Rapid7 InsightVM Reviews

I don't use this solution directly because I'm not a security admin, but my use case is checking servers against it to see what our patching penetration looks like and whether there are any vulnerabilities that need to be cleared up. We are customers of Insight VM.

One of the great features is reporting where you know exactly what the solution has found, and you're also provided with a resolution to any problem. It's great. I also like the fact that it can go through and scan not just the Windows server but also all the Linux boxes. The same applies to Unix boxes which provide a full report regarding vulnerabilities that need to be rectified or packages that need to be applied. 

There are some issues with how it scans patches. Sometimes one patch will have been superseded by another but it won't see that, because one little key hasn't changed. 

I've been using this solution for several years. 

It's a scanning system, so of course there are resource issues. That said, it's a stable solution. 

Scalability is good; it has supported all of our servers from Windows to Linux, and does it rather well. 

I recommend reviewing the documentation and studying the built-in reports because they are a valuable resource. It's a great product that reports everything that's wrong with a system, providing detailed and high-level reports. 

I rate the solution nine out of 10. 

We'll use Rapid7 InsightVM for on-premises scanning and the virtual machine option for cloud-based environments.

It is a good tool for comprehensive risk management, including prioritization and remediation.

It is a great endpoint agent. It gives you reliable information about that infrastructure and offers strong accuracy for risk management. However, unlike other management tools that have improved precision testing, InsightVM requires an additional purchase for full access to some of its advanced features.

Other solutions, like Cisco, have strengths, but Rapid7 InsightVM has some solid features, such as the RapidServer Active Response, the ability to create endpoint agents, and a live dashboard. However, the main concern is the system's reliability. For instance, during a scan on an Ubuntu machine, the system mistakenly identified the OS as Windows. This kind of inaccuracy is problematic.

I have been using Rapid7 InsightVM for a year. 

The response takes some time.

Neutral

Rapid7 is a bit expensive.

Tenable has 20% lower pricing and includes built-in web application testing, which gives it an advantage over Rapid7 InsightVM.

I recommend Tennable for small and Rapid for big enterprises.

Overall, I rate the solution an eight out of ten.

We use the solution for vulnerability management. We perform scanning and security patching in selected network zones utilizing it.

The solution's most valuable features are the simplicity of use, identifying vulnerable assets, and the ability to create remediation projects.

They should integrate the solution with multiple products along with ServiceNow.

We have been using the solution for two or three months.

I rate the solution's stability as an eight.

We have a few tens of users of the solution. They include IT specialists, engineers, and administrators. We can easily install scan engines in different zones of our network. But, we face difficulties pairing the scan engines to the management console. 

I rate the solution's scalability as an eight.

The vendor team helps us install the solution.

The solution's pricing depends on the number of users per month as per our contract. We have a limit of scanning around 4000 appliances. It covers a sufficient scope regarding our requirements.

The solution works well. I recommend it to others and rate it as an eight.

Our company uses the solution to discover, identify, and patch vulnerabilities or disable certain services. The solution provides the patch recommendations that we implement via another tool. 

Four team members manage the solution internally and for various clients who each have fifty users. 

The solution helps to identify lots of misconfigurations, flaws, or security risks. Anything insecure is exposed easily. 

The solution is automatically scheduled so it runs by itself. 

The solution should include a tighter integration with third-party threat modeling and threat intelligence tools. Rapid7 is the solution's own threat intelligence platform but third-party platforms would be a great addition. 

It would be nice to have patching capabilities built within the solution rather than using third-party products. 

I have been using the solution for three years. 

The solution is extremely stable. 

The solution is easily scalable with the purchase of additional licenses. 

Technical support is extremely good and we get support quite fast. Technical support is rated a ten out of ten. 

Positive

The setup is very straightforward so I rate it a ten out of ten. 

We implement the solution for customers. 

The solution is a bit more reasonably priced than other products. 

Most products in this category are similar with no real difference so it all comes down to price. 

It is important to have a strong patch management plan that prioritizes what and how you need to patch. 

The solution does the vast majority of work but you need a proper system so you can take output to your operations team for patching. A good workflow between teams is important. 

I rate the solution a ten out of ten. 

We use Rapid7 InsightVM to increase vulnerability scanning, which is why we tried Qualys as well.

This solution's most useful feature is that it is entirely a single-page application.

The UI is both professional and user-friendly.

The drawback is that it is still not a fully SaaS solution, so you have to deploy a console.

I have been working with Rapid7 InsightVM for six weeks.

