Sold by: Rapid7
Deployed on AWS
InsightCloudSec is a fully integrated cloud-native security platform your whole cloud security toolbox in a single solution.
3.9
Overview
InsightCloudSec is a fully integrated cloud-native security platform (CNAPP) that brings your entire cloud security toolbox into a single solution. It helps teams protect even the most complex multi-cloud and container environments from misconfigurations, policy violations, threats, and identity and access management (IAM) challenges. With automated, real-time remediation, InsightCloudSec enables rapid response to security and compliance risks.
With Rapid7 InsightCloudSec, organizations can:
Reduce organizational risk - Move beyond endless alerts and risk signals. Track and improve compliance and risk posture across your cloud environment.
Improve team efficiency and collaboration - Seamlessly integrate with existing tools and processes to enhance cross-team collaboration.
Consolidate your cloud security toolset - Eliminate the need for niche point solutions. Get comprehensive cloud security in a single platform with one subscription.
Accelerate mean time to respond (MTTR) - Detect risks in real time, prioritize intelligently, and automate remediation workflows to minimize impact and limit blast radius.
Highlights
- Monitor cloud risk everywhere, in real time - Detect cloud risk immediately with real-time, agentless visibility into everything running across your entire environment.
- Prioritize risk with layered context - Know exactly which risk signals to prioritize thanks to complete context, with the broadest and deepest coverage across major cloud platforms.
- Automate cloud compliance any way you need - Enforce organizational standards, streamline the remediation process, and fix compliance drift immediately with native, no-code automation.
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Insight CloudSec | Minimum of 1 year term. Annual price based on 500 assets. | $69,300.00 |
Vendor refund policy
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Data base monitoring tool preventing data breach and corresponding to SOX, HIPAA, DISA, PCI, DSS and more.
Insight Masking protects your data. Insight Masking prevents data leakage and improves the quality of development and analytics.
SQL test automation tool to help version upgrades test and migration assessment
SQL test automation tool to help version upgrades test and migration assessment
SQL test automation tool to help version upgrades test and migration assessment
Customer reviews
Arun Babu
Daily endpoint monitoring has improved investigations and saved time but detection rules still need tuning
Reviewed on Dec 03, 2025
Review provided by PeerSpot
What is our primary use case?
My main use case for Rapid7 InsightCloudSec is endpoint detections and monitoring, especially with the SIEM . As a MSP, I use Rapid7 InsightCloudSec for endpoint detection and monitoring daily with multiple clients, and the Rapid7 Insight Agent is installed on all the servers and linked with the ticketing system. Once an alert is generated through Rapid7, we receive an alert and investigate through the Rapid7 Insight Agent by using the logs.
What is most valuable?
The best feature Rapid7 InsightCloudSec offers is the log, which is really quick, and I appreciate the new update with the AI assistance, allowing us to search and create log searches with AI support.
The AI assistance for log search helps me by allowing me to easily search for something from the log, as I used to manually create the log. With the new AI feature, I just type it in and it generates the code, making it easier to get the results.
Rapid7 InsightCloudSec has positively impacted my organization because we are using Microsoft Defender for endpoint protection alongside Rapid7. Rapid7 is quicker than Defender regarding detection speed and logging in, so in comparison, Rapid7 is faster than Microsoft Defender and is lightweight. Since switching to Rapid7 InsightCloudSec, I have noticed it is more time-saving and cost-effective, especially in cases of false positives. From Defender's point of view, we need to log in and check everything, but from Rapid7's perspective, everything is there and with a quick reference, we can identify false positives without digging deeper, saving time and reallocating resources to positive cases.
What needs improvement?
It is important to note that Rapid7 InsightCloudSec's features are not 100% precise, but I find about 70% of the time it is satisfactory. I would like to suggest that you improve it to be more precise, ideally making it 100% if possible.
Some cases in Rapid7 InsightCloudSec indicate that the log is not enough, as they mostly just generate alerts, and the synchronization between data connectors is often problematic, particularly in terms of not being in sync always, especially between the AD and Rapid7 alerts, which generates numerous false positives. Additionally, the traditional rules should be updated, as this is a main point worth mentioning since we spend a lot of time fine-tuning these traditional rules. I suggest improving the legacy detection rules.
If there are any authentication cases, such as impossible travel activity where a user has their SharePoint hosted in a different location, Rapid7 can often trigger alerts, creating confusion as we cannot fine-tune it properly. Another issue is with honeypot access. We sometimes lack necessary logs because Defender's advanced threat protection scanning gets detected as honeypot activity by Rapid7, leading to annoying and noisy alerts that we need to constantly close.
If you can improve the traditional detection rules to reflect current detection rules, it would make it significantly easier for us to manage, as we constantly need to check legacy rules to update or possibly turn them off. Updating the legacy rules should be a priority.
For how long have I used the solution?
I have been using Rapid7 InsightCloudSec for almost one year.
What do I think about the stability of the solution?
Rapid7 InsightCloudSec is stable.
What do I think about the scalability of the solution?
Regarding scalability, Rapid7 InsightCloudSec is very scalable so far.
How are customer service and support?
The customer support provided by Rapid7 InsightCloudSec is pretty good. We receive enough support on time. In more complex cases, it can take time, but overall, I am satisfied with the support.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We did not use any other solution prior to Rapid7. We started directly with Rapid7 and Microsoft.
What was our ROI?
In terms of return on investment, I can say that we have seen time saved and money saved. We previously had fewer employees, and with Rapid7, it has been really helpful to manage all workloads effectively.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup costs, and licensing for Rapid7 InsightCloudSec is that it was affordable initially, but now the costs are a bit high. However, in comparison to other tools in the market, I still find it affordable.
Which other solutions did I evaluate?
Before choosing Rapid7 InsightCloudSec, we evaluated other options, including SentinelOne and other popular solutions.
What other advice do I have?
The first thing we need to do to use Rapid7 InsightCloudSec effectively in our workflow or with our clients is to install the Rapid7 Insight Agent to the endpoints or even the servers. That is a bit challenging because most of the clients are unaware of Rapid7 Insight Agent, and we need to convince them to make it a trustworthy source.
My advice for others looking into using Rapid7 InsightCloudSec is to investigate the features that need to be set up in detail. I rate Rapid7 InsightCloudSec a seven out of ten because of its efficiency, cost-effectiveness, time-saving capabilities, and better monitoring.
reviewer2783157
Automated cloud monitoring has transformed compliance checks and now reduces misconfigurations in real time
Reviewed on Nov 28, 2025
Review from a verified AWS customer
What is our primary use case?
Rapid7 InsightCloudSec is used to monitor client cloud environments, identify misconfigurations, and ensure continuous compliance across their cloud resources.For specific monitoring, Rapid7 InsightCloudSec is mainly used to monitor exposed S3 buckets and IAM policy changes, and it alerts when a bucket becomes open to the public or if a risk permission gets added so it can be fixed. It has also been used for monitoring devices and laptops.Rapid7 InsightCloudSec is deployed in the cloud to monitor both public and private cloud environments for clients, so it is not used on-premises.
What is most valuable?
The automated alerts and clear dashboards make it easy to stay ahead of issues, and Rapid7 InsightCloudSec has been reliable for keeping client cloud setups secure without a lot of manual effort.The best feature in Rapid7 InsightCloudSec is the real-time misconfiguration detection because it immediately flags risk changes in client cloud environments, allowing response before anything escalates.Real-time detection has helped the team react faster and avoid potential security incidents. Instead of finding issues during scheduled checks, alerts are received at the moment something risky happens, which allows problems to be fixed immediately and keeps client environments stable and compliant.Rapid7 InsightCloudSec has helped the organization work more efficiently and proactively, reducing the time and effort spent on manual cloud checks, improving response time to issues, and providing more confidence in the overall security posture managed for clients. It helps streamline workflow and strengthen the quality of service delivered.Since implementing Rapid7 InsightCloudSec, manual cloud security checks have been reduced by around forty to fifty percent, and mean time to resolve misconfigurations has dropped from several hours to under thirty minutes on average, significantly improving efficiency and client confidence.Overall, Rapid7 InsightCloudSec has been a reliable tool for managing cloud security for clients, and while there is room for improvement, its real-time alerts and automated checks make it a valuable part of the workflow.
What needs improvement?
The platform could be improved with more customizable dashboards and reporting.The rating of eight out of ten was chosen because there is room for improvement in dashboard customization and in-app guidance.
For how long have I used the solution?
Rapid7 InsightCloudSec has been used for about a year since starting at RDX.
What do I think about the stability of the solution?
Rapid7 InsightCloudSec works without any stability issues so far.No stability issues have been experienced since using Rapid7 InsightCloudSec with clients.
What other advice do I have?
Teams looking into using Rapid7 InsightCloudSec should take time to set up automated policies for alerts from the start because that is very important. It is worth investigating and learning the dashboard early because once configured, Rapid7 InsightCloudSec saves a lot of time and helps proactively secure cloud environments. The review rating for Rapid7 InsightCloudSec is eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Vhalikhede Vhalikhede
Cloud security has improved as we manage multi cloud compliance, automate remediation, and gain real time visibility into misconfigurations
Reviewed on Nov 27, 2025
Review from a verified AWS customer
What is our primary use case?
My main use case for Rapid7 InsightCloudSec is for cloud procedure management, real-time compliance monitoring, and identifying misconfigurations across all cloud environments such as AWS , Azure , GCP, and resource visibility as an inventory.
I used Rapid7 InsightCloudSec in my previous company for real-time compliance monitoring and identifying misconfigurations, where we focused on faster, more accurate detection and client solution services.
How has it helped my organization?
Since using Rapid7 InsightCloudSec, I have positively impacted my organization by sending alerts.
Those alerts have helped by saving time.
What is most valuable?
The best features Rapid7 InsightCloudSec offers include more automation remediation, compliance reporting for auditing, improvement on multi-cloud governance, and cost visibility, which really stand out to me.
The automation capabilities in Rapid7 InsightCloudSec boost my workflow, as they involve Jira automation and creating misconfiguration tickets in Jira .
Rapid7 InsightCloudSec provides a faster, more accurate indication and helps to better understand how to reduce noise in the tone policies.
What needs improvement?
Rapid7 InsightCloudSec can be improved by seeing reductions and improvements in prioritization, tuning findings, suppressing low-value alerts, and better prioritizing the most critical risks.
Needed improvements include adding AI-driven risk prioritization, proactive cloud risk modeling, advanced IAM privilege analysis, identity graph relationship mapping, privilege escalation detection, and automation for privileged remediation.
Additionally, Rapid7 InsightCloudSec needs improvements such as AI-driven risk prioritization, proactive cloud risk modeling, advanced IAM privilege analysis, multi-cloud attack path mapping, pre-built automated hardening, defining stronger policy as code support, better container and serverless coverage, and cost optimization insight along with safe auto-remediation with rollback improvements.
For how long have I used the solution?
I have been using Rapid7 InsightCloudSec for eight to nine months in my previous company.
What other advice do I have?
Rapid7 InsightCloudSec is deployed in my organization as a public cloud and hybrid cloud.
I am using VMWare Cloud, Azure , GCP, and AWS for my public and hybrid cloud deployment.
I purchased Rapid7 InsightCloudSec through the AWS Marketplace .
I would rate Rapid7 InsightCloudSec an eight out of ten because of its multi-cloud integration, stronger policy as code support, better container serverless coverage, and security plus cost optimization insight.
Yuva Viswanatham
Proactive threat detection has strengthened hybrid cloud protection and simplifies vulnerability management for diverse infrastructures
Reviewed on Nov 27, 2025
Review provided by PeerSpot
What is our primary use case?
