Rapid7 InsightVM Reviews

I use InsightVM for vulnerability scanning, to follow up that patching is done properly, and to control operational teams and ensure they're doing their job.

InsightVM lets me scan our environments and ensure that our operational teams are on top of patching.

InsightVM's best features are the vulnerability database and remediation steps.

InsightVM is getting a little stale and is in danger of falling behind its competitors. It's also becoming more complicated, and I prefer it to be kept simple. Its cloud coverage could also be stepped up.

I've been using InsightVM for ten years.

Insight VM is very stable.

There used to be some problems with scaling InsightVM, but those limitations have been removed in newer versions.

Rapid7's technical support is brilliant, responsive, and professional.

The initial setup was very easy and took a day to complete. I would rate the setup process five out of five.

We used an in-house team.

Having a vulnerability scanner has saved us from cyber attacks a number of times, so we've gotten good ROI from Insight VM. I'd rate our ROI as five out of five.

InsightVM is an expensive product, especially compared to its competitors, at around a million NOK per year. Support is included in the license for no extra cost. I would rate their pricing at one out of five.

InsightVM has integration with Kubernetes, which no other solution has. I would give Insight VM a rating of eight out of ten.

There are so many cases for InsightVM. It's used for customers that need the ICS compiler or if they need users to work from home right now. It allows them to manage assets from anywhere. 

Using active scan is good.

If you have a history with the solution, the initial setup is easy.

The solution is stable and reliable.

It's very scalable.

The agent must be covered if the customer wants to do a combined thing. InsightVM cannot do that if they are using an agent. We'd like the agent to cover more compliance issues.

I've been using the solution for three or four years. 

The product is stable. There aren't bugs or glitches. It doesn't crash or freeze. It's reliable and the performance is good.

If you want to scan more than 1,000 assets, then we need to show the requirement first. It will use the server with maximum CPU, and maximum RAM. The scalability is quite higher than on the previous one we used. It keeps getting better.

Typically, the initial setup is easy. If a user has the experience, it is straightforward. However, if we work together with an organization that has never used it before, there's more configuration that needs to be done.

We're working with the latest version of the solution, however, I cannot recall the exact version number.

While our clients are using a hybrid cloud, the customers still need to install on-premise. Your console right now is like a dashboard; it's moved to the cloud.

I'd advise users to try the solution. If they are using InsightVM they will be able to quickly understand what the vulnerabilities are on their assets.

I'd rate the solution eight out of ten.

One of the most valuable features is it's graphical dashboard feature. It is quite easy to manage the widgets, and we can customize those according to our queries.

The other most valuable feature is that we can integrate Rapid7 InsightVM with JIRA. If a vulnerability in our services or server is found, it directly connects with JIRA and will assign a ticket. We can then share that with our development team or infrastructure team. Within a team, we can share it and assign the ticket, and we can smoothly do the mitigation process.

Also, InsightVM has an image container that can be utilized via a CI/CD pipeline. We can directly integrate with building tools, and we can have vulnerability assessment throughout the development life cycle.

Rapid7's initiative Project Sonar digs out the vulnerabilities arising all over the world and sends feedback to the systems. They then immediately update their databases and begin mitigation processes.

Within InsightVM, there is no feature to assign a ticket. If we can have more API calls, we can do that from InsightVM.

There is room for improvement when it comes to JIRA integration. If they can collaborate with the JIRA team, then it will be easier for people to use it.

If we can configure and define more features such as the critical elite level through InsightVM, it would be better.

I would prefer to have vulnerability assessment with more features, like code analysis, code coverage, etc.

I would also prefer to have a method of custom image analysis for assessment.

In the SDLC (software development lifecycle), if we could easily integrate with a particular lifecycle, then we could have more descriptive reports.

I have worked with this solution for two years now.

It is definitely stable.

The scalability is quite good. We can increase the number of assets by paying either onsite or online. Also, we have an onsite engine, and we can install it in our cloud or AWS cloud, for instance.

The technical support team has answered our questions within a couple of hours. They have provided precise answers so far to all the questions we have asked them.

The initial setup was an easy task because we have a Linux server installed.

InsightVM has a framework that's very interesting, and they have very detailed documentation. They have step-by-step directions for the installation process, and we can download them from their site. This means that anyone can easily install it and configure it.

The harder part is writing the queries. We need to have knowledge of InsightVM and how queries, assets, and conditional formats occur. Extensive knowledge can be valuable at this stage of the process.

Pricing is reasonable because we pay according to asset usage. We can define our assets and sites according to our preference.

I recommend doing a comparison of Qualys, Rapid7, and Nessus. Because the scope is different from company to company and cluster to cluster, it would be good to research each product and decide according to your needs.

If I were to rate Rapid7 InsightVM, I would rate it at seven on a scale from one to ten.

It's a vulnerability scanning tool utilized within the vulnerability management process. We employ it to conduct internal vulnerability assessments of company or organizational host IPs.

It aids in enhancing the overall security posture within our organization. It uncovered numerous vulnerabilities that had been overlooked, which was quite beneficial.

The most valuable features are its reporting capabilities and the host discovery functionality.

The primary issue I encountered initially with this tool was related to configuration. There is a significant learning curve, that non-technical individuals, especially those not specialized in computer science or the information security industry, might face.

I have been working with it for six months.

I am satisfied with the stability provided.

The initial setup went smoothly, but after completing it, I encountered difficulties when attempting to use features like the dashboard and the scan now option. Specifically, I faced challenges with scanning the host, which proved to be quite frustrating.

The initial setup wasn't overly difficult, so it took me around one to two days due to troubleshooting issues. Overall deployment took about two to three days in total.

