Rapid7 InsightVM Reviews and Ratings

Rating: 8.5 out of 10

Score

8.5 out of 10

Community insights

TrustRadius Insights for Rapid7 InsightVM are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Business Problems Solved

Rapid7 NeXpose is widely used across organizations for various use cases related to vulnerability management and security assessment. With its powerful scanning capabilities, it allows users to discover vulnerabilities in their infrastructure, including cloud-based servers. Many users implement NeXpose as a pentesting tool to scan sensitive servers and identify weaknesses that could potentially be exploited by hackers. This helps organizations proactively address vulnerabilities before they can be exploited, enhancing overall security posture. Users have found NeXpose to be valuable for vulnerability scanning of both current assets and new build servers, providing asset owners with weekly reports to track trends and prioritize remediation efforts. Security consultants also rely on NeXpose for performing vulnerability assessments for their clients, leveraging its robust features such as risk classification, impact analysis, and reporting.

In addition to vulnerability management, Rapid7 NeXpose is often utilized for meeting regulatory requirements, such as PCI compliance. Organizations leverage the tagging features of NeXpose to easily sort scans and reports for different asset owners or teams, streamlining the vulnerability management process. Furthermore, the software serves as the primary vulnerability scanner across the organization, acting as the source of truth for identifying current vulnerabilities in the environment. It supports the discovery and assessment of devices on networks, encompassing physical servers, virtual servers, and cloud-based servers. Another notable use case is its integration with Rapid7 InsightVM, allowing centralized compliance and vulnerability management by scanning services or devices in the network and generating comprehensive reports on vulnerabilities and remediation actions.

Overall, Rapid7 NeXpose provides organizations with a reliable solution to discover vulnerabilities, mitigate risks, and maintain a strong security posture through regular scanning and assessment of their infrastructure.

Reviews

13 Reviews

Great performance amd great Vulnerability/risk Management tool!

Rating: 8 out of 10

Incentivized

December 19, 2024

Use Cases and Deployment Scope

We track remediation projects/phases, view and audit vulnerability remediation, as well as department shared goals. I am over the patching aspect for our organization and I enjoy being able to have a dashboard with supporting data and information. We use this tool to collaborate with our Cybersecurity division to share data, view assets and user the reporting feature for our meetings.

Pros

Being able to track our goals for patching phases within our organization
easy to understand data points and charts to show asset status
Quick snapshots of vulnerability scores

Cons

Maybe a more simplified interface for new users
Tips/suggested next steps modules for integrating new employees
more granular access options for users

Likelihood to Recommend

Rapid7 InsightVM is useful in that it allows for an ease of use with the ability to customize and tune filters to meet our needs of scanning and grouping items. Support has been good when we have needed it for additional insight or guidance on specific issues or questions we have had. It has allowed us to improve risk management for our company.

Verified User

Engineer in Information Technology (201-500 employees)

Vetted Review

1 year of experience

A Leader in Vulnerability Management

Rating: 10 out of 10

Incentivized

December 13, 2024

Use Cases and Deployment Scope

Rapid7 InsightVM is our vulnerability scanner. This is one of the pillars of information security, and I firmly believe that in order to do cyber security right, then you need to have a tool that performs this function. The problems addressed by this tool are self-evident in that it finds vulnerabilities in your environment. Now I personally think R7 goes above and beyond with their product offering in that they provide a host of other information to help you remediate the vulnerabilities and they display the information in a very digestible way. This tool is scanning all of our devices, and even helping us find what devices we are not accounting for.

Pros

InsightVM provides rich vulnerability data that is actionable.
This tool also has a robust reporting feature that provides a myriad of ways to look at the data and present that to others.
The remediation instructions are excellent and the "proof" data is very useful to show other departments how the tool found the vulnerability.

