I primarily using Rapid7 for vulnerability assessment and reporting.
Head of Cybersecurity Assurance & Controls Director at a tech services company with 1,001-5,000 employees
Poor reporting, lacking in features, but the technical support is not bad
Pros and Cons
- "I have been in contact with technical support and they are not bad."
- "The reporting is very bad when you compare it with other vulnerability assessment tools."
What is our primary use case?
How has it helped my organization?
At this point, we are not happy with Rapid7.
What needs improvement?
The reporting is very bad when you compare it with other vulnerability assessment tools.
This product is for basic vulnerability assessments, only, and is lacking in features such as compliance, assessment, assets, inventory, and batch management.
For how long have I used the solution?
I have been using Rapid7 InsightVM for five years.
Buyer's Guide
Rapid7 InsightVM
May 2025

Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: May 2025.
851,604 professionals have used our research since 2012.
What do I think about the scalability of the solution?
I would say that the scalability is 50-50. It does not offer much in terms of being able to scale. We have approximately 3,000 users.
How are customer service and support?
I have been in contact with technical support and they are not bad.
What's my experience with pricing, setup cost, and licensing?
Comparing the price with the value that we receive, I am not happy with it.
Which other solutions did I evaluate?
We are currently looking to replace Rapid7 with another product.
Currently, we are working with Tenable Nessus and Qualys.
What other advice do I have?
I would rate this solution a five out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Enterprise Manager Infrastructure and Operations at McGrath RentCorp
Enables us to gain insight into internal systems vulnerabilities and remediation tasks
Pros and Cons
- "Rapid7 InsightVM has given us a practical view of the vulnerabilities present in our organization."
- "A definite improvement would be to make it easier to run ad-hoc scans without needing to assign the asset to a site or group."
What is our primary use case?
Our primary use case for this solution is to gain insight into internal systems vulnerabilities and remediation tasks.
How has it helped my organization?
Rapid7 InsightVM has given us a practical view of the vulnerabilities present in our organization. Not only does it verify the vulnerability, but scores it against the skill level of an attacker.
What is most valuable?
The feature that we find most valuable is the granularity. You can view your assets however makes the most sense to your business. We found that we could isolate systems easily via tagging and site setup.
What needs improvement?
A definite improvement would be to make it easier to run ad-hoc scans without needing to assign the asset to a site or group.
For how long have I used the solution?
Less than one year.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Rapid7 InsightVM
May 2025

Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: May 2025.
851,604 professionals have used our research since 2012.
Senior Manager Cyber Security Services & Solutions at Trillium
User-friendly and customizable with great risk scoring feature
Pros and Cons
- "InsightVM's most valuable feature is risk scoring, a formula based on different vectors like the ease of exploitation and the availability of the machine."
- "InsightVM could be improved by providing passive scanning as an option."
What is our primary use case?
InsightVM is mainly used for vulnerability management.
What is most valuable?
InsightVM's most valuable feature is risk scoring, a formula based on different vectors like the ease of exploitation and the availability of the machine. It can be customized according to the customer's needs - for example, if they have an asset that is more vulnerable, they can adjust the risk score according to their infrastructure. It also has a very robust dashboard system and good integration.
What needs improvement?
InsightVM could be improved by providing passive scanning as an option. They could also introduce license packages for fewer than 128 users for smaller organizations.
For how long have I used the solution?
I've been using InsightVM for almost five years.
What do I think about the stability of the solution?
InsightVM is stable.
What do I think about the scalability of the solution?
InsightVM has the option of implementing the scan engine separately, which helps with scalability.
How are customer service and support?
InsightVM's technical support is very good.
How would you rate customer service and support?
Positive
How was the initial setup?
InsightVM is easy to implement and deploy, even for small and medium businesses.
What's my experience with pricing, setup cost, and licensing?
InsightVM's licensing starts at a minimum of 128 IPs and can scale up to over 1,000.
What other advice do I have?
InsightVM is easy to use, has a well-defined dashboard, and can be customized according to your needs. You can also segregate your assets and define IP ranges. I would give InsightVM a rating of nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Enterprise ICT Security Architect at a tech services company with 1-10 employees
Good scalability, reporting, and technical support
Pros and Cons
- "We are very satisfied with the reports, as they provide us with the information that is required for our management."
- "There have been instances where technical support takes a long time to update the status of a ticket, which is something that can be improved."
What is our primary use case?
The primary use is to protect against cybersecurity attacks in your digital infrastructure. One example of such an attack is credential-grabbing.
What is most valuable?
