Sold by: Rapid7
Deployed on AWS
Vendor Insights
Rapid7 InsightVM is a vulnerability management solution that doesn't just provide visibility into the risks present in your IT environment. It equips you with the reporting, automation, and integrations needed to prioritize and fix those vulnerabilities in a fast and efficient manner.
4.3
Overview
When it comes to risk management, the ability to detect problems is meaningless if you can't fix what you uncover. That's why we've designed InsightVM to detect risk and also arm security teams with the tools needed to overcome the communication barriers and organizational silos that can make remediation so hard.
Rapid7 InsightVM starts with the array of capabilities you'd expect from a solution that's been named by Forrester as a leader in the last three consecutive Wave reports on Vulnerability Risk Management:
- Get complete visibility into the presence of vulnerabilities through scan engines, the cross-product Rapid7 Insight Agent, and direct API integrations with AWS, other cloud providers, container repositories, and more.
- Detect over 150 kinds of misconfigurations in your AWS environment.
- Monitor your attack surface to uncover known and unknown external-facing assets.
- Evaluate compliance with industry frameworks or custom policies.
Once risks have been found, InsightVM helps teams take action:
- Proprietary real-risk score helps teams prioritize the biggest threats
- Automatically create tickets in JIRA or ServiceNow based on findings
- Automation capabilities include integrations with SCCM and BigFix
- Custom generated code snippets let you fix AWS misconfigurations with a few clicks
- Goal and SLA reporting, remediation projects, and customizable dashboards help track progress over time and share results across the organization
Highlights
- Full Visibility: InsightVM assesses physical servers, virtual machines (such as EC2 instances), containers, and remote endpoints. Plus, since risk to your organization is more than just missing patches, it also detects misconfigurations in AWS.
- Real-Time: Direct integrations with AWS and other cloud providers ensure data in InsightVM is always up-to-date. It also allows you to pull in all your EC2 tags for tracking, reporting, and organization.
- Available as a Managed Service: Let our team, led by a dedicated security advisor, run InsightVM for you. The best part? You still get full access to InsightVM for those times when you want to roll up your sleeves.
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Up to 128 Assets | Includes unlimited scan engines and templates, up to 3 Consoles | $3,840.00 |
Managed VM | Service terms and coverage to be defined in Private Offer | $1,000,000.00 |
Custom Pricing | Custom Pricing w/ terms and coverage to be defined in Private Offer | $1,000,000.00 |
Vendor refund policy
Please see the seller website for refund details.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Rapid7 Customer Support services provide rapid resolution of issues. We include Customer Portal Support, 24 hour vulnerability service level agreement, 24 hour incident response time, and a reliable testing guarantee. <www.rapid7.com/for-customers >
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Rapid7
By Qualys
By Tenable, Inc.
Top
10
In Industrial IoT, Application Servers
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Vulnerability Detection
Comprehensive scanning across physical servers, virtual machines, containers, and remote endpoints with detection of over 150 types of misconfigurations
Cloud Integration
Direct API integrations with AWS, cloud providers, container repositories for real-time asset discovery and risk assessment
Risk Prioritization
Proprietary real-risk scoring mechanism to help teams identify and prioritize the most critical security threats
Automated Remediation
Automatic ticket creation in JIRA and ServiceNow, with custom code snippets for fixing AWS misconfigurations
Compliance Evaluation
Capability to assess compliance with industry frameworks and custom security policies through comprehensive reporting mechanisms
Vulnerability Detection
Real-time vulnerability assessment and prioritization across hybrid IT environments
Cloud Scanning
Cloud context-aware scanning with pre-approved scanner for AWS EC2 infrastructure
Asset Discovery
Comprehensive inventory and visibility of global IT infrastructure and assets
Security Integration
Unified cloud-based platform combining discovery, assessment, detection, and response capabilities
Hybrid Environment Support
Seamless vulnerability management across diverse IT infrastructure including cloud and on-premises systems
Vulnerability Detection Coverage
Comprehensive vulnerability scanning with support for over 76,000 vulnerabilities and 186,000 security plugins
Cloud Asset Assessment
Agentless continuous discovery and assessment of EC2 instances without requiring agent installation or credential management
Security Configuration Analysis
Built-in compliance profiles with risk-based scoring to prioritize security threats and vulnerabilities
Vulnerability Disclosure Tracking
Real-time detection and response capabilities for newly disclosed zero-day vulnerabilities
Hybrid Environment Support
Unified vulnerability management and cloud security posture management for diverse infrastructure environments
Standard contract
No
No
No
Customer reviews
Michael Sands
Long-term risk management has reduced exploitable vulnerabilities and supports clear remediation
Reviewed on Jan 13, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for Rapid 7 typically revolves around vulnerability management, but we use it for a number of other things as well.
