Acunetix by Invicti vs. Rapid7 InsightVM

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Acunetix by Invicti
Score 8.0 out of 10
N/A
AcuSensor from Maltese company Acunetix is application security and testing software.
$4,500
Rapid7 InsightVM
Score 8.9 out of 10
N/A
InsightVM is presented as the next evolution of Nexpose, by Rapid7. This Insight cloud-based solution features everything included in Nexpose, such as Adaptive Security and the proprietary Real Risk score, and extends visibility into cloud and containerized infrastructure. InsightVM also offers advanced remediation, tracking, and reporting capabilities not included in Nexpose.
$19
per GB
Pricing
Acunetix by InvictiRapid7 InsightVM
Editions & Modules
Websites Scanned: 5
4,500
Websites Scanned: 6-10
7,200
Websites Scanned: 11-20
10,800
Websites Scanned: 21-35
22,540
Websites Scanned: 36-50
26,600
Websites Scanned: Over 50
Contact for quote
Log Management
$19
per GB
Vulnerability Management
$22
per asset
insightIDR
$52
per asset
Application Security
$2,000
per app
insignConnect
Contact sales team
Offerings
Pricing Offerings
Acunetix by InvictiRapid7 InsightVM
Free Trial
YesNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
Acunetix by InvictiRapid7 InsightVM
Features
Acunetix by InvictiRapid7 InsightVM
Threat Intelligence
Comparison of Threat Intelligence features of Product A and Product B
Acunetix by Invicti
-
Ratings
Rapid7 InsightVM
7.4
Ratings
7% below category average
Network Analytics00 Ratings5.30 Ratings
Threat Recognition00 Ratings7.00 Ratings
Vulnerability Classification00 Ratings9.30 Ratings
Automated Alerts and Reporting00 Ratings9.30 Ratings
Threat Analysis00 Ratings7.40 Ratings
Threat Intelligence Reporting00 Ratings7.00 Ratings
Automated Threat Identification00 Ratings6.70 Ratings
Vulnerability Management Tools
Comparison of Vulnerability Management Tools features of Product A and Product B
Acunetix by Invicti
-
Ratings
Rapid7 InsightVM
8.3
Ratings
3% above category average
IT Asset Realization00 Ratings9.00 Ratings
Authentication00 Ratings8.60 Ratings
Configuration Monitoring00 Ratings8.60 Ratings
Web Scanning00 Ratings7.00 Ratings
Vulnerability Intelligence00 Ratings8.30 Ratings
Best Alternatives
Acunetix by InvictiRapid7 InsightVM
Small Businesses
GitLab
GitLab
Score 8.7 out of 10
Action1
Action1
Score 9.5 out of 10
Medium-sized Companies
Veracode
Veracode
Score 8.7 out of 10
Action1
Action1
Score 9.5 out of 10
Enterprises
Veracode
Veracode
Score 8.7 out of 10
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.1 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
Acunetix by InvictiRapid7 InsightVM
Likelihood to Recommend
9.0
(0 ratings)
9.0
(0 ratings)
Usability
-
(0 ratings)
9.0
(0 ratings)
Support Rating
-
(0 ratings)
7.2
(0 ratings)
User Testimonials
Acunetix by InvictiRapid7 InsightVM
Likelihood to Recommend
Acunetix scales well from a small web development presence like ours to a full-scale enterprise focused on that. The various tools and sensors that provide assurance of the results and can give feedback down to the lines of code in the source are proof of this. Various integrations exist as well. The main thing for us is that it simplifies confirming and remediating potential issues in our code or proving that products we use have issues that we can then take to the vendor for correction.
Read full review
I think Rapid7 InsightVM is well suited for large enterprise customers with a lot of assets. It integrates well with a number of different ITSM solutions which I think is very good. There are not many CIS benchmarking tools on the market and Rapid7 InsightVM does a very good job at benchmarking. I think where Rapid7 InsightVM falls down a little is on false positive vulnerabilities. Sometime you there a few positive results on vulnerabily discovery. Tuning the settings for scan engines can sometimes be trick as well.
Read full review
Pros
  • Integration of tool with different IDE is great
  • Easy to scan code and identify vulnerabilities
  • Dashboard is easy to customise
Read full review
  • The API is also a great tool for us to automate lots of routine procedures like scan and report of asset(s) BY EMAIL.
  • Tagging. It helps sort out results and reports for respective assets Owner for remediation without a lengthy report including unnecessary information for that particular team.
  • SQL Reporting. It provides advanced reporting and export capabilities that you can not find in the stock report template.
Read full review
Cons
  • Does not support multiple endpoints well (e.g. apps and services that do not reside at the same URL).
  • Has authentication problems with modern enterprise apps which involve a lot of redirects to unrelated endpoints, federated IDs, SSO, etc. This is related to the first point.
  • The vulnerability detection capability is not as robust as Burp Suite Pro + extensions, Metasploit + auxiliary modules, Nmap + scripts, etc.
Read full review
  • Devices found and scanned are never removed. Removal must be done manually with no option for automation.
  • The database can be fragile. Ours quietly corrupted and progressively degraded until we had to restore and lose 6 months of data. Still didn't fix it and had to be rebuilt again losing all data.
  • Workflow for delegating remediation is supposed to be helpful, but can also become cumbersome.
  • Scheduling can become a nightmare if not monitored closely. We found jobs had failed to run because the server had gone offline. When the server came online, it did not try to run missed jobs. Running missed jobs all at once can overload the server, but searching for and launching a large number of missed jobs manually is a pain.
Read full review
Usability
No answers on this topic
While I think it is a great tool and platform, I believe it (like all tools and solutions) is always evolving and the needs for clients are changing as the industry evolves and threats are upgraded. Cost is good, and support is helpful. Some things could be more granular and others could be easier to understand
Read full review
Support Rating
No answers on this topic
I gave it a seven due to the functionality and general ease of use after the initial setup headaches, but compared to Qualys, Rapid7 Nexpose falls short on features and ease of use. Their support drags this rating down a point as well. I have gone weeks with no update on semi-critical issues and typically have to make call after call to get a semi-coherent response.
Read full review
Alternatives Considered
In my opinion Acunetix fares good in DevSecOps pipeline better than Appspider. In terms of vulnerabilities scanning of dynamic applications I liked Rapid7, however we have better ROI with Acunetix. During 6 months of usage I tried to look into cost benefit analysis and could easily pick Acunetix and in terms of dashboards also I am impressed
Read full review
I think Tenable is very comparable and they are both leaders in this space. I evaluated both of them side-by-side and ultimately decided to go with Rapid7. Tenable did have a slight edge on the amount of information I was getting from the machines, but I landed on R7 because I found the features of the InsightVM tool to be more useful. They both get the job done, but I found InsightVM a better experience to use on a day-to-day basis and had better quality of life features that I was looking for.
Read full review
Return on Investment
  • Saved money compared to other commercial scanners, especially over the long run.
  • Scan speed seems to be pretty good compared to some of the bulkier commercial products out there. However, that largely has to do with proper configuration.
  • A downside is that is requires a bit of extra work just to get it set up to scan APIs, web services, etc.
Read full review
  • It certainly has a more positive impact than negative impact while performing the scans. Nexpose can find report vulnerabilities that our other scanner fails to identify during the scan because of its defined scan templates.
  • Also, even if the scan is not being performed due to some issues like reachability, whitelisting, etc. it will try to give scan results unlike QualysGuard which just marks the asset as unreachable.
Read full review
ScreenShots

Acunetix by Invicti Screenshots

Screenshot of DashboardScreenshot of FilteringScreenshot of scan results