Sold by: Rapid7
Deployed on AWS
Vendor Insights
Rapid7 InsightVM is a vulnerability management solution that doesn't just provide visibility into the risks present in your IT environment. It equips you with the reporting, automation, and integrations needed to prioritize and fix those vulnerabilities in a fast and efficient manner.
4.3
Overview
When it comes to risk management, the ability to detect problems is meaningless if you can't fix what you uncover. That's why we've designed InsightVM to detect risk and also arm security teams with the tools needed to overcome the communication barriers and organizational silos that can make remediation so hard.
Rapid7 InsightVM starts with the array of capabilities you'd expect from a solution that's been named by Forrester as a leader in the last three consecutive Wave reports on Vulnerability Risk Management:
- Get complete visibility into the presence of vulnerabilities through scan engines, the cross-product Rapid7 Insight Agent, and direct API integrations with AWS, other cloud providers, container repositories, and more.
- Detect over 150 kinds of misconfigurations in your AWS environment.
- Monitor your attack surface to uncover known and unknown external-facing assets.
- Evaluate compliance with industry frameworks or custom policies.
Once risks have been found, InsightVM helps teams take action:
- Proprietary real-risk score helps teams prioritize the biggest threats
- Automatically create tickets in JIRA or ServiceNow based on findings
- Automation capabilities include integrations with SCCM and BigFix
- Custom generated code snippets let you fix AWS misconfigurations with a few clicks
- Goal and SLA reporting, remediation projects, and customizable dashboards help track progress over time and share results across the organization
Highlights
- Full Visibility: InsightVM assesses physical servers, virtual machines (such as EC2 instances), containers, and remote endpoints. Plus, since risk to your organization is more than just missing patches, it also detects misconfigurations in AWS.
- Real-Time: Direct integrations with AWS and other cloud providers ensure data in InsightVM is always up-to-date. It also allows you to pull in all your EC2 tags for tracking, reporting, and organization.
- Available as a Managed Service: Let our team, led by a dedicated security advisor, run InsightVM for you. The best part? You still get full access to InsightVM for those times when you want to roll up your sleeves.
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Up to 128 Assets | Includes unlimited scan engines and templates, up to 3 Consoles | $3,840.00 |
Managed VM | Service terms and coverage to be defined in Private Offer | $1,000,000.00 |
Custom Pricing | Custom Pricing w/ terms and coverage to be defined in Private Offer | $1,000,000.00 |
Vendor refund policy
Please see the seller website for refund details.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Rapid7 Customer Support services provide rapid resolution of issues. We include Customer Portal Support, 24 hour vulnerability service level agreement, 24 hour incident response time, and a reliable testing guarantee. <www.rapid7.com/for-customers >
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Rapid7
By Qualys
By Tenable, Inc.
Top
10
In Industrial IoT, Application Servers
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Vulnerability Detection and Assessment
Detects over 150 kinds of misconfigurations in AWS environments and assesses physical servers, virtual machines such as EC2 instances, containers, and remote endpoints through scan engines, Rapid7 Insight Agent, and direct API integrations with cloud providers and container repositories.
Risk Prioritization and Scoring
Utilizes proprietary real-risk scoring algorithm to help teams prioritize threats and identify the biggest security risks within the IT environment.
Automated Remediation and Ticketing
Automatically creates tickets in JIRA or ServiceNow based on findings and includes automation capabilities with integrations to SCCM and BigFix for streamlined remediation workflows.
Attack Surface Monitoring
Monitors attack surface to uncover known and unknown external-facing assets and maintains real-time data synchronization through direct integrations with AWS and other cloud providers.
Compliance and Policy Evaluation
Evaluates compliance with industry frameworks and custom policies, and provides goal and SLA reporting, remediation projects, and customizable dashboards for tracking progress and sharing results across the organization.
Cloud-Based Vulnerability Management Platform
Single cloud-based application that integrates discovery, assessment, detection, and response capabilities for vulnerability management
Real-Time Prioritization
Real-time prioritization of vulnerabilities across global hybrid IT environments
AWS EC2 Integration
Pre-approved scanner for AWS EC2 Cloud with AWS EC2 Cloud Connector for seamless integration
Cloud Context-Aware Scanning
Cloud context aware scanning providing end-to-end visibility from inventory to remediation
Comprehensive Asset Discovery and Assessment
Discovers and assesses assets across hybrid IT environments with comprehensive coverage and visibility
Vulnerability Detection Coverage
Supports detection of more than 76,000 vulnerabilities and 186,000 plugins with comprehensive CVE and security configuration support
Risk-Based Prioritization
Predicts which security issues to remediate first using risk-based scoring and built-in compliance profiles
Agentless Cloud Assessment
Enables continuous discovery and assessment of EC2 instances for vulnerabilities without requiring agent installation, credential management, or manual scan configuration
Asset-Based Elastic Licensing
Implements asset-based licensing model that eliminates duplicate counting of assets with multiple IP addresses
Standard contract
No
No
No
Customer reviews
Mohamed Fouad
Vulnerability insights have reduced critical incidents and improve our patching response speed
Reviewed on Feb 06, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for Rapid7 InsightVM is for vulnerability management, so we can discover our vulnerabilities and then patch them to stop the security risks we have inside the vulnerability management.
Recently, I used Rapid7 InsightVM to discover many vulnerabilities, including many critical ones. Rapid7 InsightVM reported these vulnerabilities and assigned them a critical score, so after we identified these vulnerabilities, we stopped them and patched them through our patching system. We were able to stop the critical situations that we already faced.
What is most valuable?
In my opinion, the best features Rapid7 InsightVM offers are the two modes: agent and agentless.
Having both agent and agentless modes helps my team as we can set up network scanning after we provide required credentials, so Rapid7 InsightVM will collect information about the vulnerabilities inside the network and report it to us. After this, we can patch it and work on these vulnerabilities to stop them.
I would like to add that we have great integrations with Rapid7 InsightVM, so we can have the insight, the VM and know the user owner for this VM. Rapid7 InsightVM also provides a great dashboard, and its reporting features are among the most outstanding features I have ever seen on vulnerability management, which is really helpful to us.
Rapid7 InsightVM has positively impacted my organization as after we identify the vulnerabilities, we stop them, leading to lower or reduced incident response and incident security. I have seen a decrease in the number of incidents since adopting Rapid7 InsightVM, and the team can engage faster with incidents because we already know about the vulnerability on the servers.
In terms of impact, I can say the team has increased its speed of engagement with incidents because we are aware of the vulnerabilities on the servers.
What needs improvement?
To improve Rapid7 InsightVM, I wish to have integration with patching systems, which would be useful to us.
The usability of Rapid7 InsightVM is excellent, and the reporting module is one of the most features I love.
For how long have I used the solution?
I have been using Rapid7 InsightVM for four months.
What do I think about the stability of the solution?
Rapid7 InsightVM is stable.
What do I think about the scalability of the solution?
Its scalability is impressive.
How are customer service and support?
The customer support for Rapid7 InsightVM is great.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I did not previously use a different solution.
How was the initial setup?
My experience with the pricing, setup cost, and licensing is that both the setup cost and licensing are great.
What was our ROI?
I have seen a return on investment with Rapid7 InsightVM as we have reduced security incidents because we are informed about our critical vulnerabilities, allowing us to remain on the safe side against critical attacks.
What's my experience with pricing, setup cost, and licensing?
My experience with the pricing, setup cost, and licensing is that both the setup cost and licensing are great.
Which other solutions did I evaluate?
Before choosing Rapid7 InsightVM, I did not evaluate other options; only Rapid7 was considered.
What other advice do I have?
My advice for others looking into using Rapid7 InsightVM is to read the documentation before implementing and follow the ranking for vulnerabilities.
I find this interview valuable and do not think any changes are necessary for the future. I would rate this review a 10.
Michael Sands
Long-term risk management has reduced exploitable vulnerabilities and supports clear remediation
Reviewed on Jan 13, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for Rapid 7 typically revolves around vulnerability management, but we use it for a number of other things as well.
A specific example of how we're using it for vulnerability management is that we use it to scan and discover vulnerabilities on endpoints, and we use agents as well to discover vulnerabilities, present those in a console, and we work on remediations based upon those findings.
We have a unique setup with Rapid 7 as we're using a variety of their products, including their SIEM , Threat Command, and a few other things as well, and we're just starting to look into their ransomware offerings.
What is most valuable?
The best features Rapid 7 offers include their presentation of information and UI, which I think is actually very good, along with very good reporting, and their managed services, which I think provide a good value for what they charge.
What stands out to me about the presentation of information and UI is the dashboard, which is excellent, as they provide statistics that I can use to make my case for remediation and for addressing vulnerabilities. With managed services, probably the most valuable thing I find is the single point of contact and a regular point of contact as well, providing good communication from them on a consistent basis.
Rapid 7 has positively impacted my organization by reducing the risk to the environment, specifically by reducing the number of vulnerabilities and the number of vulnerable hosts. We have reduced exploitable vulnerabilities by around 50%, which has made a significant difference for my team.
What needs improvement?
Rapid 7 could be improved as some of the integrations between their different products could be better, and that's probably the main thing.
There are needed improvements around specific integrations, especially from a vulnerability perspective, as they're trying to push to the cloud-hosted version, which currently does not measure up to the legacy console and the way information is presented on that.
For how long have I used the solution?
I have been using Rapid 7 for over 20 years.
Which solution did I use previously and why did I switch?
We didn't use different solutions before Rapid 7 ; we've always used Rapid 7, so there was no need to switch.
What was our ROI?
I have seen a return on investment from Rapid 7 in the form of risk reduction.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing for Rapid 7 is that they are generally pretty good in terms of their pricing, their setup cost is reasonable, and licensing is among the easier companies to work with.
Which other solutions did I evaluate?
Before choosing Rapid 7, we evaluated other options, including Tenable.
What other advice do I have?
I would not add anything else about the features, as there is nothing else that stands out to me. I did not purchase Rapid 7 through the AWS Marketplace . I would rate this solution an 8 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
reviewer2775840
Manages vulnerabilities effectively over time but needs improvement in web coverage and dashboard flexibility
Reviewed on Nov 11, 2025
Review provided by PeerSpot
What is our primary use case?
Rapid7 InsightVM 's primary use case for us is to check the vulnerability and the exposure of our internal system.
Remediation is not done by the VM tool; we communicate internally with system owners and handle it in that manner. The system itself has not remediated the vulnerability; we more use it to identify and discover the vulnerabilities on each asset we manage.
What is most valuable?
Rapid7 InsightVM is an on-premise type product that has helped us manage potential vulnerabilities effectively.
The dashboard is excellent as it helps in visualizing our vulnerability management data. We are able to see the historical data in the dashboard, the assets, and the vulnerability in parallel. We can also see each site and manage both per-site as well as the grand information for all sites in the first dashboard.
What needs improvement?
Most of the dynamic asset tagging we use is manual, not dynamic. To manage the assets, we employed the manual approach because we have a limitation regarding the license, so we don't use the dynamic approach much.
I don't know how the configuration assessment has assisted with meeting compliance standards. The product that we use is the on-premise solution where we configure assets and dynamically scan them. However, we use the default policies more, the template, so Rapid7 InsightVM on-premise version is not that effective in the web-related systems. However, it is best on the OS to identify and discover the OS-related vulnerabilities, more of open ports and the discovery of vulnerable ports or services.
It would be better to improve Rapid7 InsightVM by including or working better to add web-related templates because it's not that effective in regard to web. I don't know if they may have a separate product regarding the web, but for the on-premise type, they are not strong in this area.
I would prefer to see web-related templates in addition to improving the dashboard-related things because the dashboard has been constant for a very long time. It would be better to see various kinds of, perhaps a flexible type of dashboard. If it's not customizable at all, I would want to see the risk and asset over time with more flexibility. The current dashboard is not flexible in this regard; I have to dig down every day, so they should work on this as well, in addition to the web.
For how long have I used the solution?
We have worked with Rapid7 InsightVM for the past three or four years.
How are customer service and support?
For the technical support by Rapid7, I would give a six out of ten because our web-related systems are very important to identify the vulnerabilities. I believe it would be better to work on the web-related issues and include those kinds of templates in their product.
How would you rate customer service and support?
Neutral
What other advice do I have?
We have utilized the predictive analytics feature.
The pricing of Rapid7 is not cheap; I would say it's medium. It's not very expensive; it's not cheap, but if they included the web and addressed the comments I made, the price would not be that expensive. For now, it is expensive.
Our overall review rating for this product is six out of ten.
tali k.
InsightVM’s Actionable Risk Scoring and Live Dashboards Impress
Reviewed on Nov 06, 2025
Review provided by G2
What do you like best about the product?
I like InsightVM’s clear, actionable risk scoring and live dashboards that keep asset exposure prioritized and up to date.
What do you dislike about the product?
Some scans and dashboards can feel heavy at scale, and custom reporting and tagging rules sometimes require extra tuning to get right.
What problems is the product solving and how is that benefiting you?
InsightVM helps continuously identify and prioritize vulnerabilities across our hybrid environment, turning scan results into clear, ticketed remediation work that shortens risk exposure windows and streamlines coordination with ops.
Anusha Sadasivani
Rapid deployment and user-friendly architecture streamline vulnerability management but customer support response needs improvement
Reviewed on May 22, 2025
Review provided by PeerSpot
What is our primary use case?
We are still using Rapid7 InsightVM .
I personally still use Rapid7 InsightVM .
We use Rapid7 InsightVM for vulnerability scanning. It supports both agent-based and agentless scanning, which is part of our vulnerability management strategy.
What is most valuable?
The agentless scan in Rapid7 InsightVM is effective and represents the functionality I primarily work with. The risk scoring system in Rapid7 InsightVM is another valuable feature. When comparing to the main competitor QualysGuard, Rapid7 InsightVM is more preferable for me.
What needs improvement?
Customer support in Rapid7 InsightVM could be improved. The response time needs improvement.
For how long have I used the solution?
I have performed scans and explored the components of the product over the last three to four years.
What do I think about the stability of the solution?
I would rate the stability of Rapid7 InsightVM as seven out of ten.
What do I think about the scalability of the solution?
Rapid7 InsightVM rates approximately 8.5 for scalability. Rapid7 InsightVM is recommended for large-scale companies with more than 30,000 users.
How are customer service and support?
The response time for customer service needs improvement.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
My first tool was QualysGuard, which had more than 100,000 users. QualysGuard is more technical and problematic when implementing things, making it not as easy to use as Rapid7 InsightVM.
How was the initial setup?
Setup for Rapid7 InsightVM was simple. It was not complex because I had previous experience with Rapid7 when it was Nexpose.
What's my experience with pricing, setup cost, and licensing?
I would rate the pricing for Rapid7 InsightVM as eight out of ten.
Which other solutions did I evaluate?
QualysGuard is more challenging if you are not proficient in technical or environmental aspects, making deployment difficult. With Rapid7 InsightVM, the deployment process is more user-friendly.
What other advice do I have?
I would recommend Rapid7 InsightVM for large-scale companies. I can recommend it to other users. Overall, I rate Rapid7 InsightVM eight out of ten.