use case?

We are using Rapid7 InsightVM to have a vulnerability assessment solution in our organization to overcome the audit points.

How has it helped my organization?

We are at the stage where we are deciding if the solution will be useful for us or not.

We generate the reports for our IT sessions and try to take the recommended actions. After the action is made, we generate another report to check if this action covers the vulnerability points or not.

What is most valuable?

The reports in Rapid7 InsightVM are useful when compared to competitors.

What needs improvement?

Rapid7 InsightVM could be easier to use for those who are using it for the first time.

The updates should be fixed in the next release.

For how long have I used the solution?

I have been using Rapid7 InsightVM for a few months.

What do I think about the stability of the solution?

The stability of Rapid7 InsightVM has been fine in the three months we have used it.

What do I think about the scalability of the solution?

We are using a virtual environment with Rapid7 InsightVM and we can expand it if we want.

We have approximately three people using this solution in my company. We use the solution weekly or monthly. We would increase the use of the solution if our tests go well.

How are customer service and support?

The support that we are receiving at this time is from our partner who handles the issue with the vendor if needed.

How was the initial setup?

The initial setup was not straightforward because it was our first time doing it.

We did a POC first and this took us two months to make the environment. After we received the license we went into production.

What about the implementation team?

We had a partner help us with the implementation of Rapid7 InsightVM.

We have an IT department that does the maintenance and support of Rapid7 InsightVM.

What's my experience with pricing, setup cost, and licensing?

We have an annual license to use Rapid7 InsightVM and if we want to extend it, we will possibly choose more than one year.

What other advice do I have?

I recommend this solution to others and for them to use a partner for the implementation. It can be difficult for the first time.

I rate Rapid7 InsightVM an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Information Security Officer at Umniah
Real User
It's smarter and more accurate from an application perspective
Pros and Cons
  • "Using Rapid7, we can install a scan engine, we can do our VPN connections, and we can conduct internal scans of remote sites. We prefer the web application. It's smarter and more accurate from an application perspective."
  • "The integration with other solutions like JIRA could be better. Perhaps there could be some additional updates in the next phase that could integrate with it, so then you can proceed with the VT much easier."

What is our primary use case?

We use a hybrid setup. Some dashboards and configurations are uploaded to the Cloud, and some of them are on-premises. The main engine is on-premises. We have about 12 customers and some of them are big companies. 

What is most valuable?

There are a few main features that we are very happy with. Using Rapid7, we can install a scan engine, we can do our VPN connections, and we can conduct internal scans of remote sites. We prefer the web application. It's smarter and more accurate from an application perspective.

What needs improvement?

The integration with other solutions like JIRA could be better. Perhaps there could be some additional updates in the next phase that could integrate with it, so then you can proceed with the VT much easier.

For how long have I used the solution?

I've been using Rapid7 for about two years.

What do I think about the scalability of the solution?

From a scalability standpoint, it's good because they give you around 100%. If you want to increase your asset counts, for example, they give you permission for 100% above the limit that you pay for.

How are customer service and technical support?

Their support is very good. Technical support varies from person to person. Some cases have taken some time, but once it was escalated, everything was done well and the problem was solved. We've had some cases involving integration, remote sites, and some special configurations. They provided us with some support on all that.  

How was the initial setup?

It's straightforward. Everything is like setting up Lego cubes. It doesn't take much time to deploy. The first deployment may take around an hour or two.

What's my experience with pricing, setup cost, and licensing?

The license could be a little bit cheaper. For all these features, you would expect to pay a little bit lower but around the same general price. Licenses are paid yearly. For some customers, we pay two years at a time, but mostly it's yearly.

What other advice do I have?

I would rate it nine out of 10.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer1397976 - PeerSpot reviewer
Owner at a tech services company with 1-10 employees
Real User
Understands and defends your network from vulnerabilities
Pros and Cons
  • "I liked the dashboard on it. I could customize my dashboard with different widgets and different heat maps."
  • "I would say that it improved our visibility, but it left things open."

What is our primary use case?

We used InsightVM mainly for vulnerability management. I thought it was a pretty interesting application. I'm a fan of Rapid7's Metasploit, so when I saw InsightVM I was like, "Let's see what else they have." I liked it up until we experienced some issues relating to scans. If I wanted to do mitigation, I needed to wait until the next scan was available or ran so that I could get to see if any indentations were made. 

While I was in there, if I was searching for a specific vulnerability, sometimes it was hard to find the specific ones. In the dashboard, it'll tell you the results from the scans, and it will also tell you the vulnerabilities and it will rank them for risk. I would have liked to have been able to click on the vulnerability and it would take me to another area that just has the vulnerability with all the hosts. It wouldn't let you do that. You had to come back out of that window and go into another window and search for it. Well, you wouldn't get the same results as the number of hosts. I had to work a little bit harder to find exactly what I needed.

Within our organization, there were two of us using it. Both of us were IT analysts. One was an IT analyst III (which was me), and the other one was the IT analyst manager.

How has it helped my organization?

I would say that it improved our visibility, but it left things open.

What is most valuable?

I liked the dashboard on it. I could customize my dashboard with different widgets and different heat maps. I liked that. That was a feature I liked. If your manager had a different dashboard that they liked, and you tried to go into a meeting and they say, "Well, I think your numbers are wrong because my dashboard says this" Well, you couldn't rapidly say, "Here's the default dashboard for this for risk." Whereas, with Tenable, you could go through a dashboard just for risks, and say, "Hey, let's switch to this dashboard so we're seeing the same numbers without customization."

