Rapid7 InsightVM Reviews

We'll use Rapid7 InsightVM for on-premises scanning and the virtual machine option for cloud-based environments.

It is a good tool for comprehensive risk management, including prioritization and remediation.

It is a great endpoint agent. It gives you reliable information about that infrastructure and offers strong accuracy for risk management. However, unlike other management tools that have improved precision testing, InsightVM requires an additional purchase for full access to some of its advanced features.

Other solutions, like Cisco, have strengths, but Rapid7 InsightVM has some solid features, such as the RapidServer Active Response, the ability to create endpoint agents, and a live dashboard. However, the main concern is the system's reliability. For instance, during a scan on an Ubuntu machine, the system mistakenly identified the OS as Windows. This kind of inaccuracy is problematic.

I have been using Rapid7 InsightVM for a year. 

The response takes some time.

Rapid7 is a bit expensive.

Tenable has 20% lower pricing and includes built-in web application testing, which gives it an advantage over Rapid7 InsightVM.

I recommend Tennable for small and Rapid for big enterprises.

Overall, I rate the solution an eight out of ten.

We primarily use it for inventory and vulnerability management in our environment. We also use it to identify real risks and focus on container email scanning.

The most valuable feature for me is the risk calculation based on monthly effects. It's interactive, and the risk calculation depends on various factors such as quantity, hardware, and package used.

The team needs to improve the speed and focus on the new bandwidth feed. Sometimes, it takes a while to scan, especially with new updates. So, they should update the database quickly for the scanning to work more efficiently. Additionally, they should add pack management solutions for better integration with products like Microsoft FC and IBM Bigfoot.

They need to add more features or focus on work screening, and adding pack management solutions would be great. Moreover, there is room for improvement in technical support.

I've been using it for about three years now.

It is a stable product, and I would give it a seven.

It is a scalable product. Currently, there are around 1,000 users in my company using Rapid7 InsightVM.

Customer service and support are usually responsive, but there is room for improvement in their response time. The quality of support is good.

The initial setup is simple.

Along with Rapid7 InsightVM, we use Metasploit for already scanning. We also use it for website vulnerability scanning. For vulnerability scanning, we also use solutions from Tenable Network Security. Tenable is better because of its more frequent updates. However, it may depend on the industry and the use case. For now, Nessus is better for vulnerability scanning because of its ability to quickly and accurately detect vulnerabilities. However, Rapid7's team should work on improving the capacity of InsightVM to do the same.

Overall, I would rate the solution an eight out of ten.

The main purpose for using Rapid7 InsightVM is vulnerability management and visibility.

The cost is what is most valuable. Compared to the other products on the market, the cost is more palatable. Also the functionality. 

It is a single pane of glass that I can do most things.

I see ongoing progress constantly. There isn't much opportunity to make recommendations for improvement from our end. Technology does what we want it to do.

The only issue I have with their business plan is how they interact with South African enterprises. 

They have one singular distributor that I must work with, and that is where my two points go. 

I can't interact with Rapid7 directly. I must work via the local incumbent, the distributor. And working with this third party can be tiresome at times.

Rapid7 InsightVM doesn't work with us directly. I have to work with a  distributor. If I need quotes or technical support, for example, I have to work with the distributor rather than Rapid7 InsightVM directly.

We are a registered reseller and a trusted partner. However, for us to get any support from them I can't log a call directly with Rapid7 InsightVM. I have to work with the distributor to log the call for me.

I have been working with Rapid7 InsightVM for two to three years.

We are using the latest version.

Rapid7 InsightVM is very stable. I would rate the stability a five out of five.

Rapid7 InsightVM is a scalable product. I would rate the scalability a five out of five.

We have approximately 1, 500 endpoints in our company.

It's not users, but endpoints, because the model is built around the endpoints you want to monitor. We run on around 1,500 endpoints. It is not user-specific.

One person can easily manage this solution, but we have a team of four engineers to manage our environment.

I have not contacted technical support directly.

We also use Tenable Nessus.

I am not involved with the initial setup. I have a support team that is managing that.

We deploy it depending on our client's requirements. We use it as well as our clients.

The deployment was done in-house. We do it ourselves.

We had four, and all four worked on the project. This is not to say that there is just one primary job or four main jobs. Our engineers all work as a team.

I can definitely see a return on investment.

It's good. We get the value from the product.

We purchase annual licenses.

We provide our own support. We have resources that have been certified to work on the product. It is purely the license fee.

In terms of affordability, I would rate it a three out of five.

I believe they see us as resellers because we resell it, but when we use it for professional services, they regard us as partners. They use both terms in the same sentence.

We support it.

I strongly recommend it. It's a good product. 

It's only the backend support that needs to be improved. However, there isn't very much that has room for improvement in the product right now.

They are not flawless. We have had problems here and there, but overall, I would rate Rapid7 InsightVM an eight out of ten.

We use the solution for vulnerability management. We perform scanning and security patching in selected network zones utilizing it.

The solution's most valuable features are the simplicity of use, identifying vulnerable assets, and the ability to create remediation projects.

They should integrate the solution with multiple products along with ServiceNow.

We have been using the solution for two or three months.

I rate the solution's stability as an eight.

We have a few tens of users of the solution. They include IT specialists, engineers, and administrators. We can easily install scan engines in different zones of our network. But, we face difficulties pairing the scan engines to the management console. 

I rate the solution's scalability as an eight.

The vendor team helps us install the solution.

The solution's pricing depends on the number of users per month as per our contract. We have a limit of scanning around 4000 appliances. It covers a sufficient scope regarding our requirements.

The solution works well. I recommend it to others and rate it as an eight.

