17 years helping British businesses
choose better software
InsightVM
What is InsightVM?
InsightVM uses the power of Rapid7s Insight platform & heritage of their award-winning Nexpose product. InsightVM provides a fully available, scalable, & efficient way to collect vulnerability data, turn it into answers, & minimize risk. This industry leader in vulnerability management, InsightVM leverages the latest analytics & endpoint technology to discover vulnerabilities real-time, pinpoint their location, prioritize using threat risk & business context, and confirm exposure reduction.
Who Uses InsightVM?
Cloud-based vulnerability management solution that assists security teams with virtual infrastructure assessment, live dashboards, remediation reporting, risk prioritization, threat feeds & more.
Not sure about InsightVM?
Compare with a popular alternative
InsightVM
Reviews of InsightVM
Alternatives Considered:
Manage your Vulnerabilities better using InsightVM
Comments: Awesome . Superb product. Lots of capabilities
Pros:
Console, ease of setup , ease of policy creation , scanner configurations.
Cons:
Reporting , Sometimes latency in scanning but thats due to your network congestion.
InsightVM review - Analyst perspective
Pros:
The tool is relatively easy to pickup, is feature-rich and is a leader in its category.
Cons:
Scan templates creation and management is a bit difficult for first time users. Interface isnt that user-friendly.
Bloated NMAP scanner
Comments: 1. Tech support is awful. Just god awful. I installed their appliance OVF's. They also have direct Linux and Windows installers if you prefer to load your own OVF's. Every single case I submit, I say I am running the Nexpose Appliance. Every single time they ask me what I am running (Windows or Linux). Are they just that dumb over there? 2. Scans die. I did my initial discovery scans. Worked OK at most sites except a couple which kept dying. I ran them a couple times and they finally finished. I didn't bother calling support. See #1 above for why. I then tried to run initial Full Audit scans. Only one of my 8 sites completed. I can't wait to call tech support to find out!! LOL This is not a cheap product. It works so poorly that it is quite disgusting. It is VERY obvious that the internal processes at Rapid7 are horrible at best. I'm going to ask for my money back and go with another product. Note: Too bad I couldn't demo this product firsthand (try before you buy) but Rapid7 is very inflexible in that manner.
Pros:
Absolutely nothing at this point.
Cons:
Doesn't work. Tech support horrible. Accessing logs horrible. Just overall terrible software.
Alternatives Considered:
One of th best VM tools in the market
Pros:
InsightVM has good asset discover and management modules along with vulnerability scanning , management, exception modules and integration with different ticketing tools make it one of the best tools for VM.
Cons:
Reporting features needs to be improved along with the removal of false positives. For Cisco devices, we faced a long line of false positives which even when contacted support team was not fixed.
Excellent product by an excellent company
Comments: I trialed Nexpose Community when our company started moving to a cloud hosting provider. I was very impressed. We ended up going with another provider, but when that contract expired, I proposed that we give InsightVM a shot instead of a renewal, remembering how much of a pleasure it was to use. Now, we're customers, and I don't regret my suggestion at all. I deployed a security console within an hour, and had it ingesting an inventory of every host in our cloud environment, whether Active Directory knew about it or not. Everyone from Compliance to IT speaks positively about it. They like the intuitive UI, the ability to get actionable data the moment the dashboard loads, and the fact that it's fully aware of both Microsoft and third-party vulnerabilities. I like the "risk score," a practical alternative to the typical CVSS rating. While the CVSS score is important, Rapid7 weights their score on factors such as practicality of exploitation and active targeting in the wild. I've suggested that we prioritize remediation based on the Rapid7 risk score rather than the CVSS score. I installed the Insight agent on a majority of our workstations, which sends data about any published vulnerability to the portal, whether in a Docker image, a third-party application, or the underlying OS. A couple customizations of the dashboard, and now we see comprehensive overview of the week's priorities at logon. It's great to have one dashboard for every environment!
Pros:
Easy to install, intuitive UI, integration with cloud portal, agent (that feeds data to the cloud analytics portal), multi-platform.
Cons:
Nothing -- Rapid7 is KILLING it. Since this field has a minimum length: maybe the only downside is that the security console requires a decent bit of RAM? I had to give it 8 GB to ensure stability. That said, it's running a web-based management interface, and the scan runtime is far faster and more reliable than our previous solution.
The Go-To Pentesting application
Comments: It's as close to a one-stop pentesting application as it's possible to have. Recconnaisance, Access, Payload, Closure - all within one application. Sure, other applications and skills are necessary to carry out the most comprehensive report but this is the place to start.