I highly recommend Rapid7 as my experience with it is very positive. Overall, I would rate it eight out of ten.

We use Rapid7 InsightVM to increase vulnerability scanning, which is why we tried Qualys as well.

This solution's most useful feature is that it is entirely a single-page application.

The UI is both professional and user-friendly.

The drawback is that it is still not a fully SaaS solution, so you have to deploy a console.

I have been working with Rapid7 InsightVM for six weeks.

Rapid7 InsightVM is stable.

Rapid7 InsightVM is a scalable solution.

We have two dedicated technicians to assist us.

We are also testing Qualys. If you look at both options, I believe they are the same. Both are in the top market leader position.

Both tools have the same features. The most essential consideration in choosing one of those two experiences with it and whether it fits inside your business.

I can't decide, we are still in the comparison phases.

It is very easy to set up.

It can be deployed in a matter of weeks.

It is pretty expensive. It depends on what you consider pricey, however, if you only look at vulnerability management solutions, such as within VM or VMDR, there are, I suppose the prices are almost the same. But I believe you will discover that for yourself.

Experiment with it and gain some experience with it.

I would rate Rapid7 InsightVM an eight out of ten.

We primarily use the solution for vulnerability management and monitoring the progress of the remediation process.

The remediation feature has been quite useful. 

It's easy to set up the solution. 

It's stable.

The solution scales well.

The solution isn't missing any features, and I haven't noticed any shortcomings. 

There was functionality present previously, however, currently, we can't integrate directly with Jira Service Desk - only the cloud version. That, or we must share to the internet on-prem Jira Service Desk. It's not easy for us since we use only the on-prem Service Desk service, and we don't straight to the internet for our service.

InsightVM can only directly connect to the internet. So, we can't use this integration and send tasks to our technical team from InsightVM. We, therefore, need better integration with Jira Service Desk. 

The stability has been good overall. I would rate it five out of five in terms of reliability. The performance is good. There are no bugs or glitches, and it doesn't crash or freeze. 

The solution is suitable for big or small organizations. We have clients of different sizes using the product. 

It's used at the engineering level, with security and administrators using it regularly.

I'd rate it five out of five in terms of the ease of scaling. 

The solution is straightforward to set up. I'd rate it four out of five in terms of ease of implementation. 

We have one or two team members that can set up the solution. 

How long it takes to deploy depends on the customer. For a small customer, it's less than one month or sometimes two weeks. For a big customer with many assets and services, it takes two or three months to deploy.

We only need to have one or two people on hand to handle maintenance tasks. 

The solution is not overly expensive.

We use this solution for our clients.

We're dealing with the latest version of the product.

InsightVM is a solution based on on-prem infrastructure connected to the cloud service, so it's a hybrid solution.

Overall, it's a nice tool. 

I'd rate the solution nine out of ten. 

A big vulnerability was discovered last year for jshell. We got a lot of questions from our customers about which services are vulnerable. We could give an answer in just a few minutes to the customers and also warn them.

The risk score that they provide makes it easier to find out the biggest risks. It helped the security officers to understand where the biggest risks are so that they can act on them. They can instruct their IT teams to give them a higher priority and mitigate them.

It is still not a fully cloud-based solution. It will be helpful for customers if it is a complete cloud solution. It is a hybrid solution at the moment.

I have been working with this solution for two years. It is a cloud solution, and I have been using its latest version.

It is definitely stable.

It is made for scalability. We use it to monitor our own company with 250 users. Day-to-day, three people are monitoring the environment.

It is perfect. I would rate them a nine out of ten.

Positive

It was straightforward. It took a couple of hours. I would rate it a nine out of ten in terms of ease of setup.

In terms of maintenance, it is all self-updating.

It is difficult to estimate the ROI. For our management, it is a really important tool. It helps us to understand if something is not going perfectly. 

Its licensing is yearly. Everything is included in the price for one year.

We checked other solutions. We went for it because it has a cloud platform inside, which integrates with our SIEM solution, and it has many more capabilities than other products.

I would advise others to make sure that every asset in the environment is monitored by the tool. I see many customers who think they have full coverage of all assets, but they are missing a part of the network. In such a case, they will get an incorrect understanding of their security.

I would rate this solution a nine out of ten.

We primarily use the solution for vulnerability management.

From a scanning perspective, it’s great. The customization associated with each and every scan is very good. It actually provides functionality from a CIS control perspective as well.

It is easy to deploy.

The product is scalable.

The solution is very stable.

The reporting could be better.

We do not need any additional features.

I’ve been using the solution for two years.

The solution is very stable. The reliability is good. There are no bugs or glitches. It doesn’t crash or freeze.

The solution is absolutely scalable.

From a footprint perspective, there are about 780 servers. In totality, there's a license entitlement for about 1000 clients.

Technical support has been accurate.

Neutral

The solution is straightforward to set up and simple to deploy. It’s not overly complex. We only need one technical person to handle the setup process.

How long it takes to deploy depends on multiple instances whereby multiple factors, depending on client, on-prem, et cetera. Your average deployment time would be anything from three to five days.

As partners, we can handle the implementation.

The ROI is fair to mild.

The licensing is market-related.

The cost depends on the number of assets per annum.

It is very flexible. What's nice about it is, from a client's perspective, the environment can either grow and you can chew up, or it can shrink, and it meets whatever needs you have.

The licensing includes technical support.

We’re partners.

We’re always using the latest version of the solution.

There's a mix of deployments. There's an on-prem deployment in certain customer areas. However, there's also a cloud deployment from the MSSV point of view as well.

The scanner is always on-prem. The majority of the scanners that we've deployed are on-prem. Although some of the consoles are selling cloud-deployed, other consoles would be on-prem.

I’d rate the solution seven out of ten.