What advice do you have for others considering Rapid7 InsightVM?

Overall, I would recommend Rapid7 InsightVM to others. My advice would be to first understand your requirements and infrastructure before implementing the product. I would rate InsightVM as an eight.

I recommend Tennable for small and Rapid for big enterprises. Overall, I rate the solution an eight out of ten.

Rapid7 InsightVM fits into our organization's overall security posture in a critical manner. Most of the features of Rapid7 InsightVM are helpful for identifying and managing vulnerabilities. The reporting part is very useful. The live monitoring feature in Rapid7 InsightVM has enhanced your security measures in a very critical manner. With Rapid7 and InsightVM, the measurements are critical because we are based on the report, so we know exactly what endpoint or device needs to be patched. Based on the agent and report, we can identify what device we need to handle critically based on the priority. My company does not have to meet any compliance requirements. In the previous company, there was a need to meet some compliance requirements. The tool is easy to implement, but you need to have a team to work, and keep it up to date. I wouldn't recommend it for one or two people. I recommend the product to others. The product is more suitable for enterprise-sized businesses. I think the tool doesn't have an AI feature. I rate the overall tool a nine out of ten.

My company uses Rapid7 InsightVM to identify and assess vulnerabilities. The product has improved our company's vulnerability remediation process. The tool finds vulnerabilities by scanning devices and networks. The solution is also useful in the area of database scanning. The product area I find to be valuable in vulnerability management workflow stems from many aspects, like reporting, which is very useful. Rapid7 InsightVM's integration with Jira is also very effective and useful for end users. The coverage of the vulnerability offered by the product is very good. The GUI for Japanese users is good. The product's integration capabilities have improved my company's security posture, as many other systems can be integrated with it. The export feature of the product helps users deal with other products like ServiceNow or Splunk. The product is more useful for scanning than for its real-time visibility, but I can say that its functionalities come very close to real-time features. The product scans every six hours. In large and diverse environments, the performance and the scalability of the product are not bad. The product is easy to understand, making it good for companies that doesn't have much expertise in the area of security. It is an easy to use product. The product also provides a GUI in Japanese, while taking care of the reporting part efficiently, making it very convenient for the end users in Japan. I rate the product's capacity to offer ease of use an eight out of ten. I rate the overall tool a six to seven out of ten.

I prioritize vulnerabilities in InsightVM by first focusing on customer-facing systems at our perimeter, which helps me quickly identify and address any security risks. Then, I utilize the cloud-based engine to scan internal networks and ensure comprehensive coverage without the need for complex on-premise solutions, making it easy to manage from my notebook connected to the internet. Additionally, in InsightVM, we prioritize vulnerabilities by utilizing comprehensive data sources like the NVD and Rapid7's specialized risk calculation methods. The solution provides detailed information, including exploitability and impact, and evaluates whether vulnerabilities could be exploited in specific environments like NetApp. I would recommend InsightVM to others. Overall, I would rate the product as an eight out of ten.

I would rate it 8 out of 10.

I highly recommend Rapid7 as my experience with it is very positive. Overall, I would rate it eight out of ten.

I advise others to consider the number of IP addresses required to be scanned for their network while opting for Rapid7. I rate the solution as a nine.

I'm a partner, not a customer. I've been using the solution's latest version and updating it often. I'd advise people to use the product as a vulnerability scanner and as a remediation tool. They should look at the whole brand and see if any of their other products can integrate with the scanner. I would rate the solution nine out of ten.

I recommend reviewing the documentation and studying the built-in reports because they are a valuable resource. It's a great product that reports everything that's wrong with a system, providing detailed and high-level reports. I rate the solution nine out of 10.

I recommend the solution from the reporting side but am not sure I recommend it from the scanning side. The issue with firewalls needs to be fixed and then I will definitely recommend the solution. I rate the solution a seven out of ten.

I believe they see us as resellers because we resell it, but when we use it for professional services, they regard us as partners. They use both terms in the same sentence. We support it. I strongly recommend it. It's a good product. It's only the backend support that needs to be improved. However, there isn't very much that has room for improvement in the product right now. They are not flawless. We have had problems here and there, but overall, I would rate Rapid7 InsightVM an eight out of ten.

I give the solution eight out of ten.

My advice is to explore many options and look at the integrations available. My personal experience is that only implementing vulnerability management doesn't solve all of the problems. We also needed evaluator integrations that provide preventative measures. I would rate this solution an eight out of ten.

