We changed our name from IT Central Station: Here's why

Rapid7 InsightVM OverviewUNIXBusinessApplication

Rapid7 InsightVM is #2 ranked solution in top Vulnerability Management tools. PeerSpot users give Rapid7 InsightVM an average rating of 8 out of 10. Rapid7 InsightVM is most commonly compared to Tenable Nessus: Rapid7 InsightVM vs Tenable Nessus. The top industry researching this solution are professionals from a computer software company, accounting for 25% of all views.
What is Rapid7 InsightVM?

Rapid7 InsightVM is the vulnerability assessment tool built for the modern web. InsightVM combines complete ecosystem visibility, an unparalleled understanding of the attacker mindset, and the agility of SecOps so you can act before impact.

Rapid7 InsightVM was previously known as InsightVM, NeXpose.

Rapid7 InsightVM Buyer's Guide

Download the Rapid7 InsightVM Buyer's Guide including reviews and more. Updated: January 2022

Rapid7 InsightVM Customers

ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM

Rapid7 InsightVM Video

Archived Rapid7 InsightVM Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Zain Rehman
Senior Security Analyst at a financial services firm with 1,001-5,000 employees
Real User
We have fewer false positives when using it
Pros and Cons
  • "We feel the interface is very good. It is very easy to use, even a nontechnical person can use it."
  • "The reporting has room for improvement. You cannot customize any report. If I need a specific requirement, I have to create a new report for it."

What is our primary use case?

We are using the solution for configuration review and vulnerability management.

I am using the latest version.

How has it helped my organization?

We have fewer false positives.

What is most valuable?

We feel the interface is very good. It is very easy to use, even a nontechnical person can use it.

What needs improvement?

The reporting has room for improvement. You cannot customize any report. If I need a specific requirement, I have to create a new report for it. I cannot pull up two or three things in one report.

For how long have I used the solution?

Three years.

What do I think about the stability of the solution?

It is stable. For the last three years, we haven't faced any bugs.

What do I think about the scalability of the solution?

It's very easily scalable. You just have to renew your license, and the scalability is already done.

Currently, we have three people who are use the solution. We manage this solution for the whole organization.

How are customer service and technical support?

The technical support is very helpful, but too slow. Overall, it usually takes 24 hours for them to reply, but the support that they provide is good.

How was the initial setup?

It's very straightforward. The deployment took less than an hour.

What about the implementation team?

We implemented it on our own.

What's my experience with pricing, setup cost, and licensing?

The license is IP based. How many IPs you are using to scan is the amount of the license you have to buy. The number of users doesn't matter; many users can use it or only person. It depends on the culture of the organization.

We have 600 to 700 licenses.

Which other solutions did I evaluate?

We tested two to three solutions where we had a couple of false positives. 

Rapid7 InsightVM has very low false positives, so you don't have to go in manually and verify them. This solution is efficient.

What other advice do I have?

I would recommend the product. The product is very good.

I would rate the product between a nine and a nine point five (out of 10).

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user1152534
Information Security Senior Expert (Founding member, African Cybersecurity Center) at a financial services firm with 10,001+ employees
Real User
Stable and Scalable solution with good technical support and reporting capabilities
Pros and Cons
  • "The most valuable feature for us is the different types of reporting it provides."
  • "This solution integrates with another module in Metasploit, that doesn't exist in the other solutions. It is subscribed to on our roadmap, but we chose to implement both Nexppose and AppSpider."

What is our primary use case?

The primary use case of this solution is for critical business applications for the web. We have also implemented it to identify when we are changing and an older system like the application client-server, the server two, the network equipment like switch routers, and security solutions.

What is most valuable?

The most valuable feature for us is the different types of reporting it provides. For example, the compliance reporting, compliance with the international standard in which we are certified and compliant. This is important for us to escalate the dashboard to our top management.

What needs improvement?

We need to scan and identify the different RPGs, the critical ones and the major ones that can generate risk or a measure of risk. We generate the reporting from the system and relay the report to our internal developers. We have our internal developers in the bank.

This solution integrates with another module in Metasploit, that doesn't exist in the other solutions. It is subscribed to on our roadmap, but we chose to implement both Nexppose and AppSpider.

For how long have I used the solution?

I have been using this solution for six months.

What do I think about the stability of the solution?

This solution is stable. It's a good solution.

What do I think about the scalability of the solution?

This solution is scalable.

It takes two people to manage this solution and to be the backup for the succession plan. Our manager has access and performs audits.

How are customer service and technical support?

Technical support is good and responsive.

Which solution did I use previously and why did I switch?

In this current company, they were using Qualys and I convinced the management to change to Rapid 7.

After every event, we are required to automize with information control tools like Sandbox, IPS, and vulnerability management. All of those security tools need to be implemented and automized.

That is not the case with Rapid 7. It can be automized and we are dependant on ourselves. We can perform in having this solution customized with the confines of our text.

How was the initial setup?

The initial setup was not complex and it was easy to implement.

It took a week to prepare and install the virtual machine, and to implement the solution it took one month.