Cons

I really like the SQL reporting feature and I think they could invest more time into making that great.
This is more of a feature request, but it would be nice to have the ability to create my own cards for their cloud reporting dashboards.
InsightVM does a great job of reporting on vulnerability data on a device, but I think it would be also helpful to see a deeper dive into non-vulnerability related info that is related (such as last reboot or last user logged in).

Likelihood to Recommend

InsightVM is great for finding all devices on your network and where the misconfigurations exist. We all have to patch our systems and applications, but it can be difficult to keep track of which systems are up to date. This tool is very helpful in filling in this gap and helping you organize that information. It is easy to get a big picture view of how your organization is doing from a vulnerability perspective, and it is equally as easy to drill down and get specific details that you need. Prioritization is crucial when it comes to this space, because you can never address every vulnerability, so you need to make sure the highest priority items are being remediated. R7's tool excels in this area and highlights items you weren't even aware of.

Mark Knutson

Manager of Information Security in Information Technology at Sheltering Arms Institute (501-1000 employees)

Vetted Review

5 years of experience

Rapid7 InSightVM Quick Review

Rating: 9 out of 10

Incentivized

December 13, 2024

Use Cases and Deployment Scope

I use Rapid7 InsightVM to help identify and remediate our vulnerabilities. The business problems are discovering and remediating vulnerabilities. The scope is to identify and addressing all vulnerabilities in our organization. We also use Rapid7 InsightVM to track CIS baseline policy compliance for various operating systems. The includes MacOS, Windows and Linux. We are able to scan all assets and prioritized vulnerabilities for remediation.

Pros

Rapid7 InsightVM is good at agentless scanning.
Rapid7 InsightVM integration with ServiceNow works very well.
Rapid7 InsightVM scales very well with deploying scan engines. It can be used in large organizations.
The user interface of Rapid7 InsightVM is very intuitive and user friendly. It is easy to use.

Cons

I think Rapid7 InsightVM could do a better job with their report capabilities. There should be more canned reports include that are most used.
There should be a way to bulk address specific assets with a particular vulnerability.

Likelihood to Recommend

I think Rapid7 InsightVM is well suited for large enterprise customers with a lot of assets. It integrates well with a number of different ITSM solutions which I think is very good. There are not many CIS benchmarking tools on the market and Rapid7 InsightVM does a very good job at benchmarking.

I think where Rapid7 InsightVM falls down a little is on false positive vulnerabilities. Sometime you there a few positive results on vulnerabily discovery. Tuning the settings for scan engines can sometimes be trick as well.

Verified User

Contributor in Information Technology (5001-10,000 employees)

Vetted Review

5 years of experience

Rapid7 InsightVM Review !

Rating: 9 out of 10

Incentivized

January 13, 2023

Use Cases and Deployment Scope

Rapid7 InsightVM is very much useful in using as a Centralized tool or console for Compliance and vulnerability management. It scans the services or devices in your network and generates reports based on its own database. This report include all the running vulnerabilities and also it gives details on remediation of it. So it becomes very much useful for handling vulnerability management and compliance requirement.

Pros

Automatic Scanning of devices
Good reporting
Easy to manage

Cons

Costing
False positive findings

Likelihood to Recommend

Rapid7 InsightVM is well suited for large enterprises where it automatically detects new devices and start scanning it. So it completely eliminates the dependency of manually adding newly added services / devices for the scanning. Even same goes for the devices which are decommissioned. No need of manually removing it. So this way, it works very well with large enterprises as a Centralized tool for vulnerability and compliance management.

Verified User

Professional in Information Technology (5001-10,000 employees)

Vetted Review

2 years of experience

It has Insight for all your Enterprise

Rating: 9 out of 10

January 12, 2023

Use Cases and Deployment Scope

As a financial institution, we have to be up and running securely 24x7x365. So be online is easier with Cloud services but security is concern when you operate in Cloud environment and that is where Rapid7 InsightVM helps us. Rapid7 InsightVM help us to scan our overall infrastructure including cloud infra. here we have complete glance our vulnerability and remediation.

