Skip to main content
TrustRadius
Rapid7 InsightVM

Rapid7 InsightVM
Formerly Nexpose

Overview

What is Rapid7 InsightVM?

InsightVM is presented as the next evolution of Nexpose, by Rapid7. This Insight cloud-based solution features everything included in Nexpose, such as Adaptive Security and the proprietary Real Risk score, and extends visibility into cloud and containerized infrastructure. InsightVM also…

Read more
Recent Reviews

TrustRadius Insights

Rapid7 NeXpose is widely used across organizations for various use cases related to vulnerability management and security assessment. With …
Continue reading
TrustRadius Insights
TrustRadius Insights

Expose on Nexpose

8 out of 10
June 21, 2017
Incentivized
Nexpose from Rapid7 is a vulnerability scanner that supports the vulnerability management lifecycle. It addresses discovery, detection, …
Continue reading
Read all reviews
Return to navigation

Pricing

View all pricing

Log Management

$19

Cloud
per GB

Vulnerability Management

$22

Cloud
per asset

insightIDR

$52

Cloud
per asset

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services
Return to navigation

Product Demos

Rapid7 InsightVM - Managing Remediation Activities for Discovered Vulnerabilities Lab Demo

YouTube

PrintNightmare and HiveNightmare Vulnerability Assessment with Rapid7 InsightVM - Lab Demo 5

YouTube

Rapid7 InsightVM - Security Console Features Lab Demo 3 by Jovo

YouTube

Rapid7 InsightVM –Vulnerability Analysis, Reporting & Dynamic Assets Filtering - Lab Demo 6 by Jovo

YouTube

Rapid7 InsightVM Walkthough Demo Rapid7 InsightVM Architecture and Components Session 1

YouTube
Return to navigation

Product Details

What is Rapid7 InsightVM?

Rapid7 InsightVM Video

Overview Video: InsightVM

Rapid7 InsightVM Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

InsightVM is presented as the next evolution of Nexpose, by Rapid7. This Insight cloud-based solution features everything included in Nexpose, such as Adaptive Security and the proprietary Real Risk score, and extends visibility into cloud and containerized infrastructure. InsightVM also offers advanced remediation, tracking, and reporting capabilities not included in Nexpose.

Reviewers rate Automated Alerts and Reporting and Configuration Monitoring highest, with a score of 8.7.

The most common users of Rapid7 InsightVM are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(74)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Rapid7 NeXpose is widely used across organizations for various use cases related to vulnerability management and security assessment. With its powerful scanning capabilities, it allows users to discover vulnerabilities in their infrastructure, including cloud-based servers. Many users implement NeXpose as a pentesting tool to scan sensitive servers and identify weaknesses that could potentially be exploited by hackers. This helps organizations proactively address vulnerabilities before they can be exploited, enhancing overall security posture. Users have found NeXpose to be valuable for vulnerability scanning of both current assets and new build servers, providing asset owners with weekly reports to track trends and prioritize remediation efforts. Security consultants also rely on NeXpose for performing vulnerability assessments for their clients, leveraging its robust features such as risk classification, impact analysis, and reporting.

In addition to vulnerability management, Rapid7 NeXpose is often utilized for meeting regulatory requirements, such as PCI compliance. Organizations leverage the tagging features of NeXpose to easily sort scans and reports for different asset owners or teams, streamlining the vulnerability management process. Furthermore, the software serves as the primary vulnerability scanner across the organization, acting as the source of truth for identifying current vulnerabilities in the environment. It supports the discovery and assessment of devices on networks, encompassing physical servers, virtual servers, and cloud-based servers. Another notable use case is its integration with Rapid7 InsightVM, allowing centralized compliance and vulnerability management by scanning services or devices in the network and generating comprehensive reports on vulnerabilities and remediation actions.

Overall, Rapid7 NeXpose provides organizations with a reliable solution to discover vulnerabilities, mitigate risks, and maintain a strong security posture through regular scanning and assessment of their infrastructure.

Attribute Ratings

Reviews

(1-2 of 2)
Companies can't remove reviews or game the system. Here's why
February 13, 2020

Rapid7 Nexpose, not all it's cracked up to be

Verified User
Analyst in Finance and Accounting
Financial Services Company, 1001-5000 employees
Score 7 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
We currently use Rapid7 Nexpose for all Vulnerability scanning for current and new assets. Several asset groups have been created with assets owners receiving weekly reports for just the assets they own for a weekly snapshot to gauge their trending. We also utilize ad-hoc scans to ensure new devices do not have outstanding patches before being deployed.
Pros and Cons
  • Creating Device Groups is very easy.
  • The API tie ins work well.
  • Frequent updates and console lockups.
  • A lot of issues with scans running long out of nowhere, causing resource issues for the next scans.
Likelihood to Recommend
  • Works well most of the time for even large enterprise organizations, but takes a lot of care and feeding to ensure it's running properly.
  • We have had several issues with 'ghost machines' not updating and continue to report on IP's with no devices attached.
  • Could use better filtering and reporting built-in and more customized options.
Return on Investment
  • Once the initial setup is done, which does take some time and thought, it can be managed by one person.
  • Emailing of weekly auto run reports to business owners is valuable.
Alternatives Considered
I personally like Qualys much better. Out of the box, and the overall configuration is more natural, and the system itself is more stable.
Support Rating
7
I gave it a seven due to the functionality and general ease of use after the initial setup headaches, but compared to Qualys, Rapid7 Nexpose falls short on features and ease of use. Their support drags this rating down a point as well. I have gone weeks with no update on semi-critical issues and typically have to make call after call to get a semi-coherent response.
Other Software Used
September 26, 2019

A very good vulnerability scanner.

Verified User
Consultant in Information Technology
Information Technology and Services Company, 51-200 employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
I have used Rapid7 Nexpose for performing vulnerability assessment scanning. It is a vulnerability management tool which can perform vulnerability scans and report the vulnerabilities. As a security consultant, I have used this tool to perform scans for our clients.
Pros and Cons
  • Being a vulnerability scanner tool, its purpose is to scan the systems to find the vulnerabilities. We can define the assets like IP address for the scans and it also allows to either schedule the scan at a preferred time or start the scan immediately. Upon completion of the scan, this tool can result provide the details like host type, OS information, hardware address, along with the vulnerabilities.
  • Rapid7 Nexpose has a list of templates to perform the scan. Once the templates are defined then the scans are performed accordingly.
  • It also contains an option to add credentials/authentication using passwords, usernames, private keys to perform the credential-based scans which I think is a great feature.
  • From my experience of using this tool, sometimes it gives more false positives. A few times I had performed the scan on the same IP address using Qualysguard and Nexpose, but after comparing the scan results I had found that Qualysguard had provided more accurate vulnerability information.
Likelihood to Recommend
Being a vulnerability scanning tool, Rapid7 Nexpose is very well suited to perform vulnerability scans and document the scan results. Rapid7 Nexpose is well suited if someone wants to perform the credential/authentication scan for assets like public IP addresses. However, I think it is not appropriate when accurate scan results are required because of the number of false positives it provides.
Return on Investment
  • It certainly has a more positive impact than negative impact while performing the scans. Nexpose can find report vulnerabilities that our other scanner fails to identify during the scan because of its defined scan templates.
  • Also, even if the scan is not being performed due to some issues like reachability, whitelisting, etc. it will try to give scan results unlike Qualysguard which just marks the asset as unreachable.
Alternatives Considered
Support Rating
8
I think Rapid7 Nexpose is a very good vulnerability scanner compared to other vulnerability scanners in the market, although it lacks some accuracy and there is always room for improvement.
Other Software Used
Return to navigation