A specific example of how we're using it for vulnerability management is that we use it to scan and discover vulnerabilities on endpoints, and we use agents as well to discover vulnerabilities, present those in a console, and we work on remediations based upon those findings.
We have a unique setup with Rapid 7 as we're using a variety of their products, including their SIEM , Threat Command, and a few other things as well, and we're just starting to look into their ransomware offerings.
What is most valuable?
The best features Rapid 7 offers include their presentation of information and UI, which I think is actually very good, along with very good reporting, and their managed services, which I think provide a good value for what they charge.
What stands out to me about the presentation of information and UI is the dashboard, which is excellent, as they provide statistics that I can use to make my case for remediation and for addressing vulnerabilities. With managed services, probably the most valuable thing I find is the single point of contact and a regular point of contact as well, providing good communication from them on a consistent basis.
Rapid 7 has positively impacted my organization by reducing the risk to the environment, specifically by reducing the number of vulnerabilities and the number of vulnerable hosts. We have reduced exploitable vulnerabilities by around 50%, which has made a significant difference for my team.
What needs improvement?
Rapid 7 could be improved as some of the integrations between their different products could be better, and that's probably the main thing.
There are needed improvements around specific integrations, especially from a vulnerability perspective, as they're trying to push to the cloud-hosted version, which currently does not measure up to the legacy console and the way information is presented on that.
For how long have I used the solution?
I have been using Rapid 7 for over 20 years.
Which solution did I use previously and why did I switch?
We didn't use different solutions before Rapid 7 ; we've always used Rapid 7, so there was no need to switch.
What was our ROI?
I have seen a return on investment from Rapid 7 in the form of risk reduction.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing for Rapid 7 is that they are generally pretty good in terms of their pricing, their setup cost is reasonable, and licensing is among the easier companies to work with.
Which other solutions did I evaluate?
Before choosing Rapid 7, we evaluated other options, including Tenable.
What other advice do I have?
I would not add anything else about the features, as there is nothing else that stands out to me. I did not purchase Rapid 7 through the AWS Marketplace . I would rate this solution an 8 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
reviewer2775840
Manages vulnerabilities effectively over time but needs improvement in web coverage and dashboard flexibility
Reviewed on Nov 11, 2025
Review provided by PeerSpot
What is our primary use case?
Rapid7 InsightVM 's primary use case for us is to check the vulnerability and the exposure of our internal system.
Remediation is not done by the VM tool; we communicate internally with system owners and handle it in that manner. The system itself has not remediated the vulnerability; we more use it to identify and discover the vulnerabilities on each asset we manage.
What is most valuable?
Rapid7 InsightVM is an on-premise type product that has helped us manage potential vulnerabilities effectively.
The dashboard is excellent as it helps in visualizing our vulnerability management data. We are able to see the historical data in the dashboard, the assets, and the vulnerability in parallel. We can also see each site and manage both per-site as well as the grand information for all sites in the first dashboard.
What needs improvement?
Most of the dynamic asset tagging we use is manual, not dynamic. To manage the assets, we employed the manual approach because we have a limitation regarding the license, so we don't use the dynamic approach much.
I don't know how the configuration assessment has assisted with meeting compliance standards. The product that we use is the on-premise solution where we configure assets and dynamically scan them. However, we use the default policies more, the template, so Rapid7 InsightVM on-premise version is not that effective in the web-related systems. However, it is best on the OS to identify and discover the OS-related vulnerabilities, more of open ports and the discovery of vulnerable ports or services.
