Sold by: Rapid7Â
Deployed on AWS
InsightCloudSec is a fully integrated cloud-native security platform your whole cloud security toolbox in a single solution.
3.9
Overview
InsightCloudSec is a fully integrated cloud-native security platform (CNAPP) that brings your entire cloud security toolbox into a single solution. It helps teams protect even the most complex multi-cloud and container environments from misconfigurations, policy violations, threats, and identity and access management (IAM) challenges. With automated, real-time remediation, InsightCloudSec enables rapid response to security and compliance risks.
With Rapid7 InsightCloudSec, organizations can:
Reduce organizational risk - Move beyond endless alerts and risk signals. Track and improve compliance and risk posture across your cloud environment.
Improve team efficiency and collaboration - Seamlessly integrate with existing tools and processes to enhance cross-team collaboration.
Consolidate your cloud security toolset - Eliminate the need for niche point solutions. Get comprehensive cloud security in a single platform with one subscription.
Accelerate mean time to respond (MTTR) - Detect risks in real time, prioritize intelligently, and automate remediation workflows to minimize impact and limit blast radius.
Highlights
- Monitor cloud risk everywhere, in real time - Detect cloud risk immediately with real-time, agentless visibility into everything running across your entire environment.
- Prioritize risk with layered context - Know exactly which risk signals to prioritize thanks to complete context, with the broadest and deepest coverage across major cloud platforms.
- Automate cloud compliance any way you need - Enforce organizational standards, streamline the remediation process, and fix compliance drift immediately with native, no-code automation.
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Insight CloudSec | Minimum of 1 year term. Annual price based on 500 assets. | $69,300.00 |
Vendor refund policy
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Data base monitoring tool preventing data breach and corresponding to SOX, HIPAA, DISA, PCI, DSS and more.
SQL test automation tool to help version upgrades test and migration assessment
SQL test automation tool to help version upgrades test and migration assessment
Insight Masking protects your data. Insight Masking prevents data leakage and improves the quality of development and analytics.
SQL test automation tool to help version upgrades test and migration assessment
Customer reviews
reviewer2783157
Automated cloud monitoring has transformed compliance checks and now reduces misconfigurations in real time
Reviewed on Nov 28, 2025
Review from a verified AWS customer
What is our primary use case?
Rapid7 InsightCloudSec is used to monitor client cloud environments, identify misconfigurations, and ensure continuous compliance across their cloud resources.For specific monitoring, Rapid7 InsightCloudSec is mainly used to monitor exposed S3 buckets and IAM policy changes, and it alerts when a bucket becomes open to the public or if a risk permission gets added so it can be fixed. It has also been used for monitoring devices and laptops.Rapid7 InsightCloudSec is deployed in the cloud to monitor both public and private cloud environments for clients, so it is not used on-premises.
What is most valuable?
The automated alerts and clear dashboards make it easy to stay ahead of issues, and Rapid7 InsightCloudSec has been reliable for keeping client cloud setups secure without a lot of manual effort.The best feature in Rapid7 InsightCloudSec is the real-time misconfiguration detection because it immediately flags risk changes in client cloud environments, allowing response before anything escalates.Real-time detection has helped the team react faster and avoid potential security incidents. Instead of finding issues during scheduled checks, alerts are received at the moment something risky happens, which allows problems to be fixed immediately and keeps client environments stable and compliant.Rapid7 InsightCloudSec has helped the organization work more efficiently and proactively, reducing the time and effort spent on manual cloud checks, improving response time to issues, and providing more confidence in the overall security posture managed for clients. It helps streamline workflow and strengthen the quality of service delivered.Since implementing Rapid7 InsightCloudSec, manual cloud security checks have been reduced by around forty to fifty percent, and mean time to resolve misconfigurations has dropped from several hours to under thirty minutes on average, significantly improving efficiency and client confidence.Overall, Rapid7 InsightCloudSec has been a reliable tool for managing cloud security for clients, and while there is room for improvement, its real-time alerts and automated checks make it a valuable part of the workflow.
What needs improvement?
The platform could be improved with more customizable dashboards and reporting.The rating of eight out of ten was chosen because there is room for improvement in dashboard customization and in-app guidance.
For how long have I used the solution?
Rapid7 InsightCloudSec has been used for about a year since starting at RDX.