We have put in some requests for enhancements and they are listening quite well. When there is something that we want to have enhanced then we can easily chat with the people at Rapid7. If it makes sense and another customer thinks that it makes sense then it will be built into the next release.
We are very satisfied with the reports, as they provide us with the information that is required for our management. You can perform the queries that you need.
What needs improvement?
There have been instances where technical support takes a long time to update the status of a ticket, which is something that can be improved.
For how long have I used the solution?
I have been using this product for about two and a half years.
What do I think about the stability of the solution?
The stability is okay.
What do I think about the scalability of the solution?
In terms of scalability, this product is awesome. We have more than 5,000 users and we plan to increase our usage in the future.
How are customer service and technical support?
The technical support is very nice. They are good and they listen to the customers, which is very important in my opinion.
There is always a demand for technical support to be faster. That said, I think it is much more important to have quality and communication. If I am going to be updated during the course of the case that is running, then that is okay with me. Also, as long as the quality stays in the system and they keep on improving, I am satisfied.
Which solution did I use previously and why did I switch?
We switched to Rapid7 because we were not satisfied with our previous solution. It was not up to par in terms of our needs and standards.
How was the initial setup?
The initial setup is very straightforward and not complex at all. Our deployment took about three months.
This is mostly a cloud-based solution that works with the assistance of agents and collectors.
What about the implementation team?
We implemented and deployed this product on our own.
What's my experience with pricing, setup cost, and licensing?
The licensing is asset-based and very straightforward.
What other advice do I have?
Overall, this is a product that I am very satisfied with.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Solution Engineer II at a security firm with 501-1,000 employees
Easy to deploy, scalable, and helps in prioritizing the risks with risk scoring
Pros and Cons
- "The risk score that they provide makes it easier to find out the biggest risks. It helped the security officers to understand where the biggest risks are so that they can act on them. They can instruct their IT teams to give them a higher priority and mitigate them."
- "It is still not a fully cloud-based solution. It will be helpful for customers if it is a complete cloud solution. It is a hybrid solution at the moment."
How has it helped my organization?
A big vulnerability was discovered last year for jshell. We got a lot of questions from our customers about which services are vulnerable. We could give an answer in just a few minutes to the customers and also warn them.
What is most valuable?
The risk score that they provide makes it easier to find out the biggest risks. It helped the security officers to understand where the biggest risks are so that they can act on them. They can instruct their IT teams to give them a higher priority and mitigate them.
What needs improvement?
It is still not a fully cloud-based solution. It will be helpful for customers if it is a complete cloud solution. It is a hybrid solution at the moment.
For how long have I used the solution?
I have been working with this solution for two years. It is a cloud solution, and I have been using its latest version.
What do I think about the stability of the solution?
It is definitely stable.
What do I think about the scalability of the solution?
It is made for scalability. We use it to monitor our own company with 250 users. Day-to-day, three people are monitoring the environment.
How are customer service and support?
It is perfect. I would rate them a nine out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
It was straightforward. It took a couple of hours. I would rate it a nine out of ten in terms of ease of setup.
In terms of maintenance, it is all self-updating.
What was our ROI?
It is difficult to estimate the ROI. For our management, it is a really important tool. It helps us to understand if something is not going perfectly.
What's my experience with pricing, setup cost, and licensing?
Its licensing is yearly. Everything is included in the price for one year.
Which other solutions did I evaluate?
We checked other solutions. We went for it because it has a cloud platform inside, which integrates with our SIEM solution, and it has many more capabilities than other products.
What other advice do I have?
I would advise others to make sure that every asset in the environment is monitored by the tool. I see many customers who think they have full coverage of all assets, but they are missing a part of the network. In such a case, they will get an incorrect understanding of their security.
I would rate this solution a nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CoFounder & Head of Technology at intuity
Professional support, absolutely stable, and easy to use and deploy
Pros and Cons
- "I really love the new platform. It is really easy to understand, use, and deploy."
- "It would be great to have a mobile application client. Currently, you have to use a mobile web browser on a device, but it is not similar to the desktop web browser in terms of user experience. It would be nice to have a mobile application to access the platform."
What is our primary use case?
We are using InsightVM for vulnerability management services. We use it for providing professional services to our customers, and we also use it for our internal use.
We do on-premises and cloud deployments.
What is most valuable?
I really love the new platform. It is really easy to understand, use, and deploy.
Their support is very professional and good at troubleshooting issues.
What needs improvement?
