We mainly use it for vulnerability management, generating monthly reports to address and resolve vulnerabilities. The main use cases involve receiving alerts based on predefined settings by Rapid7, investigating these alerts to understand their causes, and performing fine-tuning activities.
With InsightVM, I continuously monitor my network by setting up regular scans to identify vulnerabilities in real-time. It IS particularly useful for focusing on customer-facing systems at our perimeter, helping me prioritize and quickly address any security risks.
It's a vulnerability scanning tool utilized within the vulnerability management process. We employ it to conduct internal vulnerability assessments of company or organizational host IPs.
System Analyst II at a energy/utilities company with 1,001-5,000 employees
Real User
Top 5
2023-01-24T19:59:57Z
Jan 24, 2023
I don't use this solution directly because I'm not a security admin, but my use case is checking servers against it to see what our patching penetration looks like and whether there are any vulnerabilities that need to be cleared up. We are customers of Insight VM.
Our company uses the Nexpose automation tools for validity, deactivation, assessment, and penetration testing. We can easily see if something has been exposed and manually focus on or follow main vulnerabilities. We have 28 users and a JV license key for using the solution in our offline systems on a trial basis.
Head of Cyber security analysis at DNV Poland Sp. z o.o.
Real User
2022-06-08T07:18:10Z
Jun 8, 2022
I use InsightVM for vulnerability scanning, to follow up that patching is done properly, and to control operational teams and ensure they're doing their job.
Network & Security Engineer at PT. Centrin Online Prima
Reseller
Top 5
2022-05-12T06:51:43Z
May 12, 2022
There are so many cases for InsightVM. It's used for customers that need the ICS compiler or if they need users to work from home right now. It allows them to manage assets from anywhere.
We implemented it to scan all the assets. In terms of deployment, in my previous organization, it was deployed on-prem, but in my current organization, it is on the cloud.
Security Consultant at a tech vendor with 11-50 employees
Real User
2022-03-28T16:58:37Z
Mar 28, 2022
The main use cases of Rapid7 InsightVM are finding configuration vulnerability checks and patching recommendations. These two are the main use cases that everybody's looking for.
We use a hybrid setup. Some dashboards and configurations are uploaded to the Cloud, and some of them are on-premises. The main engine is on-premises. We have about 12 customers and some of them are big companies.
We are using InsightVM for vulnerability management services. We use it for providing professional services to our customers, and we also use it for our internal use. We do on-premises and cloud deployments.
Senior Consultant at a tech services company with 11-50 employees
Real User
2021-06-09T14:04:00Z
Jun 9, 2021
The solution is similar to Tenable, but Rapid7 also comes with Insight - Detection and Response, which integrates with InsightVM. This alerts the customer in the event of an attack or updates him about the status of a vulnerability. The solution provides increased visibility in the environment when integrating between these two products.
We are system integrators. Our clients normally use it to detect vulnerabilities in terms of a lack of patches in certain systems and databases. Its console can be installed on-premise or on the Rapid7 data center.
Owner at a tech services company with 1-10 employees
Real User
2020-12-08T15:02:57Z
Dec 8, 2020
We used InsightVM mainly for vulnerability management. I thought it was a pretty interesting application. I'm a fan of Rapid7's Metasploit, so when I saw InsightVM I was like, "Let's see what else they have." I liked it up until we experienced some issues relating to scans. If I wanted to do mitigation, I needed to wait until the next scan was available or ran so that I could get to see if any indentations were made. While I was in there, if I was searching for a specific vulnerability, sometimes it was hard to find the specific ones. In the dashboard, it'll tell you the results from the scans, and it will also tell you the vulnerabilities and it will rank them for risk. I would have liked to have been able to click on the vulnerability and it would take me to another area that just has the vulnerability with all the hosts. It wouldn't let you do that. You had to come back out of that window and go into another window and search for it. Well, you wouldn't get the same results as the number of hosts. I had to work a little bit harder to find exactly what I needed. Within our organization, there were two of us using it. Both of us were IT analysts. One was an IT analyst III (which was me), and the other one was the IT analyst manager.
