Rapid7 InsightVM Reviews

We primarily use the solution for scanning. It will support the agent and collect scanning information on particular hotspots. 

We like that you can create your own inputs using the chat.

The integration capabilities are good.

It has good reporting.

We can create our own templates.

The dashboard is very easy to use for customers. 

The firewall could be better.

We've had struggles with new scanning on Cisco routers. We have to do a lot of troubleshooting. The authentication scan is not working. 

We'd like better risk levels for assets in terms of reporting. 

I've been using the solution since 2019. I've only used it for a few years at this point. 

The solution is quite stable. It's reliable. There are no bugs or glitches. It doesn't crash or freeze. I'd rate the stability eight out of ten. 

The solution is scalable. It offers pretty high scalability. I'd rate it nine out of ten. 

Our clients are medium to large-scale businesses. 

The initial setup is very easy. It is very customizable and easy to understand. 

I'm not sure how long the deployment took. The POC took about 30 days to allow the clients to try it out. We requested a POC to test out some use cases. 

I'm a reseller. 

I'm not sure which version of the solution I'm using. It might be version six or seven. 

I'd recommend the solution to others. 

I would rate the solution eight out of ten. 

Private Cloud

Other

Our primary use case is looking for people who are using Tor, or VPNs generally, and the only way we can see that is if they log in and then they log in in a foreign country right away, which means they're jumping on to the "escalator".

We really didn't have any visibility at all and now we do. It's like night and day.

NeXpose is a pretty good vulnerability scanner, good enough. There's a nice dashboard and it's a pretty cool SIEM.

We could always have a cheaper price, but other than that it's pretty good stuff.

Also, if they’d expand their product line, that would be good, and they are doing so, but they're not done yet.

Stability is rock solid.

We're at a pretty big scale already. I don't expect us to get any bigger and it's handling our scale now. If anything, we’ll probably shrink.

We're a school district and, in this area, there are three big districts, and they have open enrollment. We're not on the marketing end of our school district. If the marketing doesn't do well, we’ll shrink.

Tech support is satisfactory.

Last year got a new person in the position of information security officer, and he brought the news with him.

We went with NeXpose because we wanted to get as many products as we could from the same vendor. A full suite would have been fantastic, but that doesn't exist yet. Rapid7 had the vulnerability scanner, the penetration testing, and the SIEM, and the web app evaluator. They're adding other things. They acquired another company recently that will benefit us if we get that product. It's the all-in-one works we like.

My most important criterion when selecting a vendor is that they have to have a purchasing vehicle that is approved for school districts. It's harder than it sounds. We can't just say, "We want that, send us a bill."

It's easy to install.

We started with SentinelOne, we looked at CrowdStrike, we looked at Red Canary. The funny thing was, Red Canary was just remarketing CrowdStrike, or something like that. It got to a point where I realized these weren’t additional vendors. They were just additional packagers of the same solution.

Take a test drive. If you don't test drive it, how do you know you're going to like it or if it even works. Would you buy a car without test driving it? Absolutely not. In this case, it’s a sales contract. It's a service for one to three years. Backing out of it is pretty much impossible.

I rate it at eight out of 10. It just works. We haven't had any trouble with it. We've had good support. What's not to like? But it's an eight because the software that can be purchased is not the ultimate software. It's hard to give anybody a 10.

We primarily use the solution for vulnerability management and monitoring the progress of the remediation process.

The remediation feature has been quite useful. 

It's easy to set up the solution. 

It's stable.

The solution scales well.

The solution isn't missing any features, and I haven't noticed any shortcomings. 

There was functionality present previously, however, currently, we can't integrate directly with Jira Service Desk - only the cloud version. That, or we must share to the internet on-prem Jira Service Desk. It's not easy for us since we use only the on-prem Service Desk service, and we don't straight to the internet for our service.

InsightVM can only directly connect to the internet. So, we can't use this integration and send tasks to our technical team from InsightVM. We, therefore, need better integration with Jira Service Desk. 

The stability has been good overall. I would rate it five out of five in terms of reliability. The performance is good. There are no bugs or glitches, and it doesn't crash or freeze. 