Rapid7 InsightVM is stable.

Rapid7 InsightVM is a scalable solution.

We have two dedicated technicians to assist us.

We are also testing Qualys. If you look at both options, I believe they are the same. Both are in the top market leader position.

Both tools have the same features. The most essential consideration in choosing one of those two experiences with it and whether it fits inside your business.

I can't decide, we are still in the comparison phases.

It is very easy to set up.

It can be deployed in a matter of weeks.

It is pretty expensive. It depends on what you consider pricey, however, if you only look at vulnerability management solutions, such as within VM or VMDR, there are, I suppose the prices are almost the same. But I believe you will discover that for yourself.

Experiment with it and gain some experience with it.

I would rate Rapid7 InsightVM an eight out of ten.

It's a vulnerability scanning tool utilized within the vulnerability management process. We employ it to conduct internal vulnerability assessments of company or organizational host IPs.

It aids in enhancing the overall security posture within our organization. It uncovered numerous vulnerabilities that had been overlooked, which was quite beneficial.

The most valuable features are its reporting capabilities and the host discovery functionality.

The primary issue I encountered initially with this tool was related to configuration. There is a significant learning curve, that non-technical individuals, especially those not specialized in computer science or the information security industry, might face.

I have been working with it for six months.

I am satisfied with the stability provided.

The initial setup went smoothly, but after completing it, I encountered difficulties when attempting to use features like the dashboard and the scan now option. Specifically, I faced challenges with scanning the host, which proved to be quite frustrating.

The initial setup wasn't overly difficult, so it took me around one to two days due to troubleshooting issues. Overall deployment took about two to three days in total.

I highly recommend Rapid7 as my experience with it is very positive. Overall, I would rate it eight out of ten.

We primarily use the solution for scanning. It will support the agent and collect scanning information on particular hotspots. 

We like that you can create your own inputs using the chat.

The integration capabilities are good.

It has good reporting.

We can create our own templates.

The dashboard is very easy to use for customers. 

The firewall could be better.

We've had struggles with new scanning on Cisco routers. We have to do a lot of troubleshooting. The authentication scan is not working. 

We'd like better risk levels for assets in terms of reporting. 

I've been using the solution since 2019. I've only used it for a few years at this point. 

The solution is quite stable. It's reliable. There are no bugs or glitches. It doesn't crash or freeze. I'd rate the stability eight out of ten. 

The solution is scalable. It offers pretty high scalability. I'd rate it nine out of ten. 

Our clients are medium to large-scale businesses. 

The initial setup is very easy. It is very customizable and easy to understand. 

I'm not sure how long the deployment took. The POC took about 30 days to allow the clients to try it out. We requested a POC to test out some use cases. 

I'm a reseller. 

I'm not sure which version of the solution I'm using. It might be version six or seven. 

I'd recommend the solution to others. 

I would rate the solution eight out of ten. 

We primarily use the solution for vulnerability management and monitoring the progress of the remediation process.

The remediation feature has been quite useful. 

It's easy to set up the solution. 

It's stable.

The solution scales well.

The solution isn't missing any features, and I haven't noticed any shortcomings. 

There was functionality present previously, however, currently, we can't integrate directly with Jira Service Desk - only the cloud version. That, or we must share to the internet on-prem Jira Service Desk. It's not easy for us since we use only the on-prem Service Desk service, and we don't straight to the internet for our service.

InsightVM can only directly connect to the internet. So, we can't use this integration and send tasks to our technical team from InsightVM. We, therefore, need better integration with Jira Service Desk. 

The stability has been good overall. I would rate it five out of five in terms of reliability. The performance is good. There are no bugs or glitches, and it doesn't crash or freeze. 

The solution is suitable for big or small organizations. We have clients of different sizes using the product. 

It's used at the engineering level, with security and administrators using it regularly.

I'd rate it five out of five in terms of the ease of scaling. 

The solution is straightforward to set up. I'd rate it four out of five in terms of ease of implementation. 

We have one or two team members that can set up the solution. 

How long it takes to deploy depends on the customer. For a small customer, it's less than one month or sometimes two weeks. For a big customer with many assets and services, it takes two or three months to deploy.

We only need to have one or two people on hand to handle maintenance tasks. 

The solution is not overly expensive.

We use this solution for our clients.

We're dealing with the latest version of the product.

InsightVM is a solution based on on-prem infrastructure connected to the cloud service, so it's a hybrid solution.

Overall, it's a nice tool. 

I'd rate the solution nine out of ten.