InsightVM - Vulnerability Management

We are still using Rapid7 InsightVM .

I personally still use Rapid7 InsightVM .

We use Rapid7 InsightVM for vulnerability scanning. It supports both agent-based and agentless scanning, which is part of our vulnerability management strategy.

The agentless scan in Rapid7 InsightVM is effective and represents the functionality I primarily work with. The risk scoring system in Rapid7 InsightVM is another valuable feature. When comparing to the main competitor QualysGuard, Rapid7 InsightVM is more preferable for me.

Customer support in Rapid7 InsightVM could be improved. The response time needs improvement.

I have performed scans and explored the components of the product over the last three to four years.

I would rate the stability of Rapid7 InsightVM as seven out of ten.

Rapid7 InsightVM rates approximately 8.5 for scalability. Rapid7 InsightVM is recommended for large-scale companies with more than 30,000 users.

The response time for customer service needs improvement.

Positive

My first tool was QualysGuard, which had more than 100,000 users. QualysGuard is more technical and problematic when implementing things, making it not as easy to use as Rapid7 InsightVM.

Setup for Rapid7 InsightVM was simple. It was not complex because I had previous experience with Rapid7 when it was Nexpose.

I would rate the pricing for Rapid7 InsightVM as eight out of ten.

QualysGuard is more challenging if you are not proficient in technical or environmental aspects, making deployment difficult. With Rapid7 InsightVM, the deployment process is more user-friendly.

I would recommend Rapid7 InsightVM for large-scale companies. I can recommend it to other users. Overall, I rate Rapid7 InsightVM eight out of ten.

The main use case is the vulnerability assessment of their assets. Assets include Windows or Linux platforms. This is the only use case. They want to highlight and identify vulnerabilities in their platform to remediate them. For the remediation part, they want to integrate their IT teams with the Rapid7 InsightVM  platform so their IT team can get insights into the vulnerabilities, remediate them, and update over the same platform. These are the functionalities of their Rapid7 InsightVM  solution.

The most valuable feature of the Rapid7 InsightVM solution is the Live Risk Score. It provides dynamic Live Risk Scoring of the assets. Vulnerabilities can be classified between most critical and less critical vulnerabilities, which are dynamically updated in their dashboard. This is the most interesting and valuable feature from my perspective.

It provides different compliance reports regarding PCI DSS, GDPR, and HIPAA. For compliance, it is a good solution for customers, and in this domain there is no improvement required for Rapid7 InsightVM.

The automation capability remediation needs improvement. The current process requires manually telling IT teams to remediate vulnerabilities, and then they update the status of these vulnerabilities in the platform. This basic feature that Rapid7 calls an automated remediation process is actually manual. We can update the status of vulnerabilities in the Rapid7 InsightVM platform and collectively see how many vulnerabilities we have identified and how many are remediated by our IT team.

More automation in the remediation feature is a basic demand from many customers. The remediation part and vulnerability identification of network devices or rigid devices are not currently supported by Rapid7 InsightVM. More integration and automation are the two areas Rapid7 needs to improve in their product.

I have been working with Rapid7 InsightVM for about one and a half years.

This is a very stable solution. I rate it around eight because I have faced only one problem in the Rapid7 InsightVM solution when configuring it for a customer due to a malfunction or bug. 

Other than that, there have been no specific issues ever recorded or noticed by my team or myself. Rapid7 continuously updates it, which is why I rate it eight out of ten.

This is a very scalable solution that I would rate eight out of ten. Scalability in the Rapid7 InsightVM solution is straightforward. We just need to deploy multiple scanning engines for scanning the assets. If we exceed assets from 5,000 to 10,000, we need to deploy more scanning engines to scan the solutions and assets. We simply need to deploy another scan engine to make it scalable.

I cannot comment specifically regarding the support part because I have never needed Rapid7 support for the InsightVM solution as it is very stable. There were no bugs or specific problems that required raising a support ticket. Their support appears good, and some of their representatives are in direct contact with me through phone numbers. Their support seems good, but I cannot provide a specific rating.

Positive

In the Pakistan region, there are multiple customers using Rapid7 InsightVM solution, including Rapid7 Nexpose. Nexpose and InsightVM are the same solution, with the difference being cloud versus on-premises versions. The on-premises version is called Nexpose, and the cloud version is called Rapid7 InsightVM solution. Their functionalities are almost the same. In Pakistan, I have deployed this solution in more than 15 organizations, and approximately 30 plus organizations are using this solution in total.

Initial setup is very easy as this is a cloud solution. We just need to create the account and use it for integration with other assets. I would rate the initial setup nine out of ten.

The customers are mostly SMBs, though some enterprise organizations have also deployed the solution. This is neither a cheap nor the most expensive solution. Qualys and some other vendors are more expensive than Rapid7 InsightVM.

I have experience with the Rapid7 VMDR solution - not with other solutions. I am exploring the differences between these solutions for customer pitches.

Currently, there is no AI embedded in the solution available on the website. According to Rapid7, they are working on the Sonar  project and will soon launch this project to enhance their AI capability in the solution.