Rapid7 InsightCloudSec is used for infrastructure threat finding, and based on the reports which include high, low, and medium priority vulnerabilities, it is easy to determine what actions need to be taken to fix and address the environment and infrastructure in the best way.A combination of on-premises, virtual environments, and both Windows and Linux systems are monitored. Public-facing servers are also monitored, and with Rapid7 InsightCloudSec , servers can be easily safeguarded from unauthenticated or unknown users while controlling malicious activities. Vulnerabilities of both Windows and Linux servers along with applications are monitored, which allows for early detection and reports about issues and solutions for vulnerabilities or security threats.I have approximately 15 years of work experience in this field.
How has it helped my organization?
Rapid7 InsightCloudSec impacts the organization positively by acting as a shield against hackers and ransomware, providing effective protection to data and infrastructure.
What is most valuable?
The ability to find threats in advance is the most valuable feature in day-to-day work because it helps keep the environment and customers safe. Customers can be notified in advance since they rely on this managed service, making these features very helpful for company-managed services and customers.Rapid7 InsightCloudSec offers advanced notifications, alerts for unknown anonymous logins, and it advises on vulnerabilities with generated reports.
What needs improvement?
Improvements could include providing better human-readable report formats with thorough explanations of CVEs and threats, detailing what can be done to eliminate malicious activities.Currently, an agent is used for every new infrastructure deployment. It would be better going forward to have a host-level automatic discovery feature to reduce those dependencies.At present, it is an agent-based solution, and a host-based solution that does not require agent dependencies would make it easier to work with.
For how long have I used the solution?
Rapid7 InsightCloudSec has been used for the last five-plus years, and it has been a good security tool in both past and current companies.
What do I think about the stability of the solution?
Rapid7 InsightCloudSec is very stable.
What do I think about the scalability of the solution?
Its scalability is highly relevant and adaptable.
How are customer service and support?
The customer support for Rapid7 InsightCloudSec is good, as very prompt responses are received to queries.On a scale of 1 to 10, the customer support would be rated a 10, as responses are typically received within about half an hour to an hour when creating a ticket.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Previously, some open-source tools such as OpenVAS were used.
How was the initial setup?
The pricing, setup cost, and licensing for Rapid7 InsightCloudSec would be described as nominal.
What about the implementation team?
No additional implementation team support is needed at this time.
What was our ROI?
A return on investment has been seen in terms of manpower and money due to its ease of deployment, eliminating the need for multiple people once configuration and installation are standardized, allowing Rapid7 InsightCloudSec to perform its job efficiently.Cost savings have been observed, and when comparing with other customers using different tools, they faced issues with alerts and reports while the environment and customers remain on a safer side with Rapid7 InsightCloudSec.
What's my experience with pricing, setup cost, and licensing?
The pricing, setup cost, and licensing for Rapid7 InsightCloudSec would be described as nominal.
Which other solutions did I evaluate?
Before choosing Rapid7 InsightCloudSec, other options were evaluated, including OpenVAS.
What other advice do I have?
Rapid7 InsightCloudSec creates a user-friendly environment with limited options, while the reporting is well-structured and allows for accurate decision-making. This review has been given a rating of 9 out of 10.
Gaurab Silwal
Cloud posture has strengthened and security policies are managed proactively across our environments
Reviewed on Nov 26, 2025
Review from a verified AWS customer
What is our primary use case?
Rapid7 InsightCloudSec 's main use case for our organization is to maintain our cloud security posture, and we typically depend on a platform named AWS to monitor it and implement all the security features suggested by Rapid7 InsightCloudSec .
Recently, we had a bunch of AWS roles and S3 bucket policies that were overly permissive, which were suggested by Rapid7 InsightCloudSec. After considering their suggestions, we limited the AWS policies and downsized all overly excessive permissions to only what's necessary.
We are also using Rapid7 InsightCloudSec for other use cases, such as managing the whole networking structure of our AWS account, including VPC, subnetting, and ensuring the whole cloud security posture aligns with how it should be.
Recently, we had a bunch of AWS roles and S3 bucket policies that were overly permissive, which were suggested by Rapid7 InsightCloudSec. After considering their suggestions, we limited the AWS policies and downsized all overly excessive permissions to only what's necessary.
We are also using Rapid7 InsightCloudSec for other use cases, such as managing the whole networking structure of our AWS account, including VPC, subnetting, and ensuring the whole cloud security posture aligns with how it should be.