What needs improvement?

They just need to fix it to make it more fluid. If it shows you vulnerabilities, I want to be able to click on the vulnerability and drill down into the vulnerability. If it's rating it as a 10 and it says it's got 30 hosts in it for this vulnerability, I want to click on that vulnerability and get a separate report that says, "Here's the vulnerability specific and here's the host involved." That way I could export it and say, "Hey, this vulnerability's out there, it matches a CVE number that is critical, that Microsoft, Cisco, whatever, has put a patch out there, and here guys, here's what it is and here's the proof. Here's your host that's vulnerable. Here's a change request, fix it, send me back the proof that you fixed it, then allow me to rerun a scan specific to that, on-demand, to say 'Yes, boss, we have mitigated it.'"

I want to be able to just drill down on the reports. If it showing me there's a vulnerability and there's a said number of nodes that's vulnerable to it, I want to be able to drill down and export that list without having to come back out of it, going into my assets, trying to find the name of the vulnerability, which doesn't match what the dashboard says. To me, that was backward.

For how long have I used the solution?

I have used this solution for one year.

What do I think about the stability of the solution?

It was pretty stable. We didn't have any real hiccups, but it was stable. We didn't have any real hiccups there.

What do I think about the scalability of the solution?

As far as I know, it says it's scalable. I'm not sure if that company I used to work for had to scale it up or down.

How are customer service and technical support?

The tech support was very helpful. Actually, I knew a couple of them so it was very helpful.

I would give their tech support a rating of 10 — I knew them from using Metasploit and some other products. It was more of a, "Hey, I got this issue, how can you help me with it?" They'd point me and say, "Hey, check this out."

How was the initial setup?

I wasn't involved in the initial setup, so I can't comment on that.

What other advice do I have?

Do your proof of concepts if you can. Make sure you develop your risk strategy. That's important, because it's going to give you a risk number, it's going to give you critical: highs, mediums, but you need to understand what is the risk methodology that you're going to follow. Just because it says it's critical because of how many vulnerabilities you have, doesn't mean that you need to work on it right away.

For example, there was a vulnerability that had 2,000 nodes affected. It put it as a high-risk, whereby there was another vulnerability where there were only about 10 hosts affected — it put it at medium-risk. However, the high-risk one, because it had more nodes affected, did not have a POC associated with it. A novice person looking at it would say, "I need to work on these 1,000 vulnerabilities because it's a high-risk, and ignore the medium." Well, the medium one had an active POC on it. If you didn't have a person who understood how to read the report and what it's actually telling you, then you would say, "Hey, you know what, I'm going to use these, I'm going to cut my risk down because I got 1,000 nodes with this vulnerability and I'm going to put this chain out real quick and I'm going to reduce my risk real quick because of the numbers." Well, in my opinion, you didn't reduce your risk because you have 10 nodes out there with a vulnerability that's rated medium and it has a POC on it.

Overall, on a scale from one to ten, I would give this solution a rating of eight. I'm going to say that is because shame on Rapid7 for having such great applications, but then that little piece there that they know about hasn't been fixed. If I remember, if I go probably log back into the community, it's probably been asked a couple of times.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Enterprise Manager Infrastructure and Operations at McGrath RentCorp
Real User
Enables us to gain insight into internal systems vulnerabilities and remediation tasks
Pros and Cons
  • "Rapid7 InsightVM has given us a practical view of the vulnerabilities present in our organization."
  • "A definite improvement would be to make it easier to run ad-hoc scans without needing to assign the asset to a site or group."

What is our primary use case?

Our primary use case for this solution is to gain insight into internal systems vulnerabilities and remediation tasks.

How has it helped my organization?

Rapid7 InsightVM has given us a practical view of the vulnerabilities present in our organization. Not only does it verify the vulnerability, but scores it against the skill level of an attacker.

What is most valuable?

The feature that we find most valuable is the granularity. You can view your assets however makes the most sense to your business. We found that we could isolate systems easily via tagging and site setup.

What needs improvement?

A definite improvement would be to make it easier to run ad-hoc scans without needing to assign the asset to a site or group.

For how long have I used the solution?

Less than one year.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior manager at Software Productivity Group
Real User
Top 20
Affordable solution with an easy initial setup process
Pros and Cons
  • "It is a stable solution."
  • "They should improve the cybersecurity feature of the solution."

What is our primary use case?

We use the solution for vulnerability management of our on-cloud environments.

What is most valuable?

The solution provides all the required features for vulnerability management.

What needs improvement?

They should improve the cybersecurity feature of the solution.

For how long have I used the solution?

We have been using the solution for a month.

What do I think about the stability of the solution?

It is a stable solution. We can connect it with other platforms easily.

What do I think about the scalability of the solution?

We have four to five solution users in our organization.

How was the initial setup?

The solution's initial setup process is easy.

What's my experience with pricing, setup cost, and licensing?

The solution's license costs around $30 per month. It is less expensive compared to other competitors.

What other advice do I have?

I advise others to consider the number of IP addresses required to be scanned for their network while opting for Rapid7. I rate the solution as a nine.

Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
Buyer's Guide
Download our free Rapid7 InsightVM Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free Rapid7 InsightVM Report and get advice and tips from experienced pros sharing their opinions.