Rapid7 InsightVM Reviews

I use InsightVM for vulnerability scanning, to follow up that patching is done properly, and to control operational teams and ensure they're doing their job.

InsightVM lets me scan our environments and ensure that our operational teams are on top of patching.

InsightVM's best features are the vulnerability database and remediation steps.

InsightVM is getting a little stale and is in danger of falling behind its competitors. It's also becoming more complicated, and I prefer it to be kept simple. Its cloud coverage could also be stepped up.

I've been using InsightVM for ten years.

Insight VM is very stable.

There used to be some problems with scaling InsightVM, but those limitations have been removed in newer versions.

Rapid7's technical support is brilliant, responsive, and professional.

Positive

The initial setup was very easy and took a day to complete. I would rate the setup process five out of five.

We used an in-house team.

Having a vulnerability scanner has saved us from cyber attacks a number of times, so we've gotten good ROI from Insight VM. I'd rate our ROI as five out of five.

InsightVM is an expensive product, especially compared to its competitors, at around a million NOK per year. Support is included in the license for no extra cost. I would rate their pricing at one out of five.

InsightVM has integration with Kubernetes, which no other solution has. I would give Insight VM a rating of eight out of ten.

Their channel program and the process of their deal registration could be improved.

Some of our customers want to be completely cloud based, and Rapid7 doesn't offer this as an option. 

I have used this solution for one year. 

This solution is fairly stable.

This is a scalable solution suitable for large environments. 

We initially worked with Qualys and found that Qualys has a better reputation but it is expensive. Companies with bigger budgets and who would like a cloud solution, usually prefer Qualys. This is also because of the product maturity and the research they provide.

The challenge with Qualys is that they do not have any distributors in Pakistan. They do not have an on-premises product, which caters more towards the enterprise accounts in Pakistan. I prefer going with Rapid7 for this reason. Rapid7 have a good distribution network with good support and market presence. 

My advice is to explore many options and look at the integrations available. My personal experience is that only implementing vulnerability management doesn't solve all of the problems. We also needed evaluator integrations that provide preventative measures.

I would rate this solution an eight out of ten. 

One of the most valuable features is it's graphical dashboard feature. It is quite easy to manage the widgets, and we can customize those according to our queries.

The other most valuable feature is that we can integrate Rapid7 InsightVM with JIRA. If a vulnerability in our services or server is found, it directly connects with JIRA and will assign a ticket. We can then share that with our development team or infrastructure team. Within a team, we can share it and assign the ticket, and we can smoothly do the mitigation process.

Also, InsightVM has an image container that can be utilized via a CI/CD pipeline. We can directly integrate with building tools, and we can have vulnerability assessment throughout the development life cycle.

Rapid7's initiative Project Sonar digs out the vulnerabilities arising all over the world and sends feedback to the systems. They then immediately update their databases and begin mitigation processes.

Within InsightVM, there is no feature to assign a ticket. If we can have more API calls, we can do that from InsightVM.

There is room for improvement when it comes to JIRA integration. If they can collaborate with the JIRA team, then it will be easier for people to use it.

If we can configure and define more features such as the critical elite level through InsightVM, it would be better.

I would prefer to have vulnerability assessment with more features, like code analysis, code coverage, etc.

I would also prefer to have a method of custom image analysis for assessment.

In the SDLC (software development lifecycle), if we could easily integrate with a particular lifecycle, then we could have more descriptive reports.

I have worked with this solution for two years now.

It is definitely stable.

The scalability is quite good. We can increase the number of assets by paying either onsite or online. Also, we have an onsite engine, and we can install it in our cloud or AWS cloud, for instance.

The technical support team has answered our questions within a couple of hours. They have provided precise answers so far to all the questions we have asked them.

The initial setup was an easy task because we have a Linux server installed.

InsightVM has a framework that's very interesting, and they have very detailed documentation. They have step-by-step directions for the installation process, and we can download them from their site. This means that anyone can easily install it and configure it.

The harder part is writing the queries. We need to have knowledge of InsightVM and how queries, assets, and conditional formats occur. Extensive knowledge can be valuable at this stage of the process.

Pricing is reasonable because we pay according to asset usage. We can define our assets and sites according to our preference.

I recommend doing a comparison of Qualys, Rapid7, and Nessus. Because the scope is different from company to company and cluster to cluster, it would be good to research each product and decide according to your needs.

If I were to rate Rapid7 InsightVM, I would rate it at seven on a scale from one to ten.

We use it for vulnerability scanning.

The feature that I have found most valuable is its dashboards.

There is room for improvement on its cloud side.

In the next release I would like to see better reporting.

I have been using Rapid7 InsightVM for seven years.

It is stable.

Rapid7 InsightVM is scalable.

In my company, it is just my team of less than five people using it.

It requires one engineer for deployment and maintenance of the solution.

We do not have plans to increase the usage of the solution in the future.

Their customer support is really bad. On a scale of 1 to 10 I would probably give it a 1.

The initial cloud setup was difficult. It took months even though we worked with their professional services.

We used a consultant to implement.

We had a good return, but it could be better.

We pay 100,000 yearly.

