Rapid7 InsightVM Reviews

A big vulnerability was discovered last year for jshell. We got a lot of questions from our customers about which services are vulnerable. We could give an answer in just a few minutes to the customers and also warn them.

The risk score that they provide makes it easier to find out the biggest risks. It helped the security officers to understand where the biggest risks are so that they can act on them. They can instruct their IT teams to give them a higher priority and mitigate them.

It is still not a fully cloud-based solution. It will be helpful for customers if it is a complete cloud solution. It is a hybrid solution at the moment.

I have been working with this solution for two years. It is a cloud solution, and I have been using its latest version.

It is definitely stable.

It is made for scalability. We use it to monitor our own company with 250 users. Day-to-day, three people are monitoring the environment.

It is perfect. I would rate them a nine out of ten.

Positive

It was straightforward. It took a couple of hours. I would rate it a nine out of ten in terms of ease of setup.

In terms of maintenance, it is all self-updating.

It is difficult to estimate the ROI. For our management, it is a really important tool. It helps us to understand if something is not going perfectly. 

Its licensing is yearly. Everything is included in the price for one year.

We checked other solutions. We went for it because it has a cloud platform inside, which integrates with our SIEM solution, and it has many more capabilities than other products.

I would advise others to make sure that every asset in the environment is monitored by the tool. I see many customers who think they have full coverage of all assets, but they are missing a part of the network. In such a case, they will get an incorrect understanding of their security.

I would rate this solution a nine out of ten.

Public Cloud

We use Rapid7 InsightVM mostly for VM management.

The solution is good because it has a lot of options.

The solution could improve by being more secure.

I have been using Rapid7 InsightVM for approximately one month.

The solution has been stable.

Rapid7 InsightVM is scalable.

I have not needed to contact the support at this time.

The installation is simple, it took us approximately six hours.

I did the implementation myself.

I would recommend this solution to others.

I rate Rapid7 InsightVM a nine out of ten.

Hybrid Cloud

Rapid7 InsightVM, like Tenable, is used to enforce the vulnerability management lifecycle.

We identify the assets, scan them, prioritize them, and have a remediation plan in place to address any vulnerabilities that are discovered.

A remediator scan is performed to determine whether or not the discovered vulnerabilities have been patched.

The performance is good.

Rapid7 could be easier to manage. When you compare it to other similar solutions, it is a bit difficult to manage.

The reporting could be improved.

I have been using Rapid7 InsightVM for two years.

At the time that it was used, I was using the latest version.

The installation is simple and quick; it only takes 10 minutes to complete.

I have used Tenable SC and Tenable.io, and you cannot compare to Tenable SC or Tenable.io with any other vulnerability solution.

Tenable has that supremacy. It is very easy to manage and very easy to understand. You don't need any prior knowledge or experience to install it; you can do it on your own. You don't need any additional assistance or help through a search on how to install or scan your assets.

Tenable has a very powerful reporting engine but needs to be enhanced.

Tenable is number one, Rapid7 comes second.

I would rate Rapid7 a six out of ten.

On-premises

We're mainly using this solution in-house for now and our primary use case is for Red Teaming. I'm a security engineer and we are resellers of Rapid7. 

The discovery and prioritization of vulnerabilities is a good feature along with the investigation, the trials function. It's also user friendly. 

The solution is not multitenancy and it would be great if they could add some of that to the platform. 

The solution is stable. 

It's scaled to the cloud so scalability is not an issue and it's pretty flexible. 

I haven't used tech support. I've done all my troubleshooting online, it offers thorough explanations.

The initial setup is definitely straightforward.

There is an annual license fee which is pretty expensive because it's price per aspect. The pricing could definitely be cheaper.

If your company has the budget for this product, I would recommend it. 

I rate the solution seven out of 10. 

Public Cloud

The primary use is to protect against cybersecurity attacks in your digital infrastructure. One example of such an attack is credential-grabbing.

We have put in some requests for enhancements and they are listening quite well. When there is something that we want to have enhanced then we can easily chat with the people at Rapid7. If it makes sense and another customer thinks that it makes sense then it will be built into the next release.

We are very satisfied with the reports, as they provide us with the information that is required for our management. You can perform the queries that you need.

There have been instances where technical support takes a long time to update the status of a ticket, which is something that can be improved.

I have been using this product for about two and a half years.

The stability is okay.

In terms of scalability, this product is awesome. We have more than 5,000 users and we plan to increase our usage in the future.

The technical support is very nice. They are good and they listen to the customers, which is very important in my opinion.

There is always a demand for technical support to be faster. That said, I think it is much more important to have quality and communication. If I am going to be updated during the course of the case that is running, then that is okay with me. Also, as long as the quality stays in the system and they keep on improving, I am satisfied.

We switched to Rapid7 because we were not satisfied with our previous solution. It was not up to par in terms of our needs and standards.

The initial setup is very straightforward and not complex at all. Our deployment took about three months.

This is mostly a cloud-based solution that works with the assistance of agents and collectors.

We implemented and deployed this product on our own.

The licensing is asset-based and very straightforward.

Overall, this is a product that I am very satisfied with.

I would rate this solution an eight out of ten.

Public Cloud

We use the solution to scan our internal OS and applications. 

The solution protects us from vulnerabilities. If it sees anything, it can tell us about the vulnerability and ranks it as critical or high risk. It allows us to take action immediately to protect our company from attacks.

The most important aspect of the solution is that it rarely gives false positives, especially compared to other products. It provides very clear reports for our IT teams to look at. 