Pros:
The ability to conduct the full range of basic (and some advanced) penetration testing phases and techniques from within one application makes this the first port (pun intended) of call when initiating a report. Utilising the thousands of existing, and daily generated, custom-made add-ons makes this completely future-proof too. If there's still something missing, write yourself a script and import that too!
Cons:
As a technical tool, it is not for the typical Windows user - this therefore necessitates a technical mindset to get it up and running and begin use. Arguably, given how powerful this tool can be, this is a good thing and it keeps it out of the hands of most people. However, it can make the use of some of the advanced functionality annoying if you're not a regular user, having to relearn each time.
A very good Vulnerability Management tool
Pros:
Userful information on vulnerabilities is extremely easy to get to and remediation projects are a very useful feature.
Cons:
Documentation is lacking some depth and the support team can take a while to to respond.
Jack of all trades master of none
Comments: Overall it's a good product for someone looking for vulnerability and patch management software for their cloud infrastructure
Pros:
Vulnerability and patch management is undoubtedly the best feature of insight it's vulnerability database is updated often with latest patches.
Cons:
Policy management and auditing for SOC 2 is missing and doesn't work
best vulnerability management
Pros:
a real view on my real risk score of vulnerability on my environment
Cons:
they could add more build in reports and cards on the dashboard
Alternatives Considered:
Many features, object management is good
Comments: The hardware requirement is a lot. The cloud is not helping much. If they can do everything on cloud is so good. We don't have to maintain the On-Premise server
Pros:
Manage by Sites and Asset group is good. Because we can assing user to that site or group. Which is other software does not have
Cons:
It seems difficult to use. I have to search everywhere just to scan 1 assets. It spent about 1 hour just to do a test scanning . After scan, the report is not automatically generated. You have to do it yourselft
A great vulnerability scanner from a know vendor.
Pros:
A very good vulnerability assessment scanner with a long reliable history. The reports are well presented and deliver relevant information. Discovery and special scan are appreciated.
Cons:
The install and setup is not as easy as you might hope for this day and age. Price can be a bit of a turn off, even if it is worth it.
A powerful scanner with useful reports, but ideal for a larger business with a more complex network
Comments: Solid customer support, clean interface, helped to make us aware of possible data breaches
Pros:
As an accounting firm with multiple offices, we invested in this program to help us protect client information. Nexpose is a detailed and accurate scanner, and it presents professional reports on a regular basis.
Cons:
Though it's a wonderful program, for our small business the price was difficult to justify. We also felt the installation process was a little difficult.
IT Administrator
Comments:
Monitoring and maintaining computer systems and networks.
Troubleshoot and resolve hardware, connection, printer and software issues reported to the Service Desk.
Update network applications as required.
Maintain daily tape backup and off-site tape storage.
Provide support to the Technology team.
Monitor and control servers, server configuration and upgrades.
Installing and configuring computer hardware operating systems and applications.
Talking staff/clients through a series of actions, either face to face or over the telephone.
Troubleshooting systems, servers and network problems and diagnosing and solving hardware/software faults.
Replacing parts as required.
Setting up new users accounts and profiles and dealing with password issues.
IT Security &Controls: by maintaining users ID security administration files. Creates users\mailboxes, deletes\modifies user accounts, and resets lost
Rapid7
Comments: Great experience overall.. Will use it again. The support and sales teams helps you along the way.
Pros:
Easy to use. Deployment was easy as well. Rapid7 is a very reputable organization and forefront of Cyber Security. I was able to find vulnerabilities I was looking for but the bonus was the stuff I did not have in mind. For instance, I did not consider APCs and other ancillary appliances.
Cons:
Reporting can be better i.e. focused reports associated with Cyebr Security Frameworks like NIST etc.
Awesome penetration testing and deployment services
Comments: One of the most essential benefits of this software is there Jira integration. This feature has saved our team a lot of time.
Pros:
What I like most the ease of deployment and use. Their Nexpose Vulnerability Scanning tool was fully deployed on just one call.
We used to use this scanner and it was ok.
Pros:
The scanner was a decent scanner. We liked the scanner because it was able to do the scanning we needed for a good price. It was also easy to use for functionality.
Cons:
The software was not as robust as the new scanner that we use but it was less in terms of cost so that was expected.
A really great tool for security awareness
Pros:
A really extensive tool for network scanning when combined with Metasploit. A well thought out GUI and report system
Cons:
Price is a bit on the expensive side when the market is so full of alternatives. Can be a bit intimidating to setup and install.
Security software
Comments: Very easy to use! Extensive list of products and companies in the database available at your fingertip.