Our Regulatory requires that all banks must implement all security solutions on-premises, not on the cloud because they are worried that the data will be compromised and available on different data centers around the world.

What about the implementation team?

We had the help of an integrator to implement this solution. There were three engineers to help. One was for Nexpose and two for Appsider.

What's my experience with pricing, setup cost, and licensing?

This solution is expensive, but it's fine for us as we have an open budget for security solutions. Protection and having the system secured is more important.

What other advice do I have?

Rapid 7 is a leading solution that has been implemented in many companies.

In Nexpose you have the console and the app assistant for Rapid 7. The design can be implemented in all of the segments of the network to scan, perform the scale of the scan, perform the reporting, generate the reports, and send it to the central console.

I would suggest that customers acquire this solution.

In addition to management, we are subscribed to the security dispense team and the company emergency dispense team. We always receive the bulletins, so we are always aware of the vulnerabilities.

I appreciate this solution. All of the features that are included are enough for me.

This is an excellent solution and I would rate it a ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Rapid7 InsightVM. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,599 professionals have used our research since 2012.
Enterprise Manager Infrastructure and Operations at McGrath RentCorp
Real User
Enables us to gain insight into internal systems vulnerabilities and remediation tasks
Pros and Cons
  • "Rapid7 InsightVM has given us a practical view of the vulnerabilities present in our organization."
  • "A definite improvement would be to make it easier to run ad-hoc scans without needing to assign the asset to a site or group."

What is our primary use case?

Our primary use case for this solution is to gain insight into internal systems vulnerabilities and remediation tasks.

How has it helped my organization?

Rapid7 InsightVM has given us a practical view of the vulnerabilities present in our organization. Not only does it verify the vulnerability, but scores it against the skill level of an attacker.

What is most valuable?

The feature that we find most valuable is the granularity. You can view your assets however makes the most sense to your business. We found that we could isolate systems easily via tagging and site setup.

What needs improvement?

A definite improvement would be to make it easier to run ad-hoc scans without needing to assign the asset to a site or group.

For how long have I used the solution?

Less than one year.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user606432
User at a insurance company with 501-1,000 employees
Real User
It is stable and scalable. The templates need improvement.
Pros and Cons
  • "It is stable and scalable."
  • "There are not enough templates, and the reporting is weak with this solution."

What needs improvement?

There are not enough templates, and the reporting is weak with this solution. It would be great if there were more templates for the analytical reports, such as patch management reports. At present, these do not exist. 

In addition, there are false positives.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It is quite stable. 

What do I think about the scalability of the solution?

The scalability is good. 

How are customer service and technical support?

The tech support is quite good. 

Which solution did I use previously and why did I switch?

I have previously used Qualys, and I find the Rapid7 is a bit limited in terms of reporting.

How was the initial setup?

The initial setup was easy and straightforward.

What's my experience with pricing, setup cost, and licensing?

The price is cheaper than other products on the market.

Which other solutions did I evaluate?

We looked at Rapid7 vs Tenable Nessus.

What other advice do I have?

Users need to customize the policy compliance in order to optimize usage.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Nanda-Kumar
Security Team Lead at a tech services company with 10,001+ employees
Consultant
It is user-friendly, but sometimes it provides false-positives in the reporting.
Pros and Cons
  • "This solution is much more user-friendly than past solutions I have used."
  • "This solution creates false-positives which can cause issues with reporting."

What is our primary use case?

It is basically used for scanning.

How has it helped my organization?

When it comes to the automation, we use the plug-ins that are compatible with the dimensions. Once the builder is done, we run the test cases. Then it is installed onto the server and we run the test cases on the server after the installation.

What needs improvement?

It gives false positives at times, and this a problem. It causes problems with reporting. 

In addition, I did not find plug-ins for a Rapid7 InsightVM. It would be much more informational to run it through directly, so once the app is installed, once the software is installed on that particular server, it would find what exactly that application is open for. This would make things easier for us.

For how long have I used the solution?

Less than one year.

What do I think about the scalability of the solution?

It is scalable. It definitely handles everything we need, without a problem.

How are customer service and technical support?

I have not interacted with tech support.

Which solution did I use previously and why did I switch?

I previously used Tenable Nessus and Nessus Scan. Insight VM vs Tenable Nessus is a more user-friendly product.

How was the initial setup?

The setup was straightforward, and not complex.

What's my experience with pricing, setup cost, and licensing?

I was not involved with the purchase of the product. This is dealt with by our sales team.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Manager at a non-tech company with 5,001-10,000 employees
Real User
With an effective dashboard, it gives us visibility into people using VPNs
Pros and Cons
  • "NeXpose is a pretty good vulnerability scanner... There's a nice dashboard."

    What is our primary use case?

    Our primary use case is looking for people who are using Tor, or VPNs generally, and the only way we can see that is if they log in and then they log in in a foreign country right away, which means they're jumping on to the "escalator".

    How has it helped my organization?

    We really didn't have any visibility at all and now we do. It's like night and day.

    What is most valuable?