What do I think about the stability of the solution?
Rapid7 InsightCloudSec works without any stability issues so far.No stability issues have been experienced since using Rapid7 InsightCloudSec with clients.
What other advice do I have?
Teams looking into using Rapid7 InsightCloudSec should take time to set up automated policies for alerts from the start because that is very important. It is worth investigating and learning the dashboard early because once configured, Rapid7 InsightCloudSec saves a lot of time and helps proactively secure cloud environments. The review rating for Rapid7 InsightCloudSec is eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Yuva Viswanatham
Proactive threat detection has strengthened hybrid cloud protection and simplifies vulnerability management for diverse infrastructures
Reviewed on Nov 27, 2025
Review provided by PeerSpot
What is our primary use case?
Rapid7 InsightCloudSec is used for infrastructure threat finding, and based on the reports which include high, low, and medium priority vulnerabilities, it is easy to determine what actions need to be taken to fix and address the environment and infrastructure in the best way.A combination of on-premises, virtual environments, and both Windows and Linux systems are monitored. Public-facing servers are also monitored, and with Rapid7 InsightCloudSec , servers can be easily safeguarded from unauthenticated or unknown users while controlling malicious activities. Vulnerabilities of both Windows and Linux servers along with applications are monitored, which allows for early detection and reports about issues and solutions for vulnerabilities or security threats.I have approximately 15 years of work experience in this field.
How has it helped my organization?
Rapid7 InsightCloudSec impacts the organization positively by acting as a shield against hackers and ransomware, providing effective protection to data and infrastructure.
What is most valuable?
The ability to find threats in advance is the most valuable feature in day-to-day work because it helps keep the environment and customers safe. Customers can be notified in advance since they rely on this managed service, making these features very helpful for company-managed services and customers.Rapid7 InsightCloudSec offers advanced notifications, alerts for unknown anonymous logins, and it advises on vulnerabilities with generated reports.
What needs improvement?
Improvements could include providing better human-readable report formats with thorough explanations of CVEs and threats, detailing what can be done to eliminate malicious activities.Currently, an agent is used for every new infrastructure deployment. It would be better going forward to have a host-level automatic discovery feature to reduce those dependencies.At present, it is an agent-based solution, and a host-based solution that does not require agent dependencies would make it easier to work with.
For how long have I used the solution?
Rapid7 InsightCloudSec has been used for the last five-plus years, and it has been a good security tool in both past and current companies.
What do I think about the stability of the solution?
Rapid7 InsightCloudSec is very stable.
What do I think about the scalability of the solution?
Its scalability is highly relevant and adaptable.
How are customer service and support?
The customer support for Rapid7 InsightCloudSec is good, as very prompt responses are received to queries.On a scale of 1 to 10, the customer support would be rated a 10, as responses are typically received within about half an hour to an hour when creating a ticket.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Previously, some open-source tools such as OpenVAS were used.
How was the initial setup?
The pricing, setup cost, and licensing for Rapid7 InsightCloudSec would be described as nominal.
What about the implementation team?
No additional implementation team support is needed at this time.
What was our ROI?
A return on investment has been seen in terms of manpower and money due to its ease of deployment, eliminating the need for multiple people once configuration and installation are standardized, allowing Rapid7 InsightCloudSec to perform its job efficiently.Cost savings have been observed, and when comparing with other customers using different tools, they faced issues with alerts and reports while the environment and customers remain on a safer side with Rapid7 InsightCloudSec.
What's my experience with pricing, setup cost, and licensing?
The pricing, setup cost, and licensing for Rapid7 InsightCloudSec would be described as nominal.
Which other solutions did I evaluate?
Before choosing Rapid7 InsightCloudSec, other options were evaluated, including OpenVAS.
What other advice do I have?
Rapid7 InsightCloudSec creates a user-friendly environment with limited options, while the reporting is well-structured and allows for accurate decision-making. This review has been given a rating of 9 out of 10.
Gaurab Silwal
Cloud posture has strengthened and security policies are managed proactively across our environments
Reviewed on Nov 26, 2025
Review from a verified AWS customer
What is our primary use case?
Rapid7 InsightCloudSec 's main use case for our organization is to maintain our cloud security posture, and we typically depend on a platform named AWS to monitor it and implement all the security features suggested by Rapid7 InsightCloudSec .
