InsightVM is presented as the next evolution of Nexpose, by Rapid7. This Insight cloud-based solution features everything included in Nexpose, such as Adaptive Security and the proprietary Real Risk score, and extends visibility into cloud and containerized infrastructure. InsightVM also offers advanced remediation, tracking, and reporting capabilities not included in Nexpose.
$19
per GB
Ventiv IRM
Score 7.5 out of 10
N/A
Ventiv IRM is integrated risk management software designed to provide the insights needed to monitor and lower the user's Total Cost of Risk (TCoR). It features real-time analytics for decision support by integrating data from internal and external sources in one system while connecting risk mitigation activities across the business.
N/A
Pricing
Rapid7 InsightVM
Ventiv IRM
Editions & Modules
Log Management
$19
per GB
Vulnerability Management
$22
per asset
insightIDR
$52
per asset
Application Security
$2,000
per app
insignConnect
Contact sales team
No answers on this topic
Offerings
Pricing Offerings
Rapid7 InsightVM
Ventiv IRM
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
Rapid7 InsightVM
Ventiv IRM
Features
Rapid7 InsightVM
Ventiv IRM
Threat Intelligence
Comparison of Threat Intelligence features of Product A and Product B
Rapid7 InsightVM
7.4
Ratings
7% below category average
Ventiv IRM
-
Ratings
Network Analytics
5.30 Ratings
00 Ratings
Threat Recognition
7.00 Ratings
00 Ratings
Vulnerability Classification
9.30 Ratings
00 Ratings
Automated Alerts and Reporting
9.30 Ratings
00 Ratings
Threat Analysis
7.40 Ratings
00 Ratings
Threat Intelligence Reporting
7.00 Ratings
00 Ratings
Automated Threat Identification
6.70 Ratings
00 Ratings
Vulnerability Management Tools
Comparison of Vulnerability Management Tools features of Product A and Product B
I think Rapid7 InsightVM is well suited for large enterprise customers with a lot of assets. It integrates well with a number of different ITSM solutions which I think is very good. There are not many CIS benchmarking tools on the market and Rapid7 InsightVM does a very good job at benchmarking. I think where Rapid7 InsightVM falls down a little is on false positive vulnerabilities. Sometime you there a few positive results on vulnerabily discovery. Tuning the settings for scan engines can sometimes be trick as well.
I think the capabilities that Ventiv IRM has are incredible, even more so that what we've already started utilizing it for. The ability for it to be able to create graphs with reportings is a very visually useful. I do think that what we have access to is limited to our knowledge at this point. I have set up mine and my team's dashboards and customized it for each persons needs (i.e. the most updated claims that each person needs to see vs seeing every updated claim, etc), but I believe there are further capabilities that can be done, we just aren't familiar with it. As we continue to learn how to use/utilize Ventiv IRM for our needs, I'm sure my 9 points will elevate to a 10!
The API is also a great tool for us to automate lots of routine procedures like scan and report of asset(s) BY EMAIL.
Tagging. It helps sort out results and reports for respective assets Owner for remediation without a lengthy report including unnecessary information for that particular team.
SQL Reporting. It provides advanced reporting and export capabilities that you can not find in the stock report template.
Devices found and scanned are never removed. Removal must be done manually with no option for automation.
The database can be fragile. Ours quietly corrupted and progressively degraded until we had to restore and lose 6 months of data. Still didn't fix it and had to be rebuilt again losing all data.
Workflow for delegating remediation is supposed to be helpful, but can also become cumbersome.
Scheduling can become a nightmare if not monitored closely. We found jobs had failed to run because the server had gone offline. When the server came online, it did not try to run missed jobs. Running missed jobs all at once can overload the server, but searching for and launching a large number of missed jobs manually is a pain.
Clarifying what one has purchased in their modules - what's included versus not.
Making sure that what should be included in a module is active, usable for the client.
Once the module is set up for the client, give training to the client through all the modules. Walk with them, 1) make sure everything works; 2) the client understands how to use it. This is beyond the Ventiv University, which is a great refresher, and follow-up for something the client forgot.
While I think it is a great tool and platform, I believe it (like all tools and solutions) is always evolving and the needs for clients are changing as the industry evolves and threats are upgraded. Cost is good, and support is helpful. Some things could be more granular and others could be easier to understand
Very usable. The team is always suggesting "tweaks" that allow for easier flow, better understanding of the information needed. This even includes in moving categories/sections in a records around so that the flow of the record is better
I gave it a seven due to the functionality and general ease of use after the initial setup headaches, but compared to Qualys, Rapid7 Nexpose falls short on features and ease of use. Their support drags this rating down a point as well. I have gone weeks with no update on semi-critical issues and typically have to make call after call to get a semi-coherent response.
Support will reach out to me and I LOVE that. Often I want to show them what I see and they have always been willing to jump on a Teams meeting so I can do that. This has also helped me understand how to explain things better (support speak). This has led to closing tickets, completing projects sooner.
The actual implantation was not good. The system is fully customizable so Ventiv was ready to give us what we wanted; however, we never had a system so we didn't fully understand what we wanted. Since then, we hit "reset" and we are steadily moving forward.
I think Tenable is very comparable and they are both leaders in this space. I evaluated both of them side-by-side and ultimately decided to go with Rapid7. Tenable did have a slight edge on the amount of information I was getting from the machines, but I landed on R7 because I found the features of the InsightVM tool to be more useful. They both get the job done, but I found InsightVM a better experience to use on a day-to-day basis and had better quality of life features that I was looking for.
It certainly has a more positive impact than negative impact while performing the scans. Nexpose can find report vulnerabilities that our other scanner fails to identify during the scan because of its defined scan templates.
Also, even if the scan is not being performed due to some issues like reachability, whitelisting, etc. it will try to give scan results unlike QualysGuard which just marks the asset as unreachable.