We are still using Rapid7 InsightVM.

I personally still use Rapid7 InsightVM.

We use Rapid7 InsightVM for vulnerability scanning. It supports both agent-based and agentless scanning, which is part of our vulnerability management strategy.

The agentless scan in Rapid7 InsightVM is effective and represents the functionality I primarily work with. The risk scoring system in Rapid7 InsightVM is another valuable feature. When comparing to the main competitor QualysGuard, Rapid7 InsightVM is more preferable for me.

Customer support in Rapid7 InsightVM could be improved. The response time needs improvement.

I have performed scans and explored the components of the product over the last three to four years.

I would rate the stability of Rapid7 InsightVM as seven out of ten.

Rapid7 InsightVM rates approximately 8.5 for scalability. Rapid7 InsightVM is recommended for large-scale companies with more than 30,000 users.

The response time for customer service needs improvement.

Positive

My first tool was QualysGuard, which had more than 100,000 users. QualysGuard is more technical and problematic when implementing things, making it not as easy to use as Rapid7 InsightVM.

Setup for Rapid7 InsightVM was simple. It was not complex because I had previous experience with Rapid7 when it was Nexpose.

I would rate the pricing for Rapid7 InsightVM as eight out of ten.

QualysGuard is more challenging if you are not proficient in technical or environmental aspects, making deployment difficult. With Rapid7 InsightVM, the deployment process is more user-friendly.

I would recommend Rapid7 InsightVM for large-scale companies. I can recommend it to other users. Overall, I rate Rapid7 InsightVM eight out of ten.

We are working in a region where all the regulations require security solutions to be implemented as on-premises solutions. We cannot use any cloud providers or vendors proposing services in a SaaS model. We use InsightVM as an on-premises solution for vulnerability management practices.

InsightVM provides a reliable and efficient solution with a very organized GUI, excellent ease of use, and reliable vulnerability scanning. The credential scan is a reliable feature, and everything about the product works well.

InsightVM has a very organized GUI with ease of use. The vulnerability scans are reliable, and the credential scan is a beneficial feature. The solution is efficient and trustworthy. It's based on the CVSS risk scoring system, which is well-recognized and effective. The integration capabilities through APIs allow easy integration with existing security infrastructure.

The product's documentation could be enhanced with clearer and more detailed instructions. Having the ability to build our own audit file, similar to a feature in Tenable, would be beneficial. This would provide a significant advantage for users.

We have been using InsightVM for approximately four to five years.

InsightVM is a very stable product. We have not faced any issues with stability, and I would rate it a nine out of ten.

The solution is very scalable. According to the environment requirements, we can scale the solution as needed.

The customer service deserves an eight out of ten rating. The only issue is the response time, likely due to the time region differences. Sometimes support requests coincide with holidays in their support region, causing slight delays.

Positive

The initial setup was very simple and straightforward.

Our customers usually come to our company to purchase the solution, and we communicate with the vendor as one of the largest local partners. We provide the solution and professional services to customers.

I also work with Tenable. In my opinion, Tenable is preferable because it offers fast updates in terms of its vulnerability database and allows for extensive customization. The ability to customize audit files is a significant benefit.

I rate InsightVM an overall eight out of ten. It is a reliable product, and I can recommend it to other users. The integration with existing infrastructure is achievable, and with a little talent in coding, you can achieve the integration easily.

We mainly use it for vulnerability management, generating monthly reports to address and resolve vulnerabilities. The main use cases involve receiving alerts based on predefined settings by Rapid7, investigating these alerts to understand their causes, and performing fine-tuning activities.

The most valuable features of Rapid7 InsightVM for me are creating dynamic asset tags, generating reports, and deploying the agent. The agent scans assets every four hours, providing real-time data on any devices. Although there weren't any significant new features compared to our previous tool, having both SIEM and vulnerability management handled by one tool made things easier. We could gather logs from different devices and cloud sources, and perform detailed investigations without switching tools.

I haven't worked with the automation capabilities of InsightVM. For remediation prioritization, we check the vulnerability, search for solutions on open platforms, and work with different teams to apply patches after proper testing. Currently, we don’t have any AI or ASM projects assisted by InsightVM

I’d like to see Rapid7 InsightVM improve by adding a knowledge base similar to what Qualys offers. This would help us easily check and search for vulnerabilities using Rapid7 IDs associated with CVs or CVSS.

From a features perspective, everything was fine at the time, and the security features of Rapid7 InsightVM were effective.

I've been working with Rapid7 InsightVM since December.

Overall, I would recommend Rapid7 InsightVM to others. My advice would be to first understand your requirements and infrastructure before implementing the product. I would rate InsightVM as an eight.

We'll use Rapid7 InsightVM for on-premises scanning and the virtual machine option for cloud-based environments.

It is a good tool for comprehensive risk management, including prioritization and remediation.

It is a great endpoint agent. It gives you reliable information about that infrastructure and offers strong accuracy for risk management. However, unlike other management tools that have improved precision testing, InsightVM requires an additional purchase for full access to some of its advanced features.

Other solutions, like Cisco, have strengths, but Rapid7 InsightVM has some solid features, such as the RapidServer Active Response, the ability to create endpoint agents, and a live dashboard. However, the main concern is the system's reliability. For instance, during a scan on an Ubuntu machine, the system mistakenly identified the OS as Windows. This kind of inaccuracy is problematic.