Recently, we had a bunch of AWSÂ roles and S3Â bucket policies that were overly permissive, which were suggested by Rapid7 InsightCloudSec. After considering their suggestions, we limited the AWS policies and downsized all overly excessive permissions to only what's necessary.
We are also using Rapid7 InsightCloudSec for other use cases, such as managing the whole networking structure of our AWS account, including VPC, subnetting, and ensuring the whole cloud security posture aligns with how it should be.
Recently, we had a bunch of AWSÂ roles and S3Â bucket policies that were overly permissive, which were suggested by Rapid7 InsightCloudSec. After considering their suggestions, we limited the AWS policies and downsized all overly excessive permissions to only what's necessary.
We are also using Rapid7 InsightCloudSec for other use cases, such as managing the whole networking structure of our AWS account, including VPC, subnetting, and ensuring the whole cloud security posture aligns with how it should be.
What is most valuable?
Rapid7 InsightCloudSec's best features include the immediate suggestions and support provided, as well as real-time visibility across multiple cloud environments, risk-based prioritization, automated cloud compliance, policy enforcement, and best practices for Infrastructure as Code security.
The automated compliance enforcement has helped our team significantly in cloud infrastructure entitlement management and maintaining the whole IAM governance as well as the container and Kubernetes security postures, plus conducting vulnerability assessments and generating comprehensive reports.
One of the best features is the agentless cloud-native vulnerability management plus cloud workload protection, as Rapid7 InsightCloudSec provides native vulnerability scanning for cloud workloads, containers, and VMs without needing an agent, simplifying deployment and reducing overhead.
It has positively impacted our organization by changing the whole efficiency, especially after updating our patching process to meet the CIS benchmark that was previously under-provisioned. This change uplifted our CIS compliance score. After implementing Rapid7 InsightCloudSec, we increased our CIS benchmark score from 48 to around 88 after addressing missing patches on some VM instances, indicating a significant positive impact.
The automated compliance enforcement has helped our team significantly in cloud infrastructure entitlement management and maintaining the whole IAM governance as well as the container and Kubernetes security postures, plus conducting vulnerability assessments and generating comprehensive reports.
One of the best features is the agentless cloud-native vulnerability management plus cloud workload protection, as Rapid7 InsightCloudSec provides native vulnerability scanning for cloud workloads, containers, and VMs without needing an agent, simplifying deployment and reducing overhead.
It has positively impacted our organization by changing the whole efficiency, especially after updating our patching process to meet the CIS benchmark that was previously under-provisioned. This change uplifted our CIS compliance score. After implementing Rapid7 InsightCloudSec, we increased our CIS benchmark score from 48 to around 88 after addressing missing patches on some VM instances, indicating a significant positive impact.
What needs improvement?
I currently do not have any specific suggestions for improvements, as I am still exploring the full capabilities of Rapid7 InsightCloudSec, but I wish the UI and UX for reporting could be more straightforward, simplifying the process of creating matrices and dashboards.
For how long have I used the solution?
I have been working in my current field for the past three and a half years.
What do I think about the stability of the solution?
Rapid7 InsightCloudSec seems very stable, having been deployed in production systems without causing any issues.
What do I think about the scalability of the solution?
Rapid7 InsightCloudSec is scalable, as it effectively monitors resources regardless of how much we scale up.
How are customer service and support?
I interacted with customer support after an endpoint compromise incident, and they responded quickly and provided clear insights that were essential for resolving the situation.
I would rate customer support a nine, as there is always room for improvement, but they have been generally impressive.
I would rate customer support a nine, as there is always room for improvement, but they have been generally impressive.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We previously used CyberArk and Sysdig, but we switched to Rapid7 InsightCloudSec for its comprehensive monitoring capabilities across our cloud security, as the previous solutions focused on specific areas and we needed a more general approach.
How was the initial setup?
I advise others considering Rapid7 InsightCloudSec to integrate it into their organization. While there may be upfront costs for setup, it pays off in long-term security benefits and risk reduction from breaches.
What was our ROI?
Rapid7 has provided us with a good return on investment, helping us plan migrations from outdated virtual machines to up-to-date, secure systems, which has led to savings in infrastructure costs and reduced the need for a large cybersecurity team.
What's my experience with pricing, setup cost, and licensing?