Pros

Scanning Vulnerabilities
Checking Missing Configs
Asset Management

Cons

Policy Assessment has improvement needed
Shadow IT Host

Likelihood to Recommend

Well, I would say It worked well in all aspects then Policy Assessments and Ghost Asset management. This need to improved because we are scanning many ghost host that are no longer anymore in system.

Varun Khare

Senior Analyst in Information Technology at Western Union (10,001+ employees)

Vetted Review

3 years of experience

View profile

A leader tool for pentesting

Rating: 8 out of 10

Incentivized

January 9, 2023

Use Cases and Deployment Scope

I used to use Rapid7 InsightVM as a pentesting tool. I implemented the solution on servers to test the client environment by scanning sensitive servers. The main goal is to find weaknesses and vulnerabilities in the systems that could be exploited by hackers. And then generate a report that could be used as a reference for patching the system.

Pros

vulnerability managment
applicative security
orchestration

Cons

produt implementation
report clearness
time to execute scans can be improved

Likelihood to Recommend

Rapid7 InsightVM is perfect for a scenario where IT admin or CISO wants to scan its infrastructure to be sure that there is no vulnerability that could be exploited from outside or inside the company. It also could be used to automate patching and dealing with vulnerabilities. It's also adapted for users that need cloud security management

Verified User

Engineer in Engineering (1001-5000 employees)

Vetted Review

5 years of experience

Great source of truth for vulnerabilities

Rating: 7 out of 10

Incentivized

August 24, 2021

Use Cases and Deployment Scope

We are currently using the software as our primary vulnerability scanner and source of truth for current vulnerabilities in the environment. For new systems, it is required for the system to be registered in Rapid7 InsightVM (Nexpose) and have a scan conducted before it is allowed into production. It is a critical pillar in our environment.

Pros

report on a system vulnerability
consistent scanning
easy to understand results

Cons

System management
UI
Noise tuning from the scans on systems

Likelihood to Recommend

For highly detailed reports of vulnerabilities in an environment, Rapid7 InsightVM (Nexpose) is top-notch. The data is easily manipulated to get the results you are looking for. Setting up groups for active scans on a schedule has been a great help as well as the ad-hoc reports for any new vulns being reported.

Verified User

Analyst in Information Technology (10,001+ employees)

Vetted Review

3 years of experience

Rapid7 Nexpose, not all it's cracked up to be

Rating: 7 out of 10

Incentivized

February 13, 2020

Use Cases and Deployment Scope

We currently use Rapid7 Nexpose for all Vulnerability scanning for current and new assets. Several asset groups have been created with assets owners receiving weekly reports for just the assets they own for a weekly snapshot to gauge their trending. We also utilize ad-hoc scans to ensure new devices do not have outstanding patches before being deployed.

Pros

Creating Device Groups is very easy.
The API tie ins work well.

Cons

Frequent updates and console lockups.
A lot of issues with scans running long out of nowhere, causing resource issues for the next scans.

Likelihood to Recommend

<ul><li>Works well most of the time for even large enterprise organizations, but takes a lot of care and feeding to ensure it's running properly.</li><li>We have had several issues with 'ghost machines' not updating and continue to report on IP's with no devices attached.</li><li>Could use better filtering and reporting built-in and more customized options.</li></ul>

Verified User

Analyst in Finance and Accounting (1001-5000 employees)

Vetted Review

3 years of experience

A very good vulnerability scanner.

Rating: 8 out of 10

Incentivized

September 26, 2019

Use Cases and Deployment Scope

I have used Rapid7 Nexpose for performing vulnerability assessment scanning. It is a vulnerability management tool which can perform vulnerability scans and report the vulnerabilities. As a security consultant, I have used this tool to perform scans for our clients.

