TrustRadius Insights
Rapid7 NeXpose is widely used across organizations for various use cases related to vulnerability management and security assessment. With …
Starting at $19 per GB
View PricingOverview
What is Rapid7 InsightVM?
InsightVM is presented as the next evolution of Nexpose, by Rapid7. This Insight cloud-based solution features everything included in Nexpose, such as Adaptive Security and the proprietary Real Risk score, and extends visibility into cloud and containerized infrastructure. InsightVM also…
Recent Reviews
Pricing
Log Management
$19
Cloud
per GB
Vulnerability Management
$22
Cloud
per asset
insightIDR
$52
Cloud
per asset
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Product Demos
Rapid7 InsightVM - Managing Remediation Activities for Discovered Vulnerabilities Lab Demo
YouTube
PrintNightmare and HiveNightmare Vulnerability Assessment with Rapid7 InsightVM - Lab Demo 5
YouTube
Rapid7 InsightVM - Security Console Features Lab Demo 3 by Jovo
YouTube
Rapid7 InsightVM –Vulnerability Analysis, Reporting & Dynamic Assets Filtering - Lab Demo 6 by Jovo
YouTube
Rapid7 InsightVM Walkthough Demo Rapid7 InsightVM Architecture and Components Session 1
YouTube
Product Details
- About
- Tech Details
- FAQs
What is Rapid7 InsightVM?
Rapid7 InsightVM Video
Overview Video: InsightVM
Rapid7 InsightVM Technical Details
| Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
|---|---|
| Operating Systems | Unspecified |
| Mobile Application | No |
Frequently Asked Questions
InsightVM is presented as the next evolution of Nexpose, by Rapid7. This Insight cloud-based solution features everything included in Nexpose, such as Adaptive Security and the proprietary Real Risk score, and extends visibility into cloud and containerized infrastructure. InsightVM also offers advanced remediation, tracking, and reporting capabilities not included in Nexpose.
Reviewers rate Automated Alerts and Reporting and Configuration Monitoring highest, with a score of 8.7.
The most common users of Rapid7 InsightVM are from Enterprises (1,001+ employees).
Comparisons
Compare with
Reviews and Ratings
(74)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
Rapid7 NeXpose is widely used across organizations for various use cases related to vulnerability management and security assessment. With its powerful scanning capabilities, it allows users to discover vulnerabilities in their infrastructure, including cloud-based servers. Many users implement NeXpose as a pentesting tool to scan sensitive servers and identify weaknesses that could potentially be exploited by hackers. This helps organizations proactively address vulnerabilities before they can be exploited, enhancing overall security posture. Users have found NeXpose to be valuable for vulnerability scanning of both current assets and new build servers, providing asset owners with weekly reports to track trends and prioritize remediation efforts. Security consultants also rely on NeXpose for performing vulnerability assessments for their clients, leveraging its robust features such as risk classification, impact analysis, and reporting.
In addition to vulnerability management, Rapid7 NeXpose is often utilized for meeting regulatory requirements, such as PCI compliance. Organizations leverage the tagging features of NeXpose to easily sort scans and reports for different asset owners or teams, streamlining the vulnerability management process. Furthermore, the software serves as the primary vulnerability scanner across the organization, acting as the source of truth for identifying current vulnerabilities in the environment. It supports the discovery and assessment of devices on networks, encompassing physical servers, virtual servers, and cloud-based servers. Another notable use case is its integration with Rapid7 InsightVM, allowing centralized compliance and vulnerability management by scanning services or devices in the network and generating comprehensive reports on vulnerabilities and remediation actions.
Overall, Rapid7 NeXpose provides organizations with a reliable solution to discover vulnerabilities, mitigate risks, and maintain a strong security posture through regular scanning and assessment of their infrastructure.
Attribute Ratings
Reviews
(1-11 of 11)Companies can't remove reviews or game the system. Here's why
January 13, 2023
Rapid7 InsightVM Review !