The pricing has been equivalent to the features provided. While it was not overly expensive, I do wish for more discounts for bulk purchases since we have implemented it widely across our cloud security posture. The setup cost was manageable, and the licensing process is seamless.
Which other solutions did I evaluate?
Before choosing Rapid7 InsightCloudSec, we did not evaluate other options thoroughly. While we had a few POC integrations with Snyk , they were not as effective as Rapid7 InsightCloudSec.
What other advice do I have?
Everything is under control for the cloud security postures at this time. My overall review rating for Rapid7 InsightCloudSec is eight.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Abdulrahman Kuthoos
Improved response time and visibility through fast scanning and enriched vulnerability data
Reviewed on Nov 25, 2025
Review provided by PeerSpot
What is our primary use case?
I use Rapid7 InsightCloudSec for application security and vulnerability management. I often use Rapid7 InsightCloudSec technology to scan internal and external facing systems. The enrichment, particularly the vulnerability enrichment, is superior, and the screens and dashboards are excellent.
What is most valuable?
The fastest scanning is the best feature Rapid7 InsightCloudSec offers. The faster scanning helps me respond to threats quickly in my daily operations. Rapid7's enrichment in terms of vulnerabilities is particularly valuable, as they continue adding new vulnerabilities and capabilities to the system.
The dashboard of Rapid7 InsightCloudSec is very rich and colorful, and I often refer to it for reporting purposes.
Rapid7 InsightCloudSec positively impacts my organization by integrating tightly with my existing vulnerability management process and workflows, particularly in creating a new project and implementing trigger-based scanning.
Time to detect vulnerabilities has improved significantly, which gives me time to mitigate or eliminate them. The vulnerability classification helps me concentrate on which vulnerabilities I need to focus on, rather than dealing with an overwhelming number of vulnerabilities without knowing which ones to address.
The dashboard of Rapid7 InsightCloudSec is very rich and colorful, and I often refer to it for reporting purposes.
Rapid7 InsightCloudSec positively impacts my organization by integrating tightly with my existing vulnerability management process and workflows, particularly in creating a new project and implementing trigger-based scanning.
Time to detect vulnerabilities has improved significantly, which gives me time to mitigate or eliminate them. The vulnerability classification helps me concentrate on which vulnerabilities I need to focus on, rather than dealing with an overwhelming number of vulnerabilities without knowing which ones to address.
What needs improvement?
Rapid7 InsightCloudSec needs to provide more granular search capabilities, such as the ability to search back the last three months. If the platform were equipped with LLM for summarization and other capabilities, it would be really helpful. Automated pen tests would be a great addition.
Regarding integration support, Rapid7 InsightCloudSec broadly integrates with many security technologies, but enabling EDR support would be beneficial, and support for patch management would also be valuable.
Regarding integration support, Rapid7 InsightCloudSec broadly integrates with many security technologies, but enabling EDR support would be beneficial, and support for patch management would also be valuable.
For how long have I used the solution?
I have been using Rapid7 InsightCloudSec for about four years.
What other advice do I have?
In security, there is nothing called a silver bullet, as every technology is rapidly moving. I give this product a rating of 8 out of 10.
Anshuman Thakur
Security operations have become faster and collaboration improves through real-time log monitoring and automated alerts
Reviewed on Nov 22, 2025
Review from a verified AWS customer
What is our primary use case?
My main use case for Rapid7 InsightCloudSec is log monitoring and vulnerability management for our servers, which are the two main aspects I focus on.
Our applications are hosted on EKS, which send logs to Rapid7 InsightCloudSec , so whatever occurs in our application and whatever logs are coming through, we can see that in Rapid7 InsightCloudSec very quickly. This is one use case where Rapid7 InsightCloudSec helps us significantly, and related to the servers that we have on AWS , we have vulnerability management, so we can see the CVEs of vulnerabilities and we can patch them and fix them immediately. This is how Rapid7 InsightCloudSec helps us.
These are the main aspects of Rapid7 InsightCloudSec that I have used.
What is most valuable?
Rapid7 InsightCloudSec offers a mix of all these advantages, with speed being a key factor. As soon as I patch my server, it immediately reflects in Rapid7 InsightCloudSec console the vulnerabilities, so it is very quick and easy to see what vulnerabilities are present in my server. Related to log management, we previously used Sumo Logic, but Sumo Logic was somewhat complicated, whereas Rapid7 InsightCloudSec is very simple to search for logs, and it also works very quickly.