Director of Cyber Security (CISO) at a marketing services firm with 201-500 employees
Real User
2020-09-27T04:10:18Z
Sep 27, 2020
In our first use case, we wanted to map the solution back to our NIS (Network and Information Systems) framework and the CIS (Center for Internet Security that publishes Critical Security Controls). That is the first part. The second part of this same use case is that we wanted to do continuous vulnerability scanning. That is we wanted to scan the complete network every month at a minimum. What we are finding out in practice is that we are scanning every week because of our network and the size of it. In the end, we are able to get even more aggressive than our original position. The next use case was we wanted to identify the assets that were in our environment. We can identify how many servers we have, we have identified how many desktops and laptops we have got, et cetera. To that point is where we were looking at pretty good. Our next use case was the obvious next step where we wanted to identify vulnerabilities. That meant identifying all the vulnerabilities from critical all the way down to the low. We needed to know what they were and how many. Also, we wanted to know how many are unique versus how many there are in total. We also wanted to get away from tracking vulnerabilities on spreadsheets. It was incredibly cumbersome, incredibly hard to do, and it was not efficient. The IT guys kept telling me that they did not know how to fix certain issues. So I thought we needed to do CVSS ( Common Vulnerability Scoring System) on it. They were a bit resistant to that idea. Well, I was not about to start doing that for them. So InsightVM gives us the ability now to track the issues and communicate how the remediation should occur to fix vulnerabilities. Then the last thing is we wanted was to have a dashboard for management. We had to have a dashboard to be able to have a CIO (Chief Information Officer) log in and find out where we sit with things. Like where do we sit with remediation where are we failing to make expected progress and things of that nature. Rapid7 gave us the ability to do a lot of that, and it was not a cumbersome tool to implement. It is good and fits well with pretty much all of our use case needs. It only falls short in a couple of spots.
The primary use case of this solution is for vulnerability management. We have monthly scans and reporting. The results are in QRadar, which is our SIEM.
Infrastructure Security Architect at a comms service provider with 11-50 employees
Real User
2020-02-24T06:02:43Z
Feb 24, 2020
We use Rapid7 for our vulnerability assessment. It scans the network, identifies all of the assets that are present, and then identifies all of the vulnerabilities due to non-patching those systems. Based on that, we can generate reports and make sure that those applications or servers are patched on both the operating system and application level.
IT Security Architect at a government with 1,001-5,000 employees
Real User
2020-02-24T06:02:00Z
Feb 24, 2020
We have a few primary use cases. The main one is looking at the visibility of devices that are on our network to keep track of things as they come and go, we're looking for known vulnerabilities whether it's the operating system, network devices, mobile devices, and the like. When we find the vulnerabilities we remediate them, so it's also our job to verify that remediations have been successful. In addition, we are now beginning to get involved in setting security baselines and configuring baselines and using InsightVM to audit those configurations. We're scanning about 6,000 devices. There are about 4,000 users in our environment, they are all IT staff. We also have technical leads from our user services, which is our workstation support, mobile devices, laptops, etc. We've got our infrastructure office which is servers and cloud administration, the IT security group, which is myself, and then our network support team and network administrators as well. It means our IT leadership gets some definite value from the reporting there. The CTO, his assistant, and all the IT managers receive their information from there as well. We have one person working in maintenance, and that's not a full-time position.
Information Security Senior Expert (Founding member, African Cybersecurity Center) at a financial services firm with 10,001+ employees
Real User
2019-11-07T10:35:00Z
Nov 7, 2019
The primary use case of this solution is for critical business applications for the web. We have also implemented it to identify when we are changing and an older system like the application client-server, the server two, the network equipment like switch routers, and security solutions.
Information Security Manager at a educational organization with 5,001-10,000 employees
Real User
2018-07-29T06:51:00Z
Jul 29, 2018
Our primary use case is looking for people who are using Tor, or VPNs generally, and the only way we can see that is if they log in and then they log in in a foreign country right away, which means they're jumping on to the "escalator".