It would be better to improve Rapid7 InsightVM by including or working better to add web-related templates because it's not that effective in regard to web. I don't know if they may have a separate product regarding the web, but for the on-premise type, they are not strong in this area.
I would prefer to see web-related templates in addition to improving the dashboard-related things because the dashboard has been constant for a very long time. It would be better to see various kinds of, perhaps a flexible type of dashboard. If it's not customizable at all, I would want to see the risk and asset over time with more flexibility. The current dashboard is not flexible in this regard; I have to dig down every day, so they should work on this as well, in addition to the web.
For how long have I used the solution?
We have worked with Rapid7 InsightVM for the past three or four years.
How are customer service and support?
For the technical support by Rapid7, I would give a six out of ten because our web-related systems are very important to identify the vulnerabilities. I believe it would be better to work on the web-related issues and include those kinds of templates in their product.
How would you rate customer service and support?
Neutral
What other advice do I have?
We have utilized the predictive analytics feature.
The pricing of Rapid7 is not cheap; I would say it's medium. It's not very expensive; it's not cheap, but if they included the web and addressed the comments I made, the price would not be that expensive. For now, it is expensive.
Our overall review rating for this product is six out of ten.
tali k.
InsightVM’s Actionable Risk Scoring and Live Dashboards Impress
Reviewed on Nov 06, 2025
Review provided by G2
What do you like best about the product?
I like InsightVM’s clear, actionable risk scoring and live dashboards that keep asset exposure prioritized and up to date.
What do you dislike about the product?
Some scans and dashboards can feel heavy at scale, and custom reporting and tagging rules sometimes require extra tuning to get right.
What problems is the product solving and how is that benefiting you?
InsightVM helps continuously identify and prioritize vulnerabilities across our hybrid environment, turning scan results into clear, ticketed remediation work that shortens risk exposure windows and streamlines coordination with ops.
Anusha Sadasivani
Rapid deployment and user-friendly architecture streamline vulnerability management but customer support response needs improvement
Reviewed on May 22, 2025
Review provided by PeerSpot
What is our primary use case?
We are still using Rapid7 InsightVM .
I personally still use Rapid7 InsightVM .
We use Rapid7 InsightVM for vulnerability scanning. It supports both agent-based and agentless scanning, which is part of our vulnerability management strategy.
What is most valuable?
The agentless scan in Rapid7 InsightVM is effective and represents the functionality I primarily work with. The risk scoring system in Rapid7 InsightVM is another valuable feature. When comparing to the main competitor QualysGuard, Rapid7 InsightVM is more preferable for me.
What needs improvement?
Customer support in Rapid7 InsightVM could be improved. The response time needs improvement.
For how long have I used the solution?
I have performed scans and explored the components of the product over the last three to four years.
What do I think about the stability of the solution?
I would rate the stability of Rapid7 InsightVM as seven out of ten.
What do I think about the scalability of the solution?
Rapid7 InsightVM rates approximately 8.5 for scalability. Rapid7 InsightVM is recommended for large-scale companies with more than 30,000 users.
How are customer service and support?
The response time for customer service needs improvement.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
My first tool was QualysGuard, which had more than 100,000 users. QualysGuard is more technical and problematic when implementing things, making it not as easy to use as Rapid7 InsightVM.
How was the initial setup?
Setup for Rapid7 InsightVM was simple. It was not complex because I had previous experience with Rapid7 when it was Nexpose.
What's my experience with pricing, setup cost, and licensing?
I would rate the pricing for Rapid7 InsightVM as eight out of ten.
Which other solutions did I evaluate?
QualysGuard is more challenging if you are not proficient in technical or environmental aspects, making deployment difficult. With Rapid7 InsightVM, the deployment process is more user-friendly.
What other advice do I have?
I would recommend Rapid7 InsightVM for large-scale companies. I can recommend it to other users. Overall, I rate Rapid7 InsightVM eight out of ten.
