InsightVM is presented as the next evolution of Nexpose, by Rapid7. This Insight cloud-based solution features everything included in Nexpose, such as Adaptive Security and the proprietary Real Risk score, and extends visibility into cloud and containerized infrastructure. InsightVM also offers advanced remediation, tracking, and reporting capabilities not included in Nexpose.
$19
per GB
Vulcan Cyber (discontinued)
Score 7.5 out of 10
Mid-Size Companies (51-1,000 employees)
Vulcan Cyber was an exposure and vulnerability risk mitigation platform, acquired by Tenable in early 2025. The product is no longer available for sale, and functionality has been integrated into the Tenable One Exposure Management platform's vulnerability solution.
N/A
Pricing
Rapid7 InsightVM
Vulcan Cyber (discontinued)
Editions & Modules
Log Management
$19
per GB
Vulnerability Management
$22
per asset
insightIDR
$52
per asset
Application Security
$2,000
per app
insignConnect
Contact sales team
No answers on this topic
Offerings
Pricing Offerings
Rapid7 InsightVM
Vulcan Cyber (discontinued)
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
Rapid7 InsightVM
Vulcan Cyber (discontinued)
Considered Both Products
Rapid7 InsightVM
Verified User
Anonymous
Chose Rapid7 InsightVM
Product functionality and performance Financial/organizational viability Product roadmap and future vision
I think Tenable is very comparable and they are both leaders in this space. I evaluated both of them side-by-side and ultimately decided to go with Rapid7. Tenable did have a slight edge on the amount of information I was getting from the machines, but I landed on R7 because I …
Rapid7 InsightVM is more cost effective than the other solution on the market. It is easy to deploy and the user interface is easy to use and intuative. We select Rapid7 InsightVM mainly because it integrates well with ServiceNow compared to the other solution that were …
Rapid7 InsightVM is a more professional tool than NESSUS because historically, it was based on metasploit which is a powerful pentesting and exploiting tool. InsightVM covers more attacking scenarios and vulnerabilities than competitors and still a leader in this domain.cloud …
Nessus Pro does scans, but does not maintain an inventory from scan to scan. There is no history for a specific device, you have to look inside the results of each scan. Search across inventory is non-existent. There are no dashboards for data analysis. This is no tracking …
Tenable has a more refined look for the reporting that it provides as a result of scanning events, but Nexpose seems to have a better ability to help quantify risk and help prioritize the work needed to get the quickest security result for the team and the company. The Nessus …
I wasn't here at the time when the company compared different vulnerability management platforms so I'm not sure on the reasoning and difference between the 2. It could be that the team went through different choices and found Vulcan to be the best fit. It's hard for me to say …
My role is not in charge of selecting more services or products like Vulcan. I just use them as part of my daily responsibilities. Maybe other roles can give more feedback about this.
Vulcan Cyber has a more mature platform catered for enterprise customers compared to Nucleus. The very close support and attention to detail of the Vulcan sales and technical team also helped in answering any possible question we had about the platform or take note of our …
Vulcan was easier to implement with our existing Security environment. The UX and UI were more intuitive and user-friendly. While SOAR is a super solid product, for our business Vulcan made more sense. It was more of a natural fit for a rapidly-expanding company in a …
I think Rapid7 InsightVM is well suited for large enterprise customers with a lot of assets. It integrates well with a number of different ITSM solutions which I think is very good. There are not many CIS benchmarking tools on the market and Rapid7 InsightVM does a very good job at benchmarking. I think where Rapid7 InsightVM falls down a little is on false positive vulnerabilities. Sometime you there a few positive results on vulnerabily discovery. Tuning the settings for scan engines can sometimes be trick as well.
We use Vulcan Cyber to help with the technical debt accrued over time with systems that were not maintained as well as they should be. To combat this, we use the campaign feature to keep a running tab on every system to ensure it is brought up to standards and maintained.
The API is also a great tool for us to automate lots of routine procedures like scan and report of asset(s) BY EMAIL.
Tagging. It helps sort out results and reports for respective assets Owner for remediation without a lengthy report including unnecessary information for that particular team.
SQL Reporting. It provides advanced reporting and export capabilities that you can not find in the stock report template.
Devices found and scanned are never removed. Removal must be done manually with no option for automation.
The database can be fragile. Ours quietly corrupted and progressively degraded until we had to restore and lose 6 months of data. Still didn't fix it and had to be rebuilt again losing all data.
Workflow for delegating remediation is supposed to be helpful, but can also become cumbersome.
Scheduling can become a nightmare if not monitored closely. We found jobs had failed to run because the server had gone offline. When the server came online, it did not try to run missed jobs. Running missed jobs all at once can overload the server, but searching for and launching a large number of missed jobs manually is a pain.
While I think it is a great tool and platform, I believe it (like all tools and solutions) is always evolving and the needs for clients are changing as the industry evolves and threats are upgraded. Cost is good, and support is helpful. Some things could be more granular and others could be easier to understand
I gave it a seven due to the functionality and general ease of use after the initial setup headaches, but compared to Qualys, Rapid7 Nexpose falls short on features and ease of use. Their support drags this rating down a point as well. I have gone weeks with no update on semi-critical issues and typically have to make call after call to get a semi-coherent response.
I think Tenable is very comparable and they are both leaders in this space. I evaluated both of them side-by-side and ultimately decided to go with Rapid7. Tenable did have a slight edge on the amount of information I was getting from the machines, but I landed on R7 because I found the features of the InsightVM tool to be more useful. They both get the job done, but I found InsightVM a better experience to use on a day-to-day basis and had better quality of life features that I was looking for.
Vulcan was easier to implement with our existing Security environment. The UX and UI were more intuitive and user-friendly. While SOAR is a super solid product, for our business Vulcan made more sense. It was more of a natural fit for a rapidly-expanding company in a hyper-growth phase using Edge technology.
It certainly has a more positive impact than negative impact while performing the scans. Nexpose can find report vulnerabilities that our other scanner fails to identify during the scan because of its defined scan templates.
Also, even if the scan is not being performed due to some issues like reachability, whitelisting, etc. it will try to give scan results unlike QualysGuard which just marks the asset as unreachable.
Allows much better prioritizing of which assets are most vulnerable
Allow a better understanding of what assets are actually under real threat vs. what is assumed to be vulnerable, but the real world fact is the system would be hard to reach internally, so it's not as vulnerable.