Rapid7 InsightVM is a comprehensive vulnerability management platform that protects your systems from attackers and is easy to scale. The solution provides easy access to vulnerability management, application security, detection and response, external threat intelligence, orchestration and automation, and more. Rapid7 InsightVM is ideal for security, IT, and DevOps teams, helping them reduce risk by enabling them to detect and respond to attacks quickly.
Rapid7 InsightVM Features
Rapid7...
We mainly use it for vulnerability management, generating monthly reports to address and resolve vulnerabilities. The main use cases involve receiving alerts based on predefined settings by Rapid7, investigating these alerts to understand their causes, and performing fine-tuning activities.
We'll use Rapid7 InsightVM for on-premises scanning and the virtual machine option for cloud-based environments.
I use the solution in my company for cybersecurity purposes.
With InsightVM, I continuously monitor my network by setting up regular scans to identify vulnerabilities in real-time. It IS particularly useful for focusing on customer-facing systems at our perimeter, helping me prioritize and quickly address any security risks.
We handle a lot of video equipment and Rapid7 InsightVM helps us to scan subnets, around 150,000 of them.
It's a vulnerability scanning tool utilized within the vulnerability management process. We employ it to conduct internal vulnerability assessments of company or organizational host IPs.
We use the solution for vulnerability management of our on-cloud environments.
I'm helping customers manage vulnerabilities in their organization. It's for vulnerability scanning.
I don't use this solution directly because I'm not a security admin, but my use case is checking servers against it to see what our patching penetration looks like and whether there are any vulnerabilities that need to be cleared up. We are customers of Insight VM.
Our company uses the Nexpose automation tools for validity, deactivation, assessment, and penetration testing. We can easily see if something has been exposed and manually focus on or follow main vulnerabilities. We have 28 users and a JV license key for using the solution in our offline systems on a trial basis.
The main purpose for using Rapid7 InsightVM is vulnerability management and visibility.
The primary use case of the solution is for network monitoring.
We primarily use the solution for vulnerability management and monitoring the progress of the remediation process.
We primarily use the solution for vulnerability management.
InsightVM is mainly used for vulnerability management.
I use InsightVM for vulnerability scanning, to follow up that patching is done properly, and to control operational teams and ensure they're doing their job.
There are so many cases for InsightVM. It's used for customers that need the ICS compiler or if they need users to work from home right now. It allows them to manage assets from anywhere.
We implemented it to scan all the assets. In terms of deployment, in my previous organization, it was deployed on-prem, but in my current organization, it is on the cloud.
The main use cases of Rapid7 InsightVM are finding configuration vulnerability checks and patching recommendations. These two are the main use cases that everybody's looking for.
We are using Rapid7 InsightVM to have a vulnerability assessment solution in our organization to overcome the audit points.
We use it for vulnerability scanning.
We use Rapid7 InsightVM mostly for VM management.
We use a hybrid setup. Some dashboards and configurations are uploaded to the Cloud, and some of them are on-premises. The main engine is on-premises. We have about 12 customers and some of them are big companies.
We are using InsightVM for vulnerability management services. We use it for providing professional services to our customers, and we also use it for our internal use. We do on-premises and cloud deployments.
The solution is similar to Tenable, but Rapid7 also comes with Insight - Detection and Response, which integrates with InsightVM. This alerts the customer in the event of an attack or updates him about the status of a vulnerability. The solution provides increased visibility in the environment when integrating between these two products.
I primarily using Rapid7 for vulnerability assessment and reporting.
We are system integrators. Our clients normally use it to detect vulnerabilities in terms of a lack of patches in certain systems and databases. Its console can be installed on-premise or on the Rapid7 data center.
We used InsightVM mainly for vulnerability management. I thought it was a pretty interesting application. I'm a fan of Rapid7's Metasploit, so when I saw InsightVM I was like, "Let's see what else they have." I liked it up until we experienced some issues relating to scans. If I wanted to do mitigation, I needed to wait until the next scan was available or ran so that I could get to see if any indentations were made. While I was in there, if I was searching for a specific vulnerability, sometimes it was hard to find the specific ones. In the dashboard, it'll tell you the results from the scans, and it will also tell you the vulnerabilities and it will rank them for risk. I would have liked to have been able to click on the vulnerability and it would take me to another area that just has the vulnerability with all the hosts. It wouldn't let you do that. You had to come back out of that window and go into another window and search for it. Well, you wouldn't get the same results as the number of hosts. I had to work a little bit harder to find exactly what I needed. Within our organization, there were two of us using it. Both of us were IT analysts. One was an IT analyst III (which was me), and the other one was the IT analyst manager.