My overall rating for Rapid7 InsightVM is seven out of ten.

We are resellers of Rapid7 InsightVM  in this market. We typically recommend it to banks and manufacturing groups interested in enhancing their cybersecurity.

We started with a couple of Rapid7 products, including Rapid7 InsightVM , and it runs quite fine with our customers. Although some customers raised issues, we resolved them with our technical team. Customers are interested in this product as it helps heighten their cybersecurity posture. Aside from technical challenges, the products offer comparable packages and services to other vendors in the market, such as Tenable.

The major improvement needed is prompt support. When issues arise, the customer's satisfaction is tied to how quickly they receive a response and a resolution. There have been delays, particularly when technical issues needed escalation, and we had to coordinate with business personnel to address them. Improving this area would be beneficial for Rapid7 InsightVM.

I have been dealing with Rapid7 InsightVM for about three to four years.

There have been some challenges, especially with support response times, which affect stability. However, the product itself runs fine.

Integration with other tools has been fine, with no major issues reported. We did not face any specific equipment or device that could not be integrated.

Customer service needs significant improvement. There are delays in support response times, and support is not available promptly, especially when issues are escalated to another region.

Negative

The initial setup was straightforward. We train our technical team before undertaking deployment, ensuring smoother setups.

The return on investment is something the customers evaluate themselves. Since it is a subscription-based service, they do not own hardware, and it fits within their budgetary requirements.

Pricing is reasonable and competitive compared to other solutions in the market. Customers are generally satisfied and do not ask for drastic price reductions during renewals.

Tenable and Invicti  are also doing good work here. The market is active with various players.

I would rate Rapid7 InsightVM a six out of ten. Improvements in support responsiveness are crucial. Customers like Habib Bank faced delays, leading them to switch to other vendors. Addressing these support issues could enhance the product's effectiveness.

We are working in a region where all the regulations require security solutions to be implemented as on-premises solutions. We cannot use any cloud providers or vendors proposing services in a SaaS model. We use InsightVM  as an on-premises solution for vulnerability management practices.

InsightVM  provides a reliable and efficient solution with a very organized GUI, excellent ease of use, and reliable vulnerability scanning. The credential scan is a reliable feature, and everything about the product works well.

InsightVM has a very organized GUI with ease of use. The vulnerability scans are reliable, and the credential scan is a beneficial feature. The solution is efficient and trustworthy. It's based on the CVSS risk scoring system, which is well-recognized and effective. The integration capabilities through APIs allow easy integration with existing security infrastructure.

The product's documentation could be enhanced with clearer and more detailed instructions. Having the ability to build our own audit file, similar to a feature in Tenable, would be beneficial. This would provide a significant advantage for users.

We have been using InsightVM for approximately four to five years.

InsightVM is a very stable product. We have not faced any issues with stability, and I would rate it a nine out of ten.

The solution is very scalable. According to the environment requirements, we can scale the solution as needed.

The customer service deserves an eight out of ten rating. The only issue is the response time, likely due to the time region differences. Sometimes support requests coincide with holidays in their support region, causing slight delays.

Positive

The initial setup was very simple and straightforward.

Our customers usually come to our company to purchase the solution, and we communicate with the vendor as one of the largest local partners. We provide the solution and professional services to customers.

I also work with Tenable. In my opinion, Tenable is preferable because it offers fast updates in terms of its vulnerability database and allows for extensive customization. The ability to customize audit files is a significant benefit.

I rate InsightVM an overall eight out of ten. It is a reliable product, and I can recommend it to other users. The integration with existing infrastructure is achievable, and with a little talent in coding, you can achieve the integration easily.

I find Rapid7 InsightVM  pretty useful since we are running it on every asset our company has. We are conducting authenticated scans. This is not just getting exposure from outside, but understanding vulnerabilities internally.

The connectivity provided by Rapid7 InsightVM  is valuable. We have integrated our SIEM  solutions and antivirus with each other through Rapid7. It allows for a lifecycle connection among different solutions. We are using it with CMDB  for tagging critical devices. However, the primary purpose remains running vulnerability scans.

The platform could be more intuitive and user-friendly. I cannot comment on technical specifics as it's like a black box, but improvements in user experience would be beneficial.

I joined my current company two and a half years ago, and they already had this solution.

The stability of Rapid7 InsightVM is excellent. I would rate it as a ten out of ten.

Rapid7 InsightVM is suitable for large enterprises and scales well for companies with over 1,000 users.

I haven't interacted with Rapid7's technical support.It is crucial for tech support to resolve issues as quickly as possible, ideally available 24/7. Even if the support is good, there's always room for improvement, so I would rate them around a five because every company can improve.

Neutral

I have recommended Tenable Nessus , which I used at Bitdefender and in previous roles. Tenable Nessus  offered a pay-per-asset option that I found economical.

The initial setup can be simple or complex, depending on whether you're conducting authenticated or unauthenticated scans.

Rapid7 InsightVM is expensive, possibly one of the highest in pricing among similar products.

I have experience with Tenable Nessus and have recommended it for its cost-effectiveness.

Overall, I would recommend Rapid7 InsightVM to other users.