I recommend doing a comparison of Qualys, Rapid7, and Nessus. Because the scope is different from company to company and cluster to cluster, it would be good to research each product and decide according to your needs. If I were to rate Rapid7 InsightVM, I would rate it at seven on a scale from one to ten.

Tenable is number one, Rapid7 comes second. I would rate Rapid7 a six out of ten.

If your company has the budget for this product, I would recommend it. I rate the solution seven out of 10.

I would recommend this solution to others, but more integration features would be more helpful. I would rate Rapid7 InsightVM an eight out of ten.

We use this solution for our clients. We're dealing with the latest version of the product. InsightVM is a solution based on on-prem infrastructure connected to the cloud service, so it's a hybrid solution. Overall, it's a nice tool. I'd rate the solution nine out of ten.

I would advise others to make sure that every asset in the environment is monitored by the tool. I see many customers who think they have full coverage of all assets, but they are missing a part of the network. In such a case, they will get an incorrect understanding of their security. I would rate this solution a nine out of ten.

We’re partners. We’re always using the latest version of the solution. There's a mix of deployments. There's an on-prem deployment in certain customer areas. However, there's also a cloud deployment from the MSSV point of view as well. The scanner is always on-prem. The majority of the scanners that we've deployed are on-prem. Although some of the consoles are selling cloud-deployed, other consoles would be on-prem. I’d rate the solution seven out of ten.

InsightVM is easy to use, has a well-defined dashboard, and can be customized according to your needs. You can also segregate your assets and define IP ranges. I would give InsightVM a rating of nine out of ten.

InsightVM has integration with Kubernetes, which no other solution has. I would give Insight VM a rating of eight out of ten.

We're working with the latest version of the solution, however, I cannot recall the exact version number. While our clients are using a hybrid cloud, the customers still need to install on-premise. Your console right now is like a dashboard; it's moved to the cloud. I'd advise users to try the solution. If they are using InsightVM they will be able to quickly understand what the vulnerabilities are on their assets. I'd rate the solution eight out of ten.

I would rate this solution a seven out of ten.

I rate Rapid7 InsightVM an eight out of ten.

I recommend this solution to others and for them to use a partner for the implementation. It can be difficult for the first time. I rate Rapid7 InsightVM an eight out of ten.

We are thinking about changing right now. We have always used Rapid7, but we are thinking about changing now. My advice to anyone considering Rapid7 InsightVM is to look at the other vendors first. On a scale of one to ten, I would give Rapid7 InsightVM a 3.

I would recommend this solution to others. I rate Rapid7 InsightVM a nine out of ten.

I would rate it nine out of 10.

I would rate Rapid7 InsightVM a nine out of 10.

The solution is hybrid, meaning that if installation is required it must be done on the environment itself, on-premises, the portal being cloud-based. The solution has very good integration, so I see no need for improvements in this regard at present. I have no issues with the stability, security, user interface, reporting, monitoring board or Techstar reports. These are all good. The documentation is quite detailed and straightforward. It is provided to me via the internet. Off the top of my head, I cannot think of anything needing improvement. We have a single customer who is utilizing the solution, but he makes use of IDR, not IVM. I would recommend the solution to others. I rate Rapid7 InsightVM as an eight out of ten.

I would rate this solution a five out of ten.

I would recommend this solution. I would rate Rapid7 InsightVM an eight out of ten.

Do your proof of concepts if you can. Make sure you develop your risk strategy. That's important, because it's going to give you a risk number, it's going to give you critical: highs, mediums, but you need to understand what is the risk methodology that you're going to follow. Just because it says it's critical because of how many vulnerabilities you have, doesn't mean that you need to work on it right away. For example, there was a vulnerability that had 2,000 nodes affected. It put it as a high-risk, whereby there was another vulnerability where there were only about 10 hosts affected — it put it at medium-risk. However, the high-risk one, because it had more nodes affected, did not have a POC associated with it. A novice person looking at it would say, "I need to work on these 1,000 vulnerabilities because it's a high-risk, and ignore the medium." Well, the medium one had an active POC on it. If you didn't have a person who understood how to read the report and what it's actually telling you, then you would say, "Hey, you know what, I'm going to use these, I'm going to cut my risk down because I got 1,000 nodes with this vulnerability and I'm going to put this chain out real quick and I'm going to reduce my risk real quick because of the numbers." Well, in my opinion, you didn't reduce your risk because you have 10 nodes out there with a vulnerability that's rated medium and it has a POC on it. Overall, on a scale from one to ten, I would give this solution a rating of eight. I'm going to say that is because shame on Rapid7 for having such great applications, but then that little piece there that they know about hasn't been fixed. If I remember, if I go probably log back into the community, it's probably been asked a couple of times.