FurqanLatif
Offers robust compliance features but needs improved automation in remediation
Reviewed on May 12, 2025
Review from a verified AWS customer
What is our primary use case?
The main use case is the vulnerability assessment of their assets. Assets include Windows or Linux platforms. This is the only use case. They want to highlight and identify vulnerabilities in their platform to remediate them. For the remediation part, they want to integrate their IT teams with the Rapid7 InsightVM platform so their IT team can get insights into the vulnerabilities, remediate them, and update over the same platform. These are the functionalities of their Rapid7 InsightVM solution.
What is most valuable?
The most valuable feature of the Rapid7 InsightVM solution is the Live Risk Score. It provides dynamic Live Risk Scoring of the assets. Vulnerabilities can be classified between most critical and less critical vulnerabilities, which are dynamically updated in their dashboard. This is the most interesting and valuable feature from my perspective.
It provides different compliance reports regarding PCI DSS, GDPR, and HIPAA. For compliance, it is a good solution for customers, and in this domain there is no improvement required for Rapid7 InsightVM.
What needs improvement?
The automation capability remediation needs improvement. The current process requires manually telling IT teams to remediate vulnerabilities, and then they update the status of these vulnerabilities in the platform. This basic feature that Rapid7 calls an automated remediation process is actually manual. We can update the status of vulnerabilities in the Rapid7 InsightVM platform and collectively see how many vulnerabilities we have identified and how many are remediated by our IT team.
More automation in the remediation feature is a basic demand from many customers. The remediation part and vulnerability identification of network devices or rigid devices are not currently supported by Rapid7 InsightVM. More integration and automation are the two areas Rapid7 needs to improve in their product.
For how long have I used the solution?
I have been working with Rapid7 InsightVM for about one and a half years.
What do I think about the stability of the solution?
This is a very stable solution. I rate it around eight because I have faced only one problem in the Rapid7 InsightVM solution when configuring it for a customer due to a malfunction or bug.
Other than that, there have been no specific issues ever recorded or noticed by my team or myself. Rapid7 continuously updates it, which is why I rate it eight out of ten.
What do I think about the scalability of the solution?
This is a very scalable solution that I would rate eight out of ten. Scalability in the Rapid7 InsightVM solution is straightforward. We just need to deploy multiple scanning engines for scanning the assets. If we exceed assets from 5,000 to 10,000, we need to deploy more scanning engines to scan the solutions and assets. We simply need to deploy another scan engine to make it scalable.
How are customer service and support?
I cannot comment specifically regarding the support part because I have never needed Rapid7 support for the InsightVM solution as it is very stable. There were no bugs or specific problems that required raising a support ticket. Their support appears good, and some of their representatives are in direct contact with me through phone numbers. Their support seems good, but I cannot provide a specific rating.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
In the Pakistan region, there are multiple customers using Rapid7 InsightVM solution, including Rapid7 Nexpose. Nexpose and InsightVM are the same solution, with the difference being cloud versus on-premises versions. The on-premises version is called Nexpose, and the cloud version is called Rapid7 InsightVM solution. Their functionalities are almost the same. In Pakistan, I have deployed this solution in more than 15 organizations, and approximately 30 plus organizations are using this solution in total.
How was the initial setup?
Initial setup is very easy as this is a cloud solution. We just need to create the account and use it for integration with other assets. I would rate the initial setup nine out of ten.
What's my experience with pricing, setup cost, and licensing?
The customers are mostly SMBs, though some enterprise organizations have also deployed the solution. This is neither a cheap nor the most expensive solution. Qualys and some other vendors are more expensive than Rapid7 InsightVM.
Which other solutions did I evaluate?
I have experience with the Rapid7 VMDR solution - not with other solutions. I am exploring the differences between these solutions for customer pitches.
What other advice do I have?
Currently, there is no AI embedded in the solution available on the website. According to Rapid7, they are working on the Sonar project and will soon launch this project to enhance their AI capability in the solution.
My overall rating for Rapid7 InsightVM is seven out of ten.