It would be great to have a mobile application client. Currently, you have to use a mobile web browser on a device, but it is not similar to the desktop web browser in terms of user experience. It would be nice to have a mobile application to access the platform.
It would be nice to have someone in the technical support team who speaks Italian.
For how long have I used the solution?
We have been in a partnership with Rapid7 for five years.
What do I think about the stability of the solution?
It is absolutely stable.
What do I think about the scalability of the solution?
It is scalable. We have 40 customers who are using this solution.
How are customer service and technical support?
Their technical support is great, but it would be nice to have someone in the technical support team who speaks Italian.
We speak Italian with Safeguy. So, sometimes, Safeguy's technical teams also help us.
How was the initial setup?
Its initial setup is easy and quick. We are typically able to deploy it in a couple of hours.
We have 15 certified and dedicated engineers to handle its deployment and maintenance.
What's my experience with pricing, setup cost, and licensing?
In some cases, we procure the licenses. In some cases, the customers directly buy the license from Rapid7.
What other advice do I have?
I would rate Rapid7 InsightVM a nine out of 10.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Country Sales Lead at securic systems
Vulnerability management solution that has a good distribution network and support in Pakistan
Pros and Cons
- "Rapid7 have a good distribution network with good support and market presence."
- "Some of our customers want to be completely cloud based, and Rapid7 doesn't offer this as an option."
What needs improvement?
Their channel program and the process of their deal registration could be improved.
Some of our customers want to be completely cloud based, and Rapid7 doesn't offer this as an option.
For how long have I used the solution?
I have used this solution for one year.
What do I think about the stability of the solution?
This solution is fairly stable.
What do I think about the scalability of the solution?
This is a scalable solution suitable for large environments.
Which solution did I use previously and why did I switch?
We initially worked with Qualys and found that Qualys has a better reputation but it is expensive. Companies with bigger budgets and who would like a cloud solution, usually prefer Qualys. This is also because of the product maturity and the research they provide.
The challenge with Qualys is that they do not have any distributors in Pakistan. They do not have an on-premises product, which caters more towards the enterprise accounts in Pakistan. I prefer going with Rapid7 for this reason. Rapid7 have a good distribution network with good support and market presence.
What other advice do I have?
My advice is to explore many options and look at the integrations available. My personal experience is that only implementing vulnerability management doesn't solve all of the problems. We also needed evaluator integrations that provide preventative measures.
I would rate this solution an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer:
IT Security Analyst at a financial services firm with 1,001-5,000 employees
Could be better on the cloud side and offer more reporting, overall - recommended to check other options
Pros and Cons
- "The feature that I have found most valuable is its dashboards."
- "There is room for improvement on its cloud side. In the next release I would like to see better reporting."
What is our primary use case?
We use it for vulnerability scanning.
What is most valuable?
The feature that I have found most valuable is its dashboards.
What needs improvement?
There is room for improvement on its cloud side.
In the next release I would like to see better reporting.
For how long have I used the solution?
I have been using Rapid7 InsightVM for seven years.
What do I think about the stability of the solution?
It is stable.
What do I think about the scalability of the solution?
Rapid7 InsightVM is scalable.
In my company, it is just my team of less than five people using it.
It requires one engineer for deployment and maintenance of the solution.
We do not have plans to increase the usage of the solution in the future.
How are customer service and support?
Their customer support is really bad. On a scale of 1 to 10 I would probably give it a 1.
How was the initial setup?
The initial cloud setup was difficult. It took months even though we worked with their professional services.
What about the implementation team?
We used a consultant to implement.
What was our ROI?
We had a good return, but it could be better.
What's my experience with pricing, setup cost, and licensing?
We pay 100,000 yearly.
What other advice do I have?
We are thinking about changing right now. We have always used Rapid7, but we are thinking about changing now.
My advice to anyone considering Rapid7 InsightVM is to look at the other vendors first.
On a scale of one to ten, I would give Rapid7 InsightVM a 3.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Rapid7 InsightVM Report and get advice and tips from experienced pros
sharing their opinions.
Updated: May 2025
Product Categories
Risk-Based Vulnerability ManagementPopular Comparisons
Qualys VMDR
Tenable Security Center
Tenable Vulnerability Management
Microsoft Defender Vulnerability Management
Nucleus
Arctic Wolf Managed Risk
Cisco Vulnerability Management (formerly Kenna.VM)
SanerNow CyberHygiene Platform
Balbix BreachControl
SecureWorks Taegis VDR
Fortra's Vulnerability Management
Buyer's Guide
Download our free Rapid7 InsightVM Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions: