Overview
When it comes to risk management, the ability to detect problems is meaningless if you can't fix what you uncover. That's why we've designed InsightVM to detect risk and also arm security teams with the tools needed to overcome the communication barriers and organizational silos that can make remediation so hard.
Rapid7 InsightVM starts with the array of capabilities you'd expect from a solution that's been named by Forrester as a leader in the last three consecutive Wave reports on Vulnerability Risk Management:
- Get complete visibility into the presence of vulnerabilities through scan engines, the cross-product Rapid7 Insight Agent, and direct API integrations with AWS, other cloud providers, container repositories, and more.
- Detect over 150 kinds of misconfigurations in your AWS environment.
- Monitor your attack surface to uncover known and unknown external-facing assets.
- Evaluate compliance with industry frameworks or custom policies.
Once risks have been found, InsightVM helps teams take action:
- Proprietary real-risk score helps teams prioritize the biggest threats
- Automatically create tickets in JIRA or ServiceNow based on findings
- Automation capabilities include integrations with SCCM and BigFix
- Custom generated code snippets let you fix AWS misconfigurations with a few clicks
- Goal and SLA reporting, remediation projects, and customizable dashboards help track progress over time and share results across the organization
Highlights
- Full Visibility: InsightVM assesses physical servers, virtual machines (such as EC2 instances), containers, and remote endpoints. Plus, since risk to your organization is more than just missing patches, it also detects misconfigurations in AWS.
- Real-Time: Direct integrations with AWS and other cloud providers ensure data in InsightVM is always up-to-date. It also allows you to pull in all your EC2 tags for tracking, reporting, and organization.
- Available as a Managed Service: Let our team, led by a dedicated security advisor, run InsightVM for you. The best part? You still get full access to InsightVM for those times when you want to roll up your sleeves.
Features and programs
Financing for AWS Marketplace purchases
Pricing
Dimension | Description | Cost/12 months |
---|---|---|
Up to 128 Assets | Includes unlimited scan engines and templates, up to 3 Consoles | $3,840.00 |
Managed VM | Service terms and coverage to be defined in Private Offer | $1,000,000.00 |
Custom Pricing | Custom Pricing w/ terms and coverage to be defined in Private Offer | $1,000,000.00 |
Vendor refund policy
Please see the seller website for refund details.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Rapid7 Customer Support services provide rapid resolution of issues. We include Customer Portal Support, 24 hour vulnerability service level agreement, 24 hour incident response time, and a reliable testing guarantee. www.rapid7.com/for-customers
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Customer reviews
Nexpose is an excellent tool that helps identify vulnerabilities.
It integrates seamlessly with various other security tools and systems, such as SIEMs, ticketing systems, and DevOps tools, facilitating a more streamlined security workflow.
The tool supports automated remediation workflows, which can significantly reduce the time and effort required to address vulnerabilities.
Cost is very high to compair to other tool.
Some users have experienced false positives in the scan results, which can lead to unnecessary remediation efforts and wasted resources.
The detailed compliance reporting and helps organizations ensure they meet various regulatory standards such as PCI-DSS, GDPR, and HIPAA.
Nexpose is an excellent tool that helps identify vulnerabilities.
It integrates seamlessly with various other security tools and systems, such as SIEMs, ticketing systems, and DevOps tools, facilitating a more streamlined security workflow.
The tool supports automated remediation workflows, which can significantly reduce the time and effort required to address vulnerabilities.
Cost is very high to compair to other tool.
Some users have experienced false positives in the scan results, which can lead to unnecessary remediation efforts and wasted resources.
The detailed compliance reporting and helps organizations ensure they meet various regulatory standards such as PCI-DSS, GDPR, and HIPAA.
Better than most of the products in the market, but not the best
Reporting
Dashboards
Tons of threat intelligence and research data integrated with the product by Rapid7. Stuff like Metasploit DB, AttackerKB and project Heisenberg are some of the best integrations.
Remediation Projects
Risk Scoring - the new Active Risk Scoring is awesome.
Scan Assistant (probably the best service for vuln scanning)
Native Jira integration is not really native. Breaks all the time.
Sometimes it takes days to identify some vulnerabilities which is a major drawback especially for critical vulnerabilities (Jetbrains TeamCity CVSS10 vuln is one example, took it 3 days to identify vulnerable assets)
Too much administrative efforts to setup stuff.
Better than most of the products in the market, but not the best
Reporting
Dashboards
Tons of threat intelligence and research data integrated with the product by Rapid7. Stuff like Metasploit DB, AttackerKB and project Heisenberg are some of the best integrations.
Remediation Projects
Risk Scoring - the new Active Risk Scoring is awesome.
Scan Assistant (probably the best service for vuln scanning)
Native Jira integration is not really native. Breaks all the time.
Sometimes it takes days to identify some vulnerabilities which is a major drawback especially for critical vulnerabilities (Jetbrains TeamCity CVSS10 vuln is one example, took it 3 days to identify vulnerable assets)
Too much administrative efforts to setup stuff.