The solution is suitable for big or small organizations. We have clients of different sizes using the product. 

It's used at the engineering level, with security and administrators using it regularly.

I'd rate it five out of five in terms of the ease of scaling. 

The solution is straightforward to set up. I'd rate it four out of five in terms of ease of implementation. 

We have one or two team members that can set up the solution. 

How long it takes to deploy depends on the customer. For a small customer, it's less than one month or sometimes two weeks. For a big customer with many assets and services, it takes two or three months to deploy.

We only need to have one or two people on hand to handle maintenance tasks. 

The solution is not overly expensive.

We use this solution for our clients.

We're dealing with the latest version of the product.

InsightVM is a solution based on on-prem infrastructure connected to the cloud service, so it's a hybrid solution.

Overall, it's a nice tool. 

I'd rate the solution nine out of ten. 

Hybrid Cloud

We are using Rapid7 InsightVM to have a vulnerability assessment solution in our organization to overcome the audit points.

We are at the stage where we are deciding if the solution will be useful for us or not.

We generate the reports for our IT sessions and try to take the recommended actions. After the action is made, we generate another report to check if this action covers the vulnerability points or not.

The reports in Rapid7 InsightVM are useful when compared to competitors.

Rapid7 InsightVM could be easier to use for those who are using it for the first time.

The updates should be fixed in the next release.

I have been using Rapid7 InsightVM for a few months.

The stability of Rapid7 InsightVM has been fine in the three months we have used it.

We are using a virtual environment with Rapid7 InsightVM and we can expand it if we want.

We have approximately three people using this solution in my company. We use the solution weekly or monthly. We would increase the use of the solution if our tests go well.

The support that we are receiving at this time is from our partner who handles the issue with the vendor if needed.

The initial setup was not straightforward because it was our first time doing it.

We did a POC first and this took us two months to make the environment. After we received the license we went into production.

We had a partner help us with the implementation of Rapid7 InsightVM.

We have an IT department that does the maintenance and support of Rapid7 InsightVM.

We have an annual license to use Rapid7 InsightVM and if we want to extend it, we will possibly choose more than one year.

I recommend this solution to others and for them to use a partner for the implementation. It can be difficult for the first time.

I rate Rapid7 InsightVM an eight out of ten.

On-premises

The primary use case of this solution is for vulnerability management.

We have monthly scans and reporting. The results are in QRadar, which is our SIEM.

This solution is very easy to use and easy to install.

It has nice features.

It would be nice to have an additional feature that would provide reports on who has logged onto the console or who did what on the console. I don't have the time to log onto the console and use SSH to go through the logs. 

We have some users with certain privileges, and sometimes they do things that I don't like.  This is why it would be nice to have an easy way to report what is in the logs.

In the next release, I would like to see reporting added to the console. It would be helpful to have reports to tell you who did what, who created reports, who created groups or who created tags.

I have been working with this solution for five years.

The stability is good. I am running it on Linux and from that point of view, Linux is stable.

We are using this solution daily. 

This solution is easy to scale. 

I am working at Triglav Group which is the leading insurance-financial group in Slovenia and
in the Adria region and one of the leading groups in South-East Europe

Triglav Group operates together with its subsidiaries and associated companies on seven markets and in six countries.

We use with two consoles, one is international for subdiraies and other is for the Slovenia all thogether we have 15 scan engines on locations.

Approximately a year ago, we had an issue with the dashboard. We contacted technical support to ask a question. Unfortunately, we were not able to resolve the issue that we were having. It could have been something in our network, but we don't know. It was not a big issue.

The technical support is good, they do give you answers and they are pretty quick.

The initial setup was easy and straightforward.

I deployed this solution. It took a couple of days with ten engines.

We did not use a vendor or integrator to implement this solution. We have five thousand people in this firm and I am the only one in technical team. 

My advice would be to just use it. 

As a whole, it's a pretty good product. I don't have any problem with it.

If they had the audit reporting then I would rate it a ten out of ten, but as it is now, I would rate this solution a nine out of then.