Pros

Being a vulnerability scanner tool, its purpose is to scan the systems to find the vulnerabilities. We can define the assets like IP address for the scans and it also allows to either schedule the scan at a preferred time or start the scan immediately. Upon completion of the scan, this tool can result provide the details like host type, OS information, hardware address, along with the vulnerabilities.
Rapid7 Nexpose has a list of templates to perform the scan. Once the templates are defined then the scans are performed accordingly.
It also contains an option to add credentials/authentication using passwords, usernames, private keys to perform the credential-based scans which I think is a great feature.

Cons

From my experience of using this tool, sometimes it gives more false positives. A few times I had performed the scan on the same IP address using QualysGuard and Nexpose, but after comparing the scan results I had found that QualysGuard had provided more accurate vulnerability information.

Likelihood to Recommend

Being a vulnerability scanning tool, Rapid7 Nexpose is very well suited to perform vulnerability scans and document the scan results. Rapid7 Nexpose is well suited if someone wants to perform the credential/authentication scan for assets like public IP addresses. However, I think it is not appropriate when accurate scan results are required because of the number of false positives it provides.

Verified User

Consultant in Information Technology (51-200 employees)

Vetted Review

1 year of experience

Dream or nightmare. Flip a coin.

Rating: 5 out of 10

Incentivized

May 14, 2018

Use Cases and Deployment Scope

<div>Rapid7 NeXpose performs discovery and vulnerability assessment of devices on a network. This data can be exported into other tools, or produce reports for threat remediation. The software supports physical servers, virtual servers, and cloud-based servers. For large environments, additional scanners can be deployed with the same options. Multiple OSs are supported and backups can be enabled for restoration across platforms.</div><div>

</div>

Pros

Queries against inventory are easy and useful
Most threats discovered a have plenty of detail about the nature of the problem and how to mitigate
Dashboards are abundant
Once the organization of the tool is understood, operation is easy

Cons

Devices found and scanned are never removed. Removal must be done manually with no option for automation.
The database can be fragile. Ours quietly corrupted and progressively degraded until we had to restore and lose 6 months of data. Still didn't fix it and had to be rebuilt again losing all data.
Workflow for delegating remediation is supposed to be helpful, but can also become cumbersome.
Scheduling can become a nightmare if not monitored closely. We found jobs had failed to run because the server had gone offline. When the server came online, it did not try to run missed jobs. Running missed jobs all at once can overload the server, but searching for and launching a large number of missed jobs manually is a pain.

Likelihood to Recommend

When it works, its a fantastic tool with plenty of value to spare. When it doesn't work, its a time sucking money pit of despair. I've used the data to prove other systems were not reporting correctly. I could count systems by type faster than any other inventory system. I could find how many machines had a specific version of software in minutes. I've also lost weeks of time trying to get scans to run consistently. We've lost months of data from failure. Its a 50/50 crap shoot. Are you willing to put up with problems for fantastic data? It could work perfectly for you. It could also be a brick.

Verified User

Analyst in Information Technology (1001-5000 employees)

Vetted Review

2 years of experience

Loading Reviews List....

A Leader in Vulnerability Management

Rating: 10 out of 10

Incentivized

December 13, 2024

Use Cases and Deployment Scope

Pros

InsightVM provides rich vulnerability data that is actionable.
This tool also has a robust reporting feature that provides a myriad of ways to look at the data and present that to others.
The remediation instructions are excellent and the "proof" data is very useful to show other departments how the tool found the vulnerability.

Cons

I really like the SQL reporting feature and I think they could invest more time into making that great.
This is more of a feature request, but it would be nice to have the ability to create my own cards for their cloud reporting dashboards.
InsightVM does a great job of reporting on vulnerability data on a device, but I think it would be also helpful to see a deeper dive into non-vulnerability related info that is related (such as last reboot or last user logged in).

Likelihood to Recommend

Mark Knutson

Manager of Information Security in Information Technology at Sheltering Arms Institute (501-1000 employees)

Vetted Review

5 years of experience