Rapid7 InsightVM Reviews

Their channel program and the process of their deal registration could be improved.

Some of our customers want to be completely cloud based, and Rapid7 doesn't offer this as an option. 

I have used this solution for one year. 

This solution is fairly stable.

This is a scalable solution suitable for large environments. 

We initially worked with Qualys and found that Qualys has a better reputation but it is expensive. Companies with bigger budgets and who would like a cloud solution, usually prefer Qualys. This is also because of the product maturity and the research they provide.

The challenge with Qualys is that they do not have any distributors in Pakistan. They do not have an on-premises product, which caters more towards the enterprise accounts in Pakistan. I prefer going with Rapid7 for this reason. Rapid7 have a good distribution network with good support and market presence. 

My advice is to explore many options and look at the integrations available. My personal experience is that only implementing vulnerability management doesn't solve all of the problems. We also needed evaluator integrations that provide preventative measures.

I would rate this solution an eight out of ten. 

The primary use case of this solution is for vulnerability management.

We have monthly scans and reporting. The results are in QRadar, which is our SIEM.

This solution is very easy to use and easy to install.

It has nice features.

It would be nice to have an additional feature that would provide reports on who has logged onto the console or who did what on the console. I don't have the time to log onto the console and use SSH to go through the logs. 

We have some users with certain privileges, and sometimes they do things that I don't like.  This is why it would be nice to have an easy way to report what is in the logs.

In the next release, I would like to see reporting added to the console. It would be helpful to have reports to tell you who did what, who created reports, who created groups or who created tags.

I have been working with this solution for five years.

The stability is good. I am running it on Linux and from that point of view, Linux is stable.

We are using this solution daily. 

This solution is easy to scale. 

I am working at Triglav Group which is the leading insurance-financial group in Slovenia and
in the Adria region and one of the leading groups in South-East Europe

Triglav Group operates together with its subsidiaries and associated companies on seven markets and in six countries.

We use with two consoles, one is international for subdiraies and other is for the Slovenia all thogether we have 15 scan engines on locations.

Approximately a year ago, we had an issue with the dashboard. We contacted technical support to ask a question. Unfortunately, we were not able to resolve the issue that we were having. It could have been something in our network, but we don't know. It was not a big issue.

The technical support is good, they do give you answers and they are pretty quick.

The initial setup was easy and straightforward.

I deployed this solution. It took a couple of days with ten engines.

We did not use a vendor or integrator to implement this solution. We have five thousand people in this firm and I am the only one in technical team. 

My advice would be to just use it. 

As a whole, it's a pretty good product. I don't have any problem with it.

If they had the audit reporting then I would rate it a ten out of ten, but as it is now, I would rate this solution a nine out of then.

On-premises

We use a hybrid setup. Some dashboards and configurations are uploaded to the Cloud, and some of them are on-premises. The main engine is on-premises. We have about 12 customers and some of them are big companies. 

There are a few main features that we are very happy with. Using Rapid7, we can install a scan engine, we can do our VPN connections, and we can conduct internal scans of remote sites. We prefer the web application. It's smarter and more accurate from an application perspective.

The integration with other solutions like JIRA could be better. Perhaps there could be some additional updates in the next phase that could integrate with it, so then you can proceed with the VT much easier.

I've been using Rapid7 for about two years.

From a scalability standpoint, it's good because they give you around 100%. If you want to increase your asset counts, for example, they give you permission for 100% above the limit that you pay for.

Their support is very good. Technical support varies from person to person. Some cases have taken some time, but once it was escalated, everything was done well and the problem was solved. We've had some cases involving integration, remote sites, and some special configurations. They provided us with some support on all that.  

It's straightforward. Everything is like setting up Lego cubes. It doesn't take much time to deploy. The first deployment may take around an hour or two.

The license could be a little bit cheaper. For all these features, you would expect to pay a little bit lower but around the same general price. Licenses are paid yearly. For some customers, we pay two years at a time, but mostly it's yearly.

I would rate it nine out of 10.

Hybrid Cloud

I primarily using Rapid7 for vulnerability assessment and reporting.

At this point, we are not happy with Rapid7.

The reporting is very bad when you compare it with other vulnerability assessment tools.

This product is for basic vulnerability assessments, only, and is lacking in features such as compliance, assessment, assets, inventory, and batch management.

I have been using Rapid7 InsightVM for five years.

I would say that the scalability is 50-50. It does not offer much in terms of being able to scale. We have approximately 3,000 users.

I have been in contact with technical support and they are not bad.

Comparing the price with the value that we receive, I am not happy with it.

We are currently looking to replace Rapid7 with another product.

Currently, we are working with Tenable Nessus and Qualys.

I would rate this solution a five out of ten.

On-premises

Our primary use case is looking for people who are using Tor, or VPNs generally, and the only way we can see that is if they log in and then they log in in a foreign country right away, which means they're jumping on to the "escalator".

We really didn't have any visibility at all and now we do. It's like night and day.

NeXpose is a pretty good vulnerability scanner, good enough. There's a nice dashboard and it's a pretty cool SIEM.

We could always have a cheaper price, but other than that it's pretty good stuff.

Also, if they’d expand their product line, that would be good, and they are doing so, but they're not done yet.

Stability is rock solid.

We're at a pretty big scale already. I don't expect us to get any bigger and it's handling our scale now. If anything, we’ll probably shrink.