What is most valuable?
Rapid7 InsightCloudSec's best features include the immediate suggestions and support provided, as well as real-time visibility across multiple cloud environments, risk-based prioritization, automated cloud compliance, policy enforcement, and best practices for Infrastructure as Code security.
The automated compliance enforcement has helped our team significantly in cloud infrastructure entitlement management and maintaining the whole IAM governance as well as the container and Kubernetes security postures, plus conducting vulnerability assessments and generating comprehensive reports.
One of the best features is the agentless cloud-native vulnerability management plus cloud workload protection, as Rapid7 InsightCloudSec provides native vulnerability scanning for cloud workloads, containers, and VMs without needing an agent, simplifying deployment and reducing overhead.
It has positively impacted our organization by changing the whole efficiency, especially after updating our patching process to meet the CIS benchmark that was previously under-provisioned. This change uplifted our CIS compliance score. After implementing Rapid7 InsightCloudSec, we increased our CIS benchmark score from 48 to around 88 after addressing missing patches on some VM instances, indicating a significant positive impact.
The automated compliance enforcement has helped our team significantly in cloud infrastructure entitlement management and maintaining the whole IAM governance as well as the container and Kubernetes security postures, plus conducting vulnerability assessments and generating comprehensive reports.
One of the best features is the agentless cloud-native vulnerability management plus cloud workload protection, as Rapid7 InsightCloudSec provides native vulnerability scanning for cloud workloads, containers, and VMs without needing an agent, simplifying deployment and reducing overhead.
It has positively impacted our organization by changing the whole efficiency, especially after updating our patching process to meet the CIS benchmark that was previously under-provisioned. This change uplifted our CIS compliance score. After implementing Rapid7 InsightCloudSec, we increased our CIS benchmark score from 48 to around 88 after addressing missing patches on some VM instances, indicating a significant positive impact.
What needs improvement?
I currently do not have any specific suggestions for improvements, as I am still exploring the full capabilities of Rapid7 InsightCloudSec, but I wish the UI and UX for reporting could be more straightforward, simplifying the process of creating matrices and dashboards.
For how long have I used the solution?
I have been working in my current field for the past three and a half years.
What do I think about the stability of the solution?
Rapid7 InsightCloudSec seems very stable, having been deployed in production systems without causing any issues.
What do I think about the scalability of the solution?
Rapid7 InsightCloudSec is scalable, as it effectively monitors resources regardless of how much we scale up.
How are customer service and support?
I interacted with customer support after an endpoint compromise incident, and they responded quickly and provided clear insights that were essential for resolving the situation.
I would rate customer support a nine, as there is always room for improvement, but they have been generally impressive.
I would rate customer support a nine, as there is always room for improvement, but they have been generally impressive.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We previously used CyberArk and Sysdig, but we switched to Rapid7 InsightCloudSec for its comprehensive monitoring capabilities across our cloud security, as the previous solutions focused on specific areas and we needed a more general approach.
How was the initial setup?
I advise others considering Rapid7 InsightCloudSec to integrate it into their organization. While there may be upfront costs for setup, it pays off in long-term security benefits and risk reduction from breaches.
What was our ROI?
Rapid7 has provided us with a good return on investment, helping us plan migrations from outdated virtual machines to up-to-date, secure systems, which has led to savings in infrastructure costs and reduced the need for a large cybersecurity team.
What's my experience with pricing, setup cost, and licensing?
The pricing has been equivalent to the features provided. While it was not overly expensive, I do wish for more discounts for bulk purchases since we have implemented it widely across our cloud security posture. The setup cost was manageable, and the licensing process is seamless.
Which other solutions did I evaluate?
Before choosing Rapid7 InsightCloudSec, we did not evaluate other options thoroughly. While we had a few POC integrations with Snyk , they were not as effective as Rapid7 InsightCloudSec.
What other advice do I have?
Everything is under control for the cloud security postures at this time. My overall review rating for Rapid7 InsightCloudSec is eight.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)