InsightVM is presented as the next evolution of Nexpose, by Rapid7. This Insight cloud-based solution features everything included in Nexpose, such as Adaptive Security and the proprietary Real Risk score, and extends visibility into cloud and containerized infrastructure. InsightVM also offers advanced remediation, tracking, and reporting capabilities not included in Nexpose.
$19
per GB
Tenable Nessus
Score 8.9 out of 10
N/A
Tenable headquartered in Columbia offers Nessus, a vulnerability scanning and security assessment solution used to analyze an entity's security posture, vulnerability testing, and provide configuration assessments.
$2,790
Pricing
Rapid7 InsightVM
Tenable Nessus
Editions & Modules
Log Management
$19
per GB
Vulnerability Management
$22
per asset
insightIDR
$52
per asset
Application Security
$2,000
per app
insignConnect
Contact sales team
1 Year
$2,790.00
1 Year + Advanced Support
$3,190.00
2 Years
$5,440.00
2 Years + Advanced Support
$6,240.00
3 Years
$7,951.00
3 Years + Advanced Support
$9,151.00
Offerings
Pricing Offerings
Rapid7 InsightVM
Tenable Nessus
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
Rapid7 InsightVM
Tenable Nessus
Considered Both Products
Rapid7 InsightVM
Verified User
Anonymous
Chose Rapid7 InsightVM
Product functionality and performance Financial/organizational viability Product roadmap and future vision
I think Tenable is very comparable and they are both leaders in this space. I evaluated both of them side-by-side and ultimately decided to go with Rapid7. Tenable did have a slight edge on the amount of information I was getting from the machines, but I landed on R7 because I …
Rapid7 InsightVM is more cost effective than the other solution on the market. It is easy to deploy and the user interface is easy to use and intuative. We select Rapid7 InsightVM mainly because it integrates well with ServiceNow compared to the other solution that were …
Rapid7 InsightVM is a more professional tool than NESSUS because historically, it was based on metasploit which is a powerful pentesting and exploiting tool. InsightVM covers more attacking scenarios and vulnerabilities than competitors and still a leader in this domain.cloud …
Nessus Pro does scans, but does not maintain an inventory from scan to scan. There is no history for a specific device, you have to look inside the results of each scan. Search across inventory is non-existent. There are no dashboards for data analysis. This is no tracking …
Tenable has a more refined look for the reporting that it provides as a result of scanning events, but Nexpose seems to have a better ability to help quantify risk and help prioritize the work needed to get the quickest security result for the team and the company. The Nessus …
We looked at AlienVault since it can be a SIEM and scanner all in one. Ultimately, we decided AlienVault didn't stack up well against Nessus so we decided to purchase Nessus. Glad we did.
Sometimes when we identify a vulnerability with Nessus that has an exploit, we made a proof of concept with Metasploit in order to show to the IT managers the importance of the software/hardware hardening.
Nessus is standard vulnerabilities assessment tool, i would recommend for mid or higher level organization to have their personalised tool from Nessus for day to day managing of their network security with continuous improvements.
Nessus is the smallest product in the Tenable stable and is also the first vulnerability scanner to be created almost 20 years ago. Great tool for once off scans. But you need the other products if you want real time monitoring etc
Ease of deployment and use even for junior analysts, strong plugin support, and up-to-date CVE coverage, cost-effective licensing, especially for mid-size companies, and seamless integration with the SIEM tool. Overall, Nessus hit the right balance between functionality, …
I think Rapid7 InsightVM is well suited for large enterprise customers with a lot of assets. It integrates well with a number of different ITSM solutions which I think is very good. There are not many CIS benchmarking tools on the market and Rapid7 InsightVM does a very good job at benchmarking. I think where Rapid7 InsightVM falls down a little is on false positive vulnerabilities. Sometime you there a few positive results on vulnerabily discovery. Tuning the settings for scan engines can sometimes be trick as well.
Nessus is perfectly suitable for performing comprehensive vulnerability assessment scans being a vulnerability scanner. It is less appropriate for performing penetration testing since it is not a penetration testing tool, it does not have the ability and modules to exploit the vulnerabilities of the system.
The API is also a great tool for us to automate lots of routine procedures like scan and report of asset(s) BY EMAIL.
Tagging. It helps sort out results and reports for respective assets Owner for remediation without a lengthy report including unnecessary information for that particular team.
SQL Reporting. It provides advanced reporting and export capabilities that you can not find in the stock report template.
Devices found and scanned are never removed. Removal must be done manually with no option for automation.
The database can be fragile. Ours quietly corrupted and progressively degraded until we had to restore and lose 6 months of data. Still didn't fix it and had to be rebuilt again losing all data.
Workflow for delegating remediation is supposed to be helpful, but can also become cumbersome.
Scheduling can become a nightmare if not monitored closely. We found jobs had failed to run because the server had gone offline. When the server came online, it did not try to run missed jobs. Running missed jobs all at once can overload the server, but searching for and launching a large number of missed jobs manually is a pain.
Nessus is best and easy to use application for Vulnerabilities finding and reporting, it has multiple platforms and wide scope covering almost all devices for security improvement so far, thus we are very likely to continue its services.
While I think it is a great tool and platform, I believe it (like all tools and solutions) is always evolving and the needs for clients are changing as the industry evolves and threats are upgraded. Cost is good, and support is helpful. Some things could be more granular and others could be easier to understand
Tenable Nessus is a great product and provides a lot of value, but it is difficult to set up and use and the amount of data it generates can be overwhelming. It does help us prioritize based on the severity of the detection, however there are sometimes mitigating factors that we have implemented that Nessus does not account for, which causes lots of noise in the reports.
I gave it a seven due to the functionality and general ease of use after the initial setup headaches, but compared to Qualys, Rapid7 Nexpose falls short on features and ease of use. Their support drags this rating down a point as well. I have gone weeks with no update on semi-critical issues and typically have to make call after call to get a semi-coherent response.
I haven't needed to contact support yet. But issues are easily solved with a quick internet search which means support and by extension, the larger community are involved and knowledgeable.
I think Tenable is very comparable and they are both leaders in this space. I evaluated both of them side-by-side and ultimately decided to go with Rapid7. Tenable did have a slight edge on the amount of information I was getting from the machines, but I landed on R7 because I found the features of the InsightVM tool to be more useful. They both get the job done, but I found InsightVM a better experience to use on a day-to-day basis and had better quality of life features that I was looking for.
Ease of deployment and use even for junior analysts, strong plugin support, and up-to-date CVE coverage, cost-effective licensing, especially for mid-size companies, and seamless integration with the SIEM tool. Overall, Nessus hit the right balance between functionality, performance, and total cost of ownership for our needs and usability.
It certainly has a more positive impact than negative impact while performing the scans. Nexpose can find report vulnerabilities that our other scanner fails to identify during the scan because of its defined scan templates.
Also, even if the scan is not being performed due to some issues like reachability, whitelisting, etc. it will try to give scan results unlike QualysGuard which just marks the asset as unreachable.
It has helped identify security flaws in our infrastructure that has helped better secure our client's data. It did so quickly and efficiently so I was able to move on to other tasks.