We're a school district and, in this area, there are three big districts, and they have open enrollment. We're not on the marketing end of our school district. If the marketing doesn't do well, we’ll shrink.

Tech support is satisfactory.

Last year got a new person in the position of information security officer, and he brought the news with him.

We went with NeXpose because we wanted to get as many products as we could from the same vendor. A full suite would have been fantastic, but that doesn't exist yet. Rapid7 had the vulnerability scanner, the penetration testing, and the SIEM, and the web app evaluator. They're adding other things. They acquired another company recently that will benefit us if we get that product. It's the all-in-one works we like.

My most important criterion when selecting a vendor is that they have to have a purchasing vehicle that is approved for school districts. It's harder than it sounds. We can't just say, "We want that, send us a bill."

It's easy to install.

We started with SentinelOne, we looked at CrowdStrike, we looked at Red Canary. The funny thing was, Red Canary was just remarketing CrowdStrike, or something like that. It got to a point where I realized these weren’t additional vendors. They were just additional packagers of the same solution.

Take a test drive. If you don't test drive it, how do you know you're going to like it or if it even works. Would you buy a car without test driving it? Absolutely not. In this case, it’s a sales contract. It's a service for one to three years. Backing out of it is pretty much impossible.

I rate it at eight out of 10. It just works. We haven't had any trouble with it. We've had good support. What's not to like? But it's an eight because the software that can be purchased is not the ultimate software. It's hard to give anybody a 10.

We are using Rapid7 InsightVM to have a vulnerability assessment solution in our organization to overcome the audit points.

We are at the stage where we are deciding if the solution will be useful for us or not.

We generate the reports for our IT sessions and try to take the recommended actions. After the action is made, we generate another report to check if this action covers the vulnerability points or not.

The reports in Rapid7 InsightVM are useful when compared to competitors.

Rapid7 InsightVM could be easier to use for those who are using it for the first time.

The updates should be fixed in the next release.

I have been using Rapid7 InsightVM for a few months.

The stability of Rapid7 InsightVM has been fine in the three months we have used it.

We are using a virtual environment with Rapid7 InsightVM and we can expand it if we want.

We have approximately three people using this solution in my company. We use the solution weekly or monthly. We would increase the use of the solution if our tests go well.

The support that we are receiving at this time is from our partner who handles the issue with the vendor if needed.

The initial setup was not straightforward because it was our first time doing it.

We did a POC first and this took us two months to make the environment. After we received the license we went into production.

We had a partner help us with the implementation of Rapid7 InsightVM.

We have an IT department that does the maintenance and support of Rapid7 InsightVM.

We have an annual license to use Rapid7 InsightVM and if we want to extend it, we will possibly choose more than one year.

I recommend this solution to others and for them to use a partner for the implementation. It can be difficult for the first time.

I rate Rapid7 InsightVM an eight out of ten.

On-premises

We primarily use the solution for vulnerability management.

From a scanning perspective, it’s great. The customization associated with each and every scan is very good. It actually provides functionality from a CIS control perspective as well.

It is easy to deploy.

The product is scalable.

The solution is very stable.

The reporting could be better.

We do not need any additional features.

I’ve been using the solution for two years.

The solution is very stable. The reliability is good. There are no bugs or glitches. It doesn’t crash or freeze.

The solution is absolutely scalable.

From a footprint perspective, there are about 780 servers. In totality, there's a license entitlement for about 1000 clients.

Technical support has been accurate.

Neutral

The solution is straightforward to set up and simple to deploy. It’s not overly complex. We only need one technical person to handle the setup process.

How long it takes to deploy depends on multiple instances whereby multiple factors, depending on client, on-prem, et cetera. Your average deployment time would be anything from three to five days.

As partners, we can handle the implementation.

The ROI is fair to mild.

The licensing is market-related.

The cost depends on the number of assets per annum.

It is very flexible. What's nice about it is, from a client's perspective, the environment can either grow and you can chew up, or it can shrink, and it meets whatever needs you have.

The licensing includes technical support.

We’re partners.

We’re always using the latest version of the solution.

There's a mix of deployments. There's an on-prem deployment in certain customer areas. However, there's also a cloud deployment from the MSSV point of view as well.

The scanner is always on-prem. The majority of the scanners that we've deployed are on-prem. Although some of the consoles are selling cloud-deployed, other consoles would be on-prem.

I’d rate the solution seven out of ten.

Public Cloud

Amazon Web Services (AWS)

InsightVM is mainly used for vulnerability management.

InsightVM's most valuable feature is risk scoring, a formula based on different vectors like the ease of exploitation and the availability of the machine. It can be customized according to the customer's needs - for example, if they have an asset that is more vulnerable, they can adjust the risk score according to their infrastructure. It also has a very robust dashboard system and good integration.

InsightVM could be improved by providing passive scanning as an option. They could also introduce license packages for fewer than 128 users for smaller organizations.

I've been using InsightVM for almost five years.

InsightVM is stable.

InsightVM has the option of implementing the scan engine separately, which helps with scalability.

InsightVM's technical support is very good.

Positive

InsightVM is easy to implement and deploy, even for small and medium businesses.

InsightVM's licensing starts at a minimum of 128 IPs and can scale up to over 1,000.

InsightVM is easy to use, has a well-defined dashboard, and can be customized according to your needs. You can also segregate your assets and define IP ranges. I would give InsightVM a rating of nine out of ten.