Rapid7 InsightCloudSec integrations are also really valuable, so we have Rapid7 InsightCloudSec integrated with our AWSÂ instances and also our Slack channels. If a major vulnerability comes in, we get notified in our Slack, which is a significant advantage.
Rapid7 InsightCloudSec has helped us save thirty percent time in our log retrievals, and it completely changed log searching, making it really fast when we search for logs, with no prior knowledge required. This is a big advantage. Vulnerability management has also led to a fifty percent reduction in cyberattacks in our organization when we use Rapid7 InsightCloudSec.
What needs improvement?
I have a suggestion for Rapid7 InsightCloudSec; the interface can be more intuitive and faster, with a cleaner dashboard that includes customizable widgets and somewhat streamlined navigation to improve usability. For a first-time user who starts using Rapid7 InsightCloudSec, it is somewhat complicated to navigate through the UI and search for logs or vulnerabilities, so this is one aspect that could be improved.
Rapid7 InsightCloudSec could also be integrated with third-party tools such as GitLab CI/CD pipelines and cloud-native services such as EKS, which would improve its appeal to DevOps and cloud teams. Rapid7 InsightCloudSec already provides us real-time feedback loops, but if it also provides real-time feedback to the developers, then it would help the application shift left, meaning the security will shift left as well.
For how long have I used the solution?
I have been using Rapid7 InsightCloudSec for the past four years.
What do I think about the stability of the solution?
I have not faced any limitations with my data volume regarding the stability of Rapid7 InsightCloudSec.
Which solution did I use previously and why did I switch?
We were previously using Sumo Logic for log management, but for threat assessment, we have always used Rapid7 InsightCloudSec. However, for log management, Sumo Logic required query language and skills, taking up significant time to query as well, which is why Rapid7 InsightCloudSec helps us there.
What was our ROI?
Based on return on investment metrics, Rapid7 InsightCloudSec has helped us save thirty percent time in log searching and fifty percent time in vulnerabilities. With automated vulnerability detection, Rapid7 InsightCloudSec helps teams reduce the time by thirty to fifty percent, which directly cuts exposure time and lowers risk. By catching issues early, Rapid7 InsightCloudSec helps us prevent costly breaches or regulatory fines; for example, automating patching and misconfiguration audits can save thousands in operational overhead, while pre-built compliance reports and container monitoring eliminate manual audit prep, cutting audit preparation by forty to sixty percent.
Which other solutions did I evaluate?
Before choosing Rapid7 InsightCloudSec, I evaluated different options, considering many available solutions, with Tenable being one of them due to its strong vulnerability scanning and compliance checks, but its UI is not as intuitive.
What other advice do I have?
Rapid7 InsightCloudSec helps us collaborate in many ways, with the first being the shared dashboard and reporting, as teams can build and share real-time dashboards or schedule reports across security, DevOps, and management. The second is the ticketing and alert integration, where Rapid7 InsightCloudSec integrates with tools such as Jira , ServiceNow , and PagerDuty, enabling automatic creation of tickets. The third is the role-based access, allowing different teams to get tailored access, helping them focus on the data relevant to them while maintaining compliance and accountability.
Rapid7 InsightCloudSec helps with compliance or regulatory requirements in my organization by using tools such as InsightVMÂ to continuously scan my environment for vulnerabilities and misconfiguration, which ensures the assets stay in line with compliant frameworks such as SOC 2 and GDPR. It offers out-of-the-box customizable compliance reports that map directly to regulatory controls, making audits faster and less painful by showing evidence of adherence and required security practices. All the security event scans and remediation actions are logged, creating a detailed audit trail that auditors appreciate and helping to prove due diligence and continuous compliance over time.
Rapid7 InsightCloudSec is a powerful and reliable security platform with strong capabilities in vulnerability management and threat detection. The agent-based scanning, dashboarding, and prioritization engine are very effective, especially in a hybrid cloud environment. There is room for improvement such as UI responsiveness, scan performance at scale, and deeper CI/CD integration, which would enhance the overall offering. I would rate Rapid7 InsightCloudSec as an eight out of ten.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)