- Automatic Scanning of devices
- Good reporting
- Easy to manage
- Costing
- False positive findings
January 12, 2023
It has Insight for all your Enterprise
Score 9 out of 10
Vetted Review
Verified User
- Scanning Vulnerabilities
- Checking Missing Configs
- Asset Management
- Policy Assessment has improvement needed
- Shadow IT Host
January 09, 2023
A leader tool for pentesting
- vulnerability managment
- applicative security
- orchestration
- produt implementation
- report clearness
- time to execute scans can be improved
August 24, 2021
Great source of truth for vulnerabilities
- report on a system vulnerability
- consistent scanning
- easy to understand results
- System management
- UI
- Noise tuning from the scans on systems
February 13, 2020
Rapid7 Nexpose, not all it's cracked up to be
- Creating Device Groups is very easy.
- The API tie ins work well.
- Frequent updates and console lockups.
- A lot of issues with scans running long out of nowhere, causing resource issues for the next scans.
September 26, 2019
A very good vulnerability scanner.
- Being a vulnerability scanner tool, its purpose is to scan the systems to find the vulnerabilities. We can define the assets like IP address for the scans and it also allows to either schedule the scan at a preferred time or start the scan immediately. Upon completion of the scan, this tool can result provide the details like host type, OS information, hardware address, along with the vulnerabilities.
- Rapid7 Nexpose has a list of templates to perform the scan. Once the templates are defined then the scans are performed accordingly.
- It also contains an option to add credentials/authentication using passwords, usernames, private keys to perform the credential-based scans which I think is a great feature.
- From my experience of using this tool, sometimes it gives more false positives. A few times I had performed the scan on the same IP address using Qualysguard and Nexpose, but after comparing the scan results I had found that Qualysguard had provided more accurate vulnerability information.
May 15, 2018
NeXpose - Its almost there
- Intuitive
- End point agent deployment and management is easy
- RBAC on the console is great
- Scanning capabilities like specific vulnerabilities & compliance etc. are good
- In comparison to Tenable SecurityCenter we saw it didn't exactly find the same vulnerabilities which we would assume it should have
- We rely on a ticketing system and not our VM tool to assign tasks so wasn't too useful having that in there
- Filtering capabilities aren't as good as its competitors
May 14, 2018
Dream or nightmare. Flip a coin.
- Queries against inventory are easy and useful
- Most threats discovered a have plenty of detail about the nature of the problem and how to mitigate
- Dashboards are abundant
- Once the organization of the tool is understood, operation is easy
- Devices found and scanned are never removed. Removal must be done manually with no option for automation.
- The database can be fragile. Ours quietly corrupted and progressively degraded until we had to restore and lose 6 months of data. Still didn't fix it and had to be rebuilt again losing all data.
- Workflow for delegating remediation is supposed to be helpful, but can also become cumbersome.
- Scheduling can become a nightmare if not monitored closely. We found jobs had failed to run because the server had gone offline. When the server came online, it did not try to run missed jobs. Running missed jobs all at once can overload the server, but searching for and launching a large number of missed jobs manually is a pain.
August 16, 2017
Rapid7 NeXpose
- Real-Time Risk views
- Streamlines your view on most vulnerable assets
- Provides the ability to scan for policy configuration and compare with control requirements
- Integration with many other vendors; SIEM, Ticketing, Next gen Firewalls, etc
- Console crashes frequently
- Licensing is very expensive, per asset
June 21, 2017
Expose on Nexpose
- Timely content by virtue of being tied to metasploit
- Easy to use interface
- Depth across the security life cycle
- Management side of things is a bit less functional than [Nexus]
- Perhaps more robust reporting for higher level reporting
- The alerting/messaging system could use additional flexibility
- The API is also a great tool for us to automate lots of routine procedures like scan and report of asset(s) BY EMAIL.
- Tagging. It helps sort out results and reports for respective assets Owner for remediation without a lengthy report including unnecessary information for that particular team.
- SQL Reporting. It provides advanced reporting and export capabilities that you can not find in the stock report template.
- Scan for individual asset(s) (with schedule) should be more friendly and easy in GUI rather than going through its corresponding site for scheduling.
- Scan with Credentials can not be customized or prioritized the use of credentials for different sites or assets. How credentials are applied or the order of applying is still not very customizable.
- SQL database (PostgreSQL) should be opened to customer, since it lives on customer's appliance, so that we can do live monitoring and query in a more robust way.