Sold by
Exposure Command
Visualize your attack surface from inside and out, detect and prioritize exposures from endpoint to cloud, and achieve comprehensive code to cloud protection
Ratings and reviews
4
1 ratings
1 AWS reviews
Reviews (1)
Amit Kolapkar
Automation has improved vulnerability insights and supports timely reporting for remediation teams
Reviewed on Jun 04, 2026
Review from a verified AWS customer
What is our primary use case?
I am specifically providing feedback on Rapid7 Exposure Command. We are using Rapid7 Exposure Command mostly for vulnerability detection and scanning.
What is most valuable?
The role of intelligent automation in this product is good, and we received feedback on actively exploited CVEs and vulnerabilities, so I would consider it around seven to eight. We usually measure the effectiveness of real-time reporting by using the latest available dump or when we share the vulnerabilities with governance teams or remediation teams. How quickly and easily we are able to filter the data and pass it on to remediation teams for their planning is one of the KPIs we set, so it is good, not that great, but it is good.
What needs improvement?
Rapid7 Exposure Command is not as easy to deploy compared to Qualys, and the detection rates are lower than Qualys. Rapid7 Exposure Command is not exactly complex, but it is medium complex when I compare it to Qualys, where the deployment procedure is quite straightforward.
Detection needs more depth in Rapid7 Exposure Command, and when I compare it with Qualys, the output of vulnerabilities can be improved at a depth level. That is one of the major pieces of feedback I have. The detection rate of vulnerabilities is not up to par, and that is one of the most important things that every firm looks for.
For how long have I used the solution?
I have been working with this solution for a couple of years.
How are customer service and support?
Since we are basically a reseller for Rapid7, we have prioritized technical SPOCs who are assigned to our organization, and we get a response on an immediate basis when we report a challenge. Usually within three to four hours, we receive a remote response, and through troubleshooting, they get the issue fixed.
How was the initial setup?
For me and my team, the deployment is quite simple in terms of setup.
What about the implementation team?
The deployment is done by different folks in the account, and I am mostly managing support and other areas. For one of the accounts, two folks were deployed, and they completed the implementation within two to three weeks.
Which other solutions did I evaluate?
Currently, I have multiple accounts where Rapid7 is actually used less, but Wiz tool is gaining traction, so more focus and attention is happening currently than Rapid7, which has only a couple of accounts where it is deployed.
What other advice do I have?
Compared to Tenable or Qualys, Rapid7 Exposure Command is definitely affordable for small-sized or mid-sized engagements, although there are some challenges with detection. These challenges are in line with what the vulnerability management framework is expected to do and the vulnerability detection required to be done, matching the expectations of a client about eighty to ninety percent.
With Qualys or others, the APIs are open, but I have not seen much integration in my project, so I am not sure about that. It is mostly referencing excels and the data dumps. I would rate the user-friendly interface between eight and nine.
The licensing cost for Rapid7 Exposure Command is lower compared to Qualys, so it is not a challenge for the customer. Teams and organizations that use Rapid7 Exposure Command do get a comparatively cost benefit. I would rate this product overall as an eight.