TrustRadius: an HG Insights company

Rapid7 InsightVM

Score8.8 out of 10

82 Reviews and Ratings

Get a Demo

What is Rapid7 InsightVM?

InsightVM is presented as the next evolution of Nexpose, by Rapid7. This Insight cloud-based solution features everything included in Nexpose, such as Adaptive Security and the proprietary Real Risk score, and extends visibility into cloud and containerized infrastructure. InsightVM also offers advanced remediation, tracking, and reporting capabilities not included in Nexpose.

Categories & Use Cases

Key Features

Learn about the best (and worst!) features Rapid7 InsightVM has to offer, as determined by TrustRadius' reviewers.
Based on 82 ratings of Rapid7 InsightVM's features
View all features

Top Performing Features

  • Vulnerability Classification

    Prioritizing vulnerabilities, to determine which vulnerabilities are most urgent and require a quicker resolution.

    Category average: 8.7

  • Automated Alerts and Reporting

    Systems in place to automatically alert, report, or notify of issues that may need timely remediation.

    Category average: 8

  • IT Asset Realization

    Scans a network to identify hardware and software assets on the network.

    Category average: 8.4

Areas for Improvement

  • Web Scanning

    Specifically scans webpages for potential threats or vulnerabilities.

    Category average: 7.8

  • Automated Threat Identification

    Leveraging multiple sources of information (such as threat intelligence databases) to automatically identify threats.

    Category average: 7.8

  • Network Analytics

    Analyzes various data reports and logs (DNS, firewall, user data, security information etc.) to identify threats in a network.

    Category average: 7.8

Reviews

What users are saying about Rapid7 InsightVM.
View all reviews

A Leader in Vulnerability Management

Incentivized
Mark Knutson
Manager of Information Security in Information Technology at Sheltering Arms Institute (501-1000 employees employees)

Use Cases and Deployment Scope

Rapid7 InsightVM is our vulnerability scanner. This is one of the pillars of information security, and I firmly believe that in order to do cyber security right, then you need to have a tool that performs this function. The problems addressed by this tool are self-evident in that it finds vulnerabilities in your environment. Now I personally think R7 goes above and beyond with their product offering in that they provide a host of other information to help you remediate the vulnerabilities and they display the information in a very digestible way. This tool is scanning all of our devices, and even helping us find what devices we are not accounting for.

Pros

  • InsightVM provides rich vulnerability data that is actionable.
  • This tool also has a robust reporting feature that provides a myriad of ways to look at the data and present that to others.
  • The remediation instructions are excellent and the "proof" data is very useful to show other departments how the tool found the vulnerability.

Cons

  • I really like the SQL reporting feature and I think they could invest more time into making that great.
  • This is more of a feature request, but it would be nice to have the ability to create my own cards for their cloud reporting dashboards.
  • InsightVM does a great job of reporting on vulnerability data on a device, but I think it would be also helpful to see a deeper dive into non-vulnerability related info that is related (such as last reboot or last user logged in).

Return on Investment

  • Cyber security is often considered a cost center, but it's easy to underestimate how much cost avoidance takes place when you identify and remediate a large amount of vulnerabilities.
  • This tool provides board members with a big picture view of how the organization is looking from a risk and security perspective, which provides confidence and verification for decision makers.
  • This tool is only as useful as the people who use it, so make sure that you hire qualified staff to operate the platform, otherwise it will just be shelfware that you're not using.

Usability

Alternatives Considered

Tenable Nessus and Nmap

Other Software Used

CrowdStrike Falcon

Rapid7 InSightVM Quick Review

Incentivized
Verified User
Contributor in Information Technology (5001-10,000 employees employees)

Use Cases and Deployment Scope

I use Rapid7 InsightVM to help identify and remediate our vulnerabilities. The business problems are discovering and remediating vulnerabilities. The scope is to identify and addressing all vulnerabilities in our organization. We also use Rapid7 InsightVM to track CIS baseline policy compliance for various operating systems. The includes MacOS, Windows and Linux. We are able to scan all assets and prioritized vulnerabilities for remediation.