We are thinking about changing right now. We have always used Rapid7, but we are thinking about changing now.

My advice to anyone considering Rapid7 InsightVM is to look at the other vendors first.

On a scale of one to ten, I would give Rapid7 InsightVM a 3.

We use a hybrid setup. Some dashboards and configurations are uploaded to the Cloud, and some of them are on-premises. The main engine is on-premises. We have about 12 customers and some of them are big companies. 

There are a few main features that we are very happy with. Using Rapid7, we can install a scan engine, we can do our VPN connections, and we can conduct internal scans of remote sites. We prefer the web application. It's smarter and more accurate from an application perspective.

The integration with other solutions like JIRA could be better. Perhaps there could be some additional updates in the next phase that could integrate with it, so then you can proceed with the VT much easier.

I've been using Rapid7 for about two years.

From a scalability standpoint, it's good because they give you around 100%. If you want to increase your asset counts, for example, they give you permission for 100% above the limit that you pay for.

Their support is very good. Technical support varies from person to person. Some cases have taken some time, but once it was escalated, everything was done well and the problem was solved. We've had some cases involving integration, remote sites, and some special configurations. They provided us with some support on all that.  

It's straightforward. Everything is like setting up Lego cubes. It doesn't take much time to deploy. The first deployment may take around an hour or two.

The license could be a little bit cheaper. For all these features, you would expect to pay a little bit lower but around the same general price. Licenses are paid yearly. For some customers, we pay two years at a time, but mostly it's yearly.

I would rate it nine out of 10.

We use this solution for our internal server for scanning. We can scan for vulnerabilities and locate them.

We also generate reports for the patching team. We assign tasks to the patching team.

It's a relevant management tool. 

It has some useful automation features. The report generating and the scanning are very helpful.

It would be very helpful to have integration. There are many plugins that can be used for tasks that would help the visibility and be able to locate the exact problem.

I would like to see more integration. 

I would also like to see more flexibility when scheduling the scans. We should be able to schedule scans when we want them to be scheduled. Currently, they have to be scheduled before a certain day of the week.

I have been using Rapid7 InsightVm for six months during my internship.

Rapid7 InsightVM is a stable product.

We have no issues with the scalability of this solution. We have a vulnerability management team of four who are using it, and in our organization, we have approximately 20 people, including management.

Technical support is good.

I have used Tenable Nessus previously for my personal projects. I used it for scanning for my projects in college.

I was not involved in the installation. It was already installed previously.

Licensing fees are paid on a yearly basis.

I would recommend this solution to others, but more integration features would be more helpful.

I would rate Rapid7 InsightVM an eight out of ten.

We are using InsightVM for vulnerability management services. We use it for providing professional services to our customers, and we also use it for our internal use.

We do on-premises and cloud deployments.

I really love the new platform. It is really easy to understand, use, and deploy. 

Their support is very professional and good at troubleshooting issues.

It would be great to have a mobile application client. Currently, you have to use a mobile web browser on a device, but it is not similar to the desktop web browser in terms of user experience. It would be nice to have a mobile application to access the platform. 

It would be nice to have someone in the technical support team who speaks Italian. 

We have been in a partnership with Rapid7 for five years.

It is absolutely stable.

It is scalable. We have 40 customers who are using this solution.

Their technical support is great, but it would be nice to have someone in the technical support team who speaks Italian. 

We speak Italian with Safeguy. So, sometimes, Safeguy's technical teams also help us.

Its initial setup is easy and quick. We are typically able to deploy it in a couple of hours.

We have 15 certified and dedicated engineers to handle its deployment and maintenance.

In some cases, we procure the licenses. In some cases, the customers directly buy the license from Rapid7.

I would rate Rapid7 InsightVM a nine out of 10.

The solution is similar to Tenable, but Rapid7 also comes with Insight - Detection and Response, which integrates with InsightVM. This alerts the customer in the event of an attack or updates him about the status of a vulnerability. The solution provides increased visibility in the environment when integrating between these two products. 

All products have room for increased security and Rapid7 InsightVM is no exception. This is why I do not give a perfect score to any product on principle. 

We have been using Rapid7 InsightVM for a couple of months.

The solution is stable. 

The solution is scalable. 

We have plans to increase its usage.

I have some experience with Tenable Nessus, although I did not use it on a professional basis. 

When it comes to the process, installation is very easy and does not take long. As a matter of course, installing a VM and connecting to a portal is easy. That is all that is needed. Time-wise, this may take an hour. Once the portal and scanner are connected one can start getting the environment. 

The license is annual and this is the optimal approach when it comes to most software. 

The solution is hybrid, meaning that if installation is required it must be done on the environment itself, on-premises, the portal being cloud-based. 

The solution has very good integration, so I see no need for improvements in this regard at present. 

I have no issues with the stability, security, user interface, reporting, monitoring board or Techstar reports. These are all good. 

The documentation is quite detailed and straightforward. It is provided to me via the internet. 

Off the top of my head, I cannot think of anything needing improvement.

We have a single customer who is utilizing the solution, but he makes use of IDR, not IVM.

I would recommend the solution to others.

I rate Rapid7 InsightVM as an eight out of ten.