In our first use case, we wanted to map the solution back to our NIS (Network and Information Systems) framework and the CIS (Center for Internet Security that publishes Critical Security Controls). That is the first part. The second part of this same use case is that we wanted to do continuous vulnerability scanning. That is we wanted to scan the complete network every month at a minimum. What we are finding out in practice is that we are scanning every week because of our network and the size of it. In the end, we are able to get even more aggressive than our original position. The next use case was we wanted to identify the assets that were in our environment. We can identify how many servers we have, we have identified how many desktops and laptops we have got, et cetera. To that point is where we were looking at pretty good. Our next use case was the obvious next step where we wanted to identify vulnerabilities. That meant identifying all the vulnerabilities from critical all the way down to the low. We needed to know what they were and how many. Also, we wanted to know how many are unique versus how many there are in total. We also wanted to get away from tracking vulnerabilities on spreadsheets. It was incredibly cumbersome, incredibly hard to do, and it was not efficient. The IT guys kept telling me that they did not know how to fix certain issues. So I thought we needed to do CVSS ( Common Vulnerability Scoring System) on it. They were a bit resistant to that idea. Well, I was not about to start doing that for them. So InsightVM gives us the ability now to track the issues and communicate how the remediation should occur to fix vulnerabilities. Then the last thing is we wanted was to have a dashboard for management. We had to have a dashboard to be able to have a CIO (Chief Information Officer) log in and find out where we sit with things. Like where do we sit with remediation where are we failing to make expected progress and things of that nature. Rapid7 gave us the ability to do a lot of that, and it was not a cumbersome tool to implement. It is good and fits well with pretty much all of our use case needs. It only falls short in a couple of spots.
The primary use is to protect against cybersecurity attacks in your digital infrastructure. One example of such an attack is credential-grabbing.
The solution is primarily used for vulnerability management, specifically vulnerability scanning of the endpoint devices.
We use the solution to scan our internal OS and applications.
The primary use case of this solution is for vulnerability management. We have monthly scans and reporting. The results are in QRadar, which is our SIEM.
We use Rapid7 for our vulnerability assessment. It scans the network, identifies all of the assets that are present, and then identifies all of the vulnerabilities due to non-patching those systems. Based on that, we can generate reports and make sure that those applications or servers are patched on both the operating system and application level.
We have a few primary use cases. The main one is looking at the visibility of devices that are on our network to keep track of things as they come and go, we're looking for known vulnerabilities whether it's the operating system, network devices, mobile devices, and the like. When we find the vulnerabilities we remediate them, so it's also our job to verify that remediations have been successful. In addition, we are now beginning to get involved in setting security baselines and configuring baselines and using InsightVM to audit those configurations. We're scanning about 6,000 devices. There are about 4,000 users in our environment, they are all IT staff. We also have technical leads from our user services, which is our workstation support, mobile devices, laptops, etc. We've got our infrastructure office which is servers and cloud administration, the IT security group, which is myself, and then our network support team and network administrators as well. It means our IT leadership gets some definite value from the reporting there. The CTO, his assistant, and all the IT managers receive their information from there as well. We have one person working in maintenance, and that's not a full-time position.
We are using the solution for configuration review and vulnerability management. I am using the latest version.
The primary use case of this solution is for critical business applications for the web. We have also implemented it to identify when we are changing and an older system like the application client-server, the server two, the network equipment like switch routers, and security solutions.
Our primary use case for this solution is to gain insight into internal systems vulnerabilities and remediation tasks.
It is basically used for scanning.
Our primary use case is looking for people who are using Tor, or VPNs generally, and the only way we can see that is if they log in and then they log in in a foreign country right away, which means they're jumping on to the "escalator".