The solution has an excellent feature that scans for vulnerabilities that may affect the Windows operating system. It helps us avoid being affected by WannaCry or other malicious attacks of that nature. It's one of the most useful features that we have. We're able to see more vulnerabilities before they become an issue due to the fact that it's so protective. It's great at helping us avoid malware or ransomware.  

The solution needs to improve its smart monitoring. 

There needs to be much clearer instructions surrounding scanning. 

As for new features, I can't think of anything that's lacking. It's pretty good overall in terms of feature offerings.

I've only been using the solution for half a year - approximately six months. It hasn't been too long.

The solution is very stable. There are no bugs or glitches that I have witnessed. The solution doesn't crash. It's very reliable.

The solution is very flexible and very scalable. A company that needs to add it to their endpoints should have no issues doing so. I don't think there is a limit as to how many are possible.

Typically we deploy this solution to medium-sized enterprises in microfinance and insurance.

I've been in contact with technical support in the past. they're very good. We're satisfied with the level or attention they give us and the information they share.

The solution doesn't really have a complex setup. It's easy to set up and integrate with the endpoint. We install insights at our endpoints to help us collect vulnerability information from there.

We can also install it again and again and use active scanning to conduct vulnerability testing at the endpoints. It's very simple.

Deployment doesn't take long at all. Currently, we can deploy in around two or three days and then integrate it with the endpoint after we've gotten clear instructions from InsightVM.

The steps we choose for implementation are as follows: we first need to follow the instructions to install network communication, from the endpoint to InsightVM. Network communication from the endpoint will go to the scan engine and from the scan engine to the management console of Insight. 

After we satisfy this, we start implementation and we start to deploy the engine to the endpoint. After that, we run a scan from the site configuration of each endpoint scope and we file the report displayed on the dashboard. Lastly, we export the report and provide it to the correct person that needs to be involved at the IT end of things.  

In terms of the number of staff we use for deployment, from our side, we have two people to help manage everything. For the customer, we have four people to coordinate with the internal team. In total, we have six people involved with deployment. Our team includes a deployment engineer and from the customer's side, members of security operations.

Normally, we have both the reseller and the vendor to assist with deployment. From the vendor, we just consult on the step and classify each endpoint. After that, we'll discuss next steps with our team. Currently, we have a distributor that provides this product to us. We work with the vendor and work with the reseller to deploy everything to the customer's systems.

The solution offers flexible pricing.

We're a partner of InsightVM.

We're most likely using the latest version of the solution, however, I'm not sure which exact version number it is.

We've deployed on-premises with a local scan engine.

I'd advise companies that are looking into vulnerability assessment or faster deployment, to check out InsightVM. It's easy to expand as necessary and offers flexibility in its pricing.

I'd rate the solution nine out of ten.

On-premises

The primary use case of this solution is for vulnerability management.

We have monthly scans and reporting. The results are in QRadar, which is our SIEM.

This solution is very easy to use and easy to install.

It has nice features.

It would be nice to have an additional feature that would provide reports on who has logged onto the console or who did what on the console. I don't have the time to log onto the console and use SSH to go through the logs. 

We have some users with certain privileges, and sometimes they do things that I don't like.  This is why it would be nice to have an easy way to report what is in the logs.

In the next release, I would like to see reporting added to the console. It would be helpful to have reports to tell you who did what, who created reports, who created groups or who created tags.

I have been working with this solution for five years.

The stability is good. I am running it on Linux and from that point of view, Linux is stable.

We are using this solution daily. 

This solution is easy to scale. 

I am working at Triglav Group which is the leading insurance-financial group in Slovenia and
in the Adria region and one of the leading groups in South-East Europe

Triglav Group operates together with its subsidiaries and associated companies on seven markets and in six countries.

We use with two consoles, one is international for subdiraies and other is for the Slovenia all thogether we have 15 scan engines on locations.

Approximately a year ago, we had an issue with the dashboard. We contacted technical support to ask a question. Unfortunately, we were not able to resolve the issue that we were having. It could have been something in our network, but we don't know. It was not a big issue.

The technical support is good, they do give you answers and they are pretty quick.

The initial setup was easy and straightforward.

I deployed this solution. It took a couple of days with ten engines.

We did not use a vendor or integrator to implement this solution. We have five thousand people in this firm and I am the only one in technical team. 

My advice would be to just use it. 

As a whole, it's a pretty good product. I don't have any problem with it.

If they had the audit reporting then I would rate it a ten out of ten, but as it is now, I would rate this solution a nine out of then.

On-premises

InsightVM is good. It's easy to use. It's fast, it's a powerful, easy to access tool.

I have had some difficult problems with InsightVM. The InsightVM cannot scan if we connect to our customer by the VPN. I asked the Rapid7 support, they told me that the InsightVM can only work on the same network. We cannot use InsightVM by VPN. It also consumes a lot of memory. It would be good if they could resolve that.

We worked with Rapid7 InsightVM for one year.

It is very stable, but it consumes a lot of memory.

Scalability is good on the same network but not if you have to connect to another network.

I think the support is okay. They responded very quickly, and it was sufficient.

InsightVM is Window-based. It is easy to install and easy to use.

It took us about half a day to set up. When we bought from the distributor in Thailand, the distributor sent an engineer to install and explain how to use it and how to customize the report.

My team uses a small tool such as Tenable Nessus and Rapid7 InsightVM, but when we use both tools and compared the report, Tenable Nessus is very easy to consolidate, to expand to our customer, but InsightVM is very difficult. We would have to cancel it to explain the daily part to our customers.

I would recommend having the distributor help you to explain how this software works and to help with the details. I would rate it at an eight out of ten.

On-premises