Pros

  • Rapid7 InsightVM is good at agentless scanning.
  • Rapid7 InsightVM integration with ServiceNow works very well.
  • Rapid7 InsightVM scales very well with deploying scan engines. It can be used in large organizations.
  • The user interface of Rapid7 InsightVM is very intuitive and user friendly. It is easy to use.

Cons

  • I think Rapid7 InsightVM could do a better job with their report capabilities. There should be more canned reports include that are most used.
  • There should be a way to bulk address specific assets with a particular vulnerability.

Return on Investment

  • I think that Rapid7 InsightVM does a good job and provide us with value on addressing vulnerabilities.

Usability

Alternatives Considered

Microsoft Defender for Endpoint and Tenable Nessus

Other Software Used

Microsoft Defender for Cloud Apps, Microsoft Defender for Cloud, CrowdStrike Falcon

Great performance amd great Vulnerability/risk Management tool!

Incentivized
Verified User
Engineer in Information Technology (201-500 employees employees)

Use Cases and Deployment Scope

We track remediation projects/phases, view and audit vulnerability remediation, as well as department shared goals. I am over the patching aspect for our organization and I enjoy being able to have a dashboard with supporting data and information. We use this tool to collaborate with our Cybersecurity division to share data, view assets and user the reporting feature for our meetings.

Pros

  • Being able to track our goals for patching phases within our organization
  • easy to understand data points and charts to show asset status
  • Quick snapshots of vulnerability scores

Cons

  • Maybe a more simplified interface for new users
  • Tips/suggested next steps modules for integrating new employees
  • more granular access options for users

Return on Investment

  • positive return on investment for our organization
  • Create internal/operational efficiencies
  • Improve compliance & risk management

Usability

Alternatives Considered

Qualys VMDR

Other Software Used

Automox

It has Insight for all your Enterprise

Varun KhareView profile
Senior Analyst in Information Technology at Western Union (10,001+ employees employees)

Use Cases and Deployment Scope

As a financial institution, we have to be up and running securely 24x7x365. So be online is easier with Cloud services but security is concern when you operate in Cloud environment and that is where Rapid7 InsightVM helps us. Rapid7 InsightVM help us to scan our overall infrastructure including cloud infra. here we have complete glance our vulnerability and remediation.

Pros

  • Scanning Vulnerabilities
  • Checking Missing Configs
  • Asset Management

Cons

  • Policy Assessment has improvement needed
  • Shadow IT Host

Most Important Features

  • Live Dashboarding
  • Risk Prioritization
  • Container Security

Return on Investment

  • Positive- Continue Monitoring
  • Positive- Great Reporting
  • Negative- Shadow IT is big mess

Alternatives Considered

Qualys Cloud Platform

Other Software Used

Qualys Cloud Platform, ServiceNow Governance, Risk, and Compliance

A leader tool for pentesting

Incentivized
Verified User
Engineer in Engineering (1001-5000 employees employees)

Use Cases and Deployment Scope

I used to use Rapid7 InsightVM as a pentesting tool. I implemented the solution on servers to test the client environment by scanning sensitive servers. The main goal is to find weaknesses and vulnerabilities in the systems that could be exploited by hackers. And then generate a report that could be used as a reference for patching the system.

Pros

  • vulnerability managment
  • applicative security
  • orchestration

Cons

  • produt implementation
  • report clearness
  • time to execute scans can be improved

Most Important Features

  • progress tracking
  • full network scan capability
  • patch managment

Return on Investment

  • less attackes good be succefull
  • less investment on audit and external pentesting resources
  • fully automated solution with few human interaction needed

Alternatives Considered

Nessus

Other Software Used

Palo Alto Networks Cortex XDR, Palo Alto Networks Cortex XSOAR, Palo Alto Networks Prisma SD-WAN

Related Products

Products similar to Rapid7 InsightVM that may also meet your needs.
All comparisons
Vulcan Cyber (discontinued)
CompareLearn more
Qualys VMDR
CompareLearn more
Hackuity
CompareLearn more