I have been using Rapid7 InsightVM for a year. 

The response takes some time.

Neutral

Rapid7 is a bit expensive.

Tenable has 20% lower pricing and includes built-in web application testing, which gives it an advantage over Rapid7 InsightVM.

I recommend Tennable for small and Rapid for big enterprises.

Overall, I rate the solution an eight out of ten.

With InsightVM, I continuously monitor my network by setting up regular scans to identify vulnerabilities in real-time. It IS particularly useful for focusing on customer-facing systems at our perimeter, helping me prioritize and quickly address any security risks.

InsightVM offers a robust platform for identifying, prioritizing, and addressing vulnerabilities across an organization's IT infrastructure.

One area I would like to improve in InsightVM is its integration with other solutions, particularly for better compatibility with upcoming tools we plan to adopt. Enhanced functionality for budget management or change management databases could also be beneficial.

I have been working with InsightVM for over two years.

I would rate the stability of the solution as a nine out of ten.

InsightVM's scalability is top-notch and I would rate it a solid nine out of ten. Being a cloud-based solution, it effortlessly adjusts to accommodate varying needs and can easily scale from small to large environments.

Rapid7's technical support is highly responsive and helpful. I would rate them as a nine out of ten.

Positive

I chose Rapid7 over Tenable Nessus because of its better performance, comprehensive functionality, and stronger support for operating systems and services. While Tenable Nessus may be cheaper, it lacks integration with other features and is more suited for SMBs rather than enterprises.

Implementing InsightVM was straightforward. Setting it up to scan external networks at the perimeter was effortless; I just needed to create a cloud account and start using the solution. For internal network scanning, I installed the software on my notebook, which took about five to ten minutes for a single version setup, but it is important to note that it doesn't support Windows platforms.

InsightVM's pricing can vary depending on the coverage needed. While it may not be the cheapest option, purchasing an unlimited license could be cost-effective for larger environments. For smaller needs, it might be more expensive compared to competitors. I would rate the affordability of the product at a four out of ten.

I prioritize vulnerabilities in InsightVM by first focusing on customer-facing systems at our perimeter, which helps me quickly identify and address any security risks. Then, I utilize the cloud-based engine to scan internal networks and ensure comprehensive coverage without the need for complex on-premise solutions, making it easy to manage from my notebook connected to the internet.

Additionally, in InsightVM, we prioritize vulnerabilities by utilizing comprehensive data sources like the NVD and Rapid7's specialized risk calculation methods. The solution provides detailed information, including exploitability and impact, and evaluates whether vulnerabilities could be exploited in specific environments like NetApp.

I would recommend InsightVM to others. Overall, I would rate the product as an eight out of ten.

We handle a lot of video equipment and Rapid7 InsightVM helps us to scan subnets, around 150,000 of them.

Rapid7 InsightVM is more focused on proactive liability management. However, when there's an incident, our team can handle it, but it's not a top priority for me. I think having another solution, like a response automation tool, would be more helpful. Vulnerability management can't prevent incidents once they're in progress, but it's essential to prevent them before they happen.

The remediation project is pretty effective because it allows us to choose specific assets and set limitations on them for a certain period which allows us to track and follow up on those limitations.

However, when it comes to real-time monitoring and live dashboards, InsightVM doesn't quite fit the bill. It's not a real-time solution and is not instant.

Rapid7 InsightVM, has impressive capabilities, especially when it comes to managing video equipment. However, we've noticed that Rapid7 also offers a cloud solution called CloudSec, and we don't have that. We think it would be better if InsightVM had all the features for both on-premise and cloud management.

I have been using Rapid7 InsightVM for the past 6 years.

I would rate it nine out of ten, especially when it is deployed on Linux Box.

It is very scalable and I would rate it ten out of ten. 

As for deployment time, it varies based on the size of the organization and network sensitivity. For example, in a bank, scans might only happen at specific times, like during the night. Generally, deployment can be quick, but there are many factors to consider. You install the console and the scan engine, and then configure them based on network complexity. Scans themselves take less than 20-30 minutes, but the non-technical aspects, like setting up profiles and firewall rules, can take more time.I would rate it 8 out of 10. 

I would rate it 8 out of 10. 

It's a vulnerability scanning tool utilized within the vulnerability management process. We employ it to conduct internal vulnerability assessments of company or organizational host IPs.

It aids in enhancing the overall security posture within our organization. It uncovered numerous vulnerabilities that had been overlooked, which was quite beneficial.

The most valuable features are its reporting capabilities and the host discovery functionality.

The primary issue I encountered initially with this tool was related to configuration. There is a significant learning curve, that non-technical individuals, especially those not specialized in computer science or the information security industry, might face.

I have been working with it for six months.

I am satisfied with the stability provided.

The initial setup went smoothly, but after completing it, I encountered difficulties when attempting to use features like the dashboard and the scan now option. Specifically, I faced challenges with scanning the host, which proved to be quite frustrating.

The initial setup wasn't overly difficult, so it took me around one to two days due to troubleshooting issues. Overall deployment took about two to three days in total.

I highly recommend Rapid7 as my experience with it is very positive. Overall, I would rate it eight out of ten.