I don't use this solution directly because I'm not a security admin, but my use case is checking servers against it to see what our patching penetration looks like and whether there are any vulnerabilities that need to be cleared up. We are customers of Insight VM.

One of the great features is reporting where you know exactly what the solution has found, and you're also provided with a resolution to any problem. It's great. I also like the fact that it can go through and scan not just the Windows server but also all the Linux boxes. The same applies to Unix boxes which provide a full report regarding vulnerabilities that need to be rectified or packages that need to be applied. 

There are some issues with how it scans patches. Sometimes one patch will have been superseded by another but it won't see that, because one little key hasn't changed. 

I've been using this solution for several years. 

It's a scanning system, so of course there are resource issues. That said, it's a stable solution. 

Scalability is good; it has supported all of our servers from Windows to Linux, and does it rather well. 

I recommend reviewing the documentation and studying the built-in reports because they are a valuable resource. It's a great product that reports everything that's wrong with a system, providing detailed and high-level reports. 

I rate the solution nine out of 10. 

I use InsightVM for vulnerability scanning, to follow up that patching is done properly, and to control operational teams and ensure they're doing their job.

InsightVM lets me scan our environments and ensure that our operational teams are on top of patching.

InsightVM's best features are the vulnerability database and remediation steps.

InsightVM is getting a little stale and is in danger of falling behind its competitors. It's also becoming more complicated, and I prefer it to be kept simple. Its cloud coverage could also be stepped up.

I've been using InsightVM for ten years.

Insight VM is very stable.

There used to be some problems with scaling InsightVM, but those limitations have been removed in newer versions.

Rapid7's technical support is brilliant, responsive, and professional.

Positive

The initial setup was very easy and took a day to complete. I would rate the setup process five out of five.

We used an in-house team.

Having a vulnerability scanner has saved us from cyber attacks a number of times, so we've gotten good ROI from Insight VM. I'd rate our ROI as five out of five.

InsightVM is an expensive product, especially compared to its competitors, at around a million NOK per year. Support is included in the license for no extra cost. I would rate their pricing at one out of five.

InsightVM has integration with Kubernetes, which no other solution has. I would give Insight VM a rating of eight out of ten.

There are so many cases for InsightVM. It's used for customers that need the ICS compiler or if they need users to work from home right now. It allows them to manage assets from anywhere. 

Using active scan is good.

If you have a history with the solution, the initial setup is easy.

The solution is stable and reliable.

It's very scalable.

The agent must be covered if the customer wants to do a combined thing. InsightVM cannot do that if they are using an agent. We'd like the agent to cover more compliance issues.

I've been using the solution for three or four years. 

The product is stable. There aren't bugs or glitches. It doesn't crash or freeze. It's reliable and the performance is good.

If you want to scan more than 1,000 assets, then we need to show the requirement first. It will use the server with maximum CPU, and maximum RAM. The scalability is quite higher than on the previous one we used. It keeps getting better.

Typically, the initial setup is easy. If a user has the experience, it is straightforward. However, if we work together with an organization that has never used it before, there's more configuration that needs to be done.

We're working with the latest version of the solution, however, I cannot recall the exact version number.

While our clients are using a hybrid cloud, the customers still need to install on-premise. Your console right now is like a dashboard; it's moved to the cloud.

I'd advise users to try the solution. If they are using InsightVM they will be able to quickly understand what the vulnerabilities are on their assets.

I'd rate the solution eight out of ten.

One of the most valuable features is it's graphical dashboard feature. It is quite easy to manage the widgets, and we can customize those according to our queries.

The other most valuable feature is that we can integrate Rapid7 InsightVM with JIRA. If a vulnerability in our services or server is found, it directly connects with JIRA and will assign a ticket. We can then share that with our development team or infrastructure team. Within a team, we can share it and assign the ticket, and we can smoothly do the mitigation process.

Also, InsightVM has an image container that can be utilized via a CI/CD pipeline. We can directly integrate with building tools, and we can have vulnerability assessment throughout the development life cycle.

Rapid7's initiative Project Sonar digs out the vulnerabilities arising all over the world and sends feedback to the systems. They then immediately update their databases and begin mitigation processes.

Within InsightVM, there is no feature to assign a ticket. If we can have more API calls, we can do that from InsightVM.

There is room for improvement when it comes to JIRA integration. If they can collaborate with the JIRA team, then it will be easier for people to use it.

If we can configure and define more features such as the critical elite level through InsightVM, it would be better.

I would prefer to have vulnerability assessment with more features, like code analysis, code coverage, etc.

I would also prefer to have a method of custom image analysis for assessment.

In the SDLC (software development lifecycle), if we could easily integrate with a particular lifecycle, then we could have more descriptive reports.

I have worked with this solution for two years now.

It is definitely stable.

The scalability is quite good. We can increase the number of assets by paying either onsite or online. Also, we have an onsite engine, and we can install it in our cloud or AWS cloud, for instance.

The technical support team has answered our questions within a couple of hours. They have provided precise answers so far to all the questions we have asked them.

The initial setup was an easy task because we have a Linux server installed.

InsightVM has a framework that's very interesting, and they have very detailed documentation. They have step-by-step directions for the installation process, and we can download them from their site. This means that anyone can easily install it and configure it.

The harder part is writing the queries. We need to have knowledge of InsightVM and how queries, assets, and conditional formats occur. Extensive knowledge can be valuable at this stage of the process.

Pricing is reasonable because we pay according to asset usage. We can define our assets and sites according to our preference.

I recommend doing a comparison of Qualys, Rapid7, and Nessus. Because the scope is different from company to company and cluster to cluster, it would be good to research each product and decide according to your needs.

If I were to rate Rapid7 InsightVM, I would rate it at seven on a scale from one to ten.