    NeXpose is a pretty good vulnerability scanner, good enough. There's a nice dashboard and it's a pretty cool SIEM.

    What needs improvement?

    We could always have a cheaper price, but other than that it's pretty good stuff.

    Also, if they’d expand their product line, that would be good, and they are doing so, but they're not done yet.

    What do I think about the stability of the solution?

    Stability is rock solid.

    What do I think about the scalability of the solution?

    We're at a pretty big scale already. I don't expect us to get any bigger and it's handling our scale now. If anything, we’ll probably shrink.

    We're a school district and, in this area, there are three big districts, and they have open enrollment. We're not on the marketing end of our school district. If the marketing doesn't do well, we’ll shrink.

    How are customer service and technical support?

    Tech support is satisfactory.

    Which solution did I use previously and why did I switch?

    Last year got a new person in the position of information security officer, and he brought the news with him.

    We went with NeXpose because we wanted to get as many products as we could from the same vendor. A full suite would have been fantastic, but that doesn't exist yet. Rapid7 had the vulnerability scanner, the penetration testing, and the SIEM, and the web app evaluator. They're adding other things. They acquired another company recently that will benefit us if we get that product. It's the all-in-one works we like.

    My most important criterion when selecting a vendor is that they have to have a purchasing vehicle that is approved for school districts. It's harder than it sounds. We can't just say, "We want that, send us a bill."

    How was the initial setup?

    It's easy to install.

    Which other solutions did I evaluate?

    We started with SentinelOne, we looked at CrowdStrike, we looked at Red Canary. The funny thing was, Red Canary was just remarketing CrowdStrike, or something like that. It got to a point where I realized these weren’t additional vendors. They were just additional packagers of the same solution.

    What other advice do I have?

    Take a test drive. If you don't test drive it, how do you know you're going to like it or if it even works. Would you buy a car without test driving it? Absolutely not. In this case, it’s a sales contract. It's a service for one to three years. Backing out of it is pretty much impossible.

    I rate it at eight out of 10. It just works. We haven't had any trouble with it. We've had good support. What's not to like? But it's an eight because the software that can be purchased is not the ultimate software. It's hard to give anybody a 10.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    ITCS user
    ITSM & AntiFraud Consultant with 51-200 employees
    Consultant
    It scans my production servers, checks their patching levels, and reports on their security. But, the community edition only supports paid domain registrations (so no free emails, such as gmail.com).

    What is most valuable?

    Rapid 7 offers the community edition, a free of charge edition( 32 IP's) that helps small companies to secure their IT environment. Also with this edition it helps the students to learn about Vulnerability Management.

    The report from Nexpose is very big, and gives you a description of the problems you have on your servers, and the solution for remediation.

    Other valuable feature is the ability to check the vulnerability with Metasploit with only one click.

    How has it helped my organization?

    I use Nexpose to scan my production servers, check the patching level on those servers, and use the reports to show the evolution of security on my servers.

    What needs improvement?

    For the community edition one of the big issues is with the registration. Rapid 7 only supports paid domains for registration, so no .gmail.com , .yahoo.com domains (once it was possible) . Also the resources needed by the scans can be an issue.

    For how long have I used the solution?

    I used Nexpose for more than 6 years.

    What was my experience with deployment of the solution?

    Some of issues apear on Linux instalation, but most of the issues are regarding the DB connection. On windows installation, usually the installation is smooth.In my latest test I have used the VM and everything was smooth.

    What do I think about the stability of the solution?

    The application is very stable, but sometimes I have issues with the comunication to the update server.

    What do I think about the scalability of the solution?

    I have tried all Nexpose editions, and I didn't had any issues with any of them. Starting this year Rapid 7 offers hardware appliances.

    How are customer service and technical support?

    Customer Service:

    i'll rate is 10/10. I had some presentation with them, and the person who presented us the solution really knew what to say to make us look on his screen.

    Technical Support:

    I never used technical support from Rapid 7.

    Which solution did I use previously and why did I switch?

    I have tried Nessus when it was a free edition. After that I have used OpenVAS and Qualys.

    Qualys is another good solution.

    How was the initial setup?

    The initial setup was straightforward, with small user input.

    What about the implementation team?

    All the Nexpose and Metasploit implemenations were made by me for various clients and for my firm for testing purposes.

    What's my experience with pricing, setup cost, and licensing?

    When you buy a vulnerability management tool, always count your IP's. If you miss one IP, and that server is compromised, you have left the door open for attackers into your enviorment.

    Which other solutions did I evaluate?

    OpenVAS, Nessus , Qualys, SAINT8,Beyond Trust

    What other advice do I have?

    Nexpose is one of the best solution on the market with very good development. One of it's key features was the On-Premise installation and Community Edition. Also it integrates flawless with Metasploit.

    Disclosure: My company has a business relationship with this vendor other than being a customer: We are an consulting firm, and I have installed this product to some of our clients.
    Product Categories
    Vulnerability Management
    Buyer's Guide
    Download our free Rapid7 InsightVM Report and get advice and tips from experienced pros sharing their opinions.