On-premises

We primarily use the solution for vulnerability management.

From a scanning perspective, it’s great. The customization associated with each and every scan is very good. It actually provides functionality from a CIS control perspective as well.

It is easy to deploy.

The product is scalable.

The solution is very stable.

The reporting could be better.

We do not need any additional features.

I’ve been using the solution for two years.

The solution is very stable. The reliability is good. There are no bugs or glitches. It doesn’t crash or freeze.

The solution is absolutely scalable.

From a footprint perspective, there are about 780 servers. In totality, there's a license entitlement for about 1000 clients.

Technical support has been accurate.

Neutral

The solution is straightforward to set up and simple to deploy. It’s not overly complex. We only need one technical person to handle the setup process.

How long it takes to deploy depends on multiple instances whereby multiple factors, depending on client, on-prem, et cetera. Your average deployment time would be anything from three to five days.

As partners, we can handle the implementation.

The ROI is fair to mild.

The licensing is market-related.

The cost depends on the number of assets per annum.

It is very flexible. What's nice about it is, from a client's perspective, the environment can either grow and you can chew up, or it can shrink, and it meets whatever needs you have.

The licensing includes technical support.

We’re partners.

We’re always using the latest version of the solution.

There's a mix of deployments. There's an on-prem deployment in certain customer areas. However, there's also a cloud deployment from the MSSV point of view as well.

The scanner is always on-prem. The majority of the scanners that we've deployed are on-prem. Although some of the consoles are selling cloud-deployed, other consoles would be on-prem.

I’d rate the solution seven out of ten.

Public Cloud

Amazon Web Services (AWS)

We use a hybrid setup. Some dashboards and configurations are uploaded to the Cloud, and some of them are on-premises. The main engine is on-premises. We have about 12 customers and some of them are big companies. 

There are a few main features that we are very happy with. Using Rapid7, we can install a scan engine, we can do our VPN connections, and we can conduct internal scans of remote sites. We prefer the web application. It's smarter and more accurate from an application perspective.

The integration with other solutions like JIRA could be better. Perhaps there could be some additional updates in the next phase that could integrate with it, so then you can proceed with the VT much easier.

I've been using Rapid7 for about two years.

From a scalability standpoint, it's good because they give you around 100%. If you want to increase your asset counts, for example, they give you permission for 100% above the limit that you pay for.

Their support is very good. Technical support varies from person to person. Some cases have taken some time, but once it was escalated, everything was done well and the problem was solved. We've had some cases involving integration, remote sites, and some special configurations. They provided us with some support on all that.  

It's straightforward. Everything is like setting up Lego cubes. It doesn't take much time to deploy. The first deployment may take around an hour or two.

The license could be a little bit cheaper. For all these features, you would expect to pay a little bit lower but around the same general price. Licenses are paid yearly. For some customers, we pay two years at a time, but mostly it's yearly.

I would rate it nine out of 10.

Hybrid Cloud

We use this solution for our internal server for scanning. We can scan for vulnerabilities and locate them.

We also generate reports for the patching team. We assign tasks to the patching team.

It's a relevant management tool. 

It has some useful automation features. The report generating and the scanning are very helpful.

It would be very helpful to have integration. There are many plugins that can be used for tasks that would help the visibility and be able to locate the exact problem.

I would like to see more integration. 

I would also like to see more flexibility when scheduling the scans. We should be able to schedule scans when we want them to be scheduled. Currently, they have to be scheduled before a certain day of the week.

I have been using Rapid7 InsightVm for six months during my internship.

Rapid7 InsightVM is a stable product.

We have no issues with the scalability of this solution. We have a vulnerability management team of four who are using it, and in our organization, we have approximately 20 people, including management.

Technical support is good.

I have used Tenable Nessus previously for my personal projects. I used it for scanning for my projects in college.

I was not involved in the installation. It was already installed previously.

Licensing fees are paid on a yearly basis.

I would recommend this solution to others, but more integration features would be more helpful.

I would rate Rapid7 InsightVM an eight out of ten.

On-premises