I had implemented InsightVM before at another company. I liked it when we were using it there which is why it ended up here. I have also had previous experience with Qualys. I did not have the time or the luxury to sit back and do a full analysis, RFI (Request for Information) and RFP (Request for Proposal) when we had to bring on the solution. We are not the CIA (Central Intelligence Agency), we are not the NSA (National Security Agency). We do not need any sophisticated solution or anything like that. We just needed something we could bring in, get online fairly quickly, and get running to do reports. Rapid7 InsightsVM fit the bill. On a scale of one to ten (where one is the worst and ten is the best), I would rate Rapid7 InsightVM as probably about an eight-out-of-ten. It gets an eight rather than scoring higher just because of some of the other stuff that I wish we had.

Overall, this is a product that I am very satisfied with. I would rate this solution an eight out of ten.

The company I worked for was just a customer and I was just an end-user. There was no business relationship between the two companies that I was aware of. The company is considering moving from on-premises to the cloud. I am unsure of which version of the solution is being used currently. I'm no longer at the company where I used the product. While the solution worked well, I have never compared other solutions, so I don't know if it's best in class or not. I'd rate the solution six out of ten.

We're a partner of InsightVM. We're most likely using the latest version of the solution, however, I'm not sure which exact version number it is. We've deployed on-premises with a local scan engine. I'd advise companies that are looking into vulnerability assessment or faster deployment, to check out InsightVM. It's easy to expand as necessary and offers flexibility in its pricing. I'd rate the solution nine out of ten.

I would recommend having the distributor help you to explain how this software works and to help with the details. I would rate it at an eight out of ten.

My advice would be to just use it. As a whole, it's a pretty good product. I don't have any problem with it. If they had the audit reporting then I would rate it a ten out of ten, but as it is now, I would rate this solution a nine out of then.

My advice for anybody who is implementing this solution is to begin by clearly identifying infrastructure and the most critical assets. This tool will give you good visibility into the network and the assets, but it is only the starting point. It is really the input for the process that you have in place to follow up and patch the assets. Simply knowing that they are vulnerable is not good enough, so the right process has to be put into place before it will work effectively. I would rate this solution an eight out of ten.

It's important to take the time to have a full understanding of how schemes are scheduled, how sites and asset groups are set up and make sure it's done upfront. It's a big help. If you remove an old site and recreate it with small differences you lose some of the data associated with the old site. Getting the organization sorted from the beginning would be the biggest piece of advice. It's very important to know what your environment is made up of. People often leave companies without documenting things and there's a lot that not everybody knows about because it was in the back of someone's mind. We now have a great repository of information on what's active on our network, what's installed on it, how all of those systems are interacting, and really having that visibility is great. One of the big lessons we were able to get value from immediately was really just having good visibility of what's in our environment. It's a very solid product, reporting is great, it's reliable. We have a lot of faith in the results it gives us. At least once a week, I get a notification with some great new features that they've added that I didn't really even know I wanted, but now I have it and can't imagine life without it. The product is cloud-based, but with an on-prem portion, but it all auto-updates. The actual scanning engine and all of that is on-prem for us. It's a SaaS solution, it's not one where we are running our own servers. It's provided as a service for us on the cloud. The on-premises stuff that we're running is just virtual machines on our VMware environment. I would rate this product an eight out of 10.

I would recommend the product. The product is very good. I would rate the product between a nine and a nine point five (out of 10).

Rapid 7 is a leading solution that has been implemented in many companies. In Nexpose you have the console and the app assistant for Rapid 7. The design can be implemented in all of the segments of the network to scan, perform the scale of the scan, perform the reporting, generate the reports, and send it to the central console. I would suggest that customers acquire this solution. In addition to management, we are subscribed to the security dispense team and the company emergency dispense team. We always receive the bulletins, so we are always aware of the vulnerabilities. I appreciate this solution. All of the features that are included are enough for me. This is an excellent solution and I would rate it a ten out of ten.

Users need to customize the policy compliance in order to optimize usage.

Take a test drive. If you don't test drive it, how do you know you're going to like it or if it even works. Would you buy a car without test driving it? Absolutely not. In this case, it’s a sales contract. It's a service for one to three years. Backing out of it is pretty much impossible. I rate it at eight out of 10. It just works. We haven't had any trouble with it. We've had good support. What's not to like? But it's an eight because the software that can be purchased is not the ultimate software. It's hard to give anybody a 10.