Rapid7 InsightCloudSec is used to monitor client cloud environments, identify misconfigurations, and ensure continuous compliance across their cloud resources.For specific monitoring, Rapid7 InsightCloudSec is mainly used to monitor exposed S3 buckets and IAM policy changes, and it alerts when a bucket becomes open to the public or if a risk permission gets added so it can be fixed. It has also been used for monitoring devices and laptops.Rapid7 InsightCloudSec is deployed in the cloud to monitor both public and private cloud environments for clients, so it is not used on-premises.
External reviews
7 reviews
from
External reviews are not included in the AWS star rating for the product.
Automated cloud monitoring has transformed compliance checks and now reduces misconfigurations in real time
What is our primary use case?
What is most valuable?
The automated alerts and clear dashboards make it easy to stay ahead of issues, and Rapid7 InsightCloudSec has been reliable for keeping client cloud setups secure without a lot of manual effort.The best feature in Rapid7 InsightCloudSec is the real-time misconfiguration detection because it immediately flags risk changes in client cloud environments, allowing response before anything escalates.Real-time detection has helped the team react faster and avoid potential security incidents. Instead of finding issues during scheduled checks, alerts are received at the moment something risky happens, which allows problems to be fixed immediately and keeps client environments stable and compliant.Rapid7 InsightCloudSec has helped the organization work more efficiently and proactively, reducing the time and effort spent on manual cloud checks, improving response time to issues, and providing more confidence in the overall security posture managed for clients. It helps streamline workflow and strengthen the quality of service delivered.Since implementing Rapid7 InsightCloudSec, manual cloud security checks have been reduced by around forty to fifty percent, and mean time to resolve misconfigurations has dropped from several hours to under thirty minutes on average, significantly improving efficiency and client confidence.Overall, Rapid7 InsightCloudSec has been a reliable tool for managing cloud security for clients, and while there is room for improvement, its real-time alerts and automated checks make it a valuable part of the workflow.
What needs improvement?
The platform could be improved with more customizable dashboards and reporting.The rating of eight out of ten was chosen because there is room for improvement in dashboard customization and in-app guidance.
For how long have I used the solution?
Rapid7 InsightCloudSec has been used for about a year since starting at RDX.
What do I think about the stability of the solution?
Rapid7 InsightCloudSec works without any stability issues so far.No stability issues have been experienced since using Rapid7 InsightCloudSec with clients.
What other advice do I have?
Teams looking into using Rapid7 InsightCloudSec should take time to set up automated policies for alerts from the start because that is very important. It is worth investigating and learning the dashboard early because once configured, Rapid7 InsightCloudSec saves a lot of time and helps proactively secure cloud environments. The review rating for Rapid7 InsightCloudSec is eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Cloud security has improved as we manage multi cloud compliance, automate remediation, and gain real time visibility into misconfigurations
What is our primary use case?
My main use case for Rapid7 InsightCloudSec is for cloud procedure management, real-time compliance monitoring, and identifying misconfigurations across all cloud environments such as AWS, Azure, GCP, and resource visibility as an inventory.
I used Rapid7 InsightCloudSec in my previous company for real-time compliance monitoring and identifying misconfigurations, where we focused on faster, more accurate detection and client solution services.
How has it helped my organization?
Since using Rapid7 InsightCloudSec, I have positively impacted my organization by sending alerts.
Those alerts have helped by saving time.
What is most valuable?
The best features Rapid7 InsightCloudSec offers include more automation remediation, compliance reporting for auditing, improvement on multi-cloud governance, and cost visibility, which really stand out to me.
The automation capabilities in Rapid7 InsightCloudSec boost my workflow, as they involve Jira automation and creating misconfiguration tickets in Jira.
Rapid7 InsightCloudSec provides a faster, more accurate indication and helps to better understand how to reduce noise in the tone policies.
What needs improvement?
Rapid7 InsightCloudSec can be improved by seeing reductions and improvements in prioritization, tuning findings, suppressing low-value alerts, and better prioritizing the most critical risks.
Needed improvements include adding AI-driven risk prioritization, proactive cloud risk modeling, advanced IAM privilege analysis, identity graph relationship mapping, privilege escalation detection, and automation for privileged remediation.
Additionally, Rapid7 InsightCloudSec needs improvements such as AI-driven risk prioritization, proactive cloud risk modeling, advanced IAM privilege analysis, multi-cloud attack path mapping, pre-built automated hardening, defining stronger policy as code support, better container and serverless coverage, and cost optimization insight along with safe auto-remediation with rollback improvements.
For how long have I used the solution?
I have been using Rapid7 InsightCloudSec for eight to nine months in my previous company.
What other advice do I have?
Rapid7 InsightCloudSec is deployed in my organization as a public cloud and hybrid cloud.
I am using VMWare Cloud, Azure, GCP, and AWS for my public and hybrid cloud deployment.
I purchased Rapid7 InsightCloudSec through the AWS Marketplace.
I would rate Rapid7 InsightCloudSec an eight out of ten because of its multi-cloud integration, stronger policy as code support, better container serverless coverage, and security plus cost optimization insight.
Cloud posture has strengthened and security policies are managed proactively across our environments
What is our primary use case?
Rapid7 InsightCloudSec's main use case for our organization is to maintain our cloud security posture, and we typically depend on a platform named AWS to monitor it and implement all the security features suggested by Rapid7 InsightCloudSec.
Recently, we had a bunch of AWS roles and S3 bucket policies that were overly permissive, which were suggested by Rapid7 InsightCloudSec. After considering their suggestions, we limited the AWS policies and downsized all overly excessive permissions to only what's necessary.
We are also using Rapid7 InsightCloudSec for other use cases, such as managing the whole networking structure of our AWS account, including VPC, subnetting, and ensuring the whole cloud security posture aligns with how it should be.
Recently, we had a bunch of AWS roles and S3 bucket policies that were overly permissive, which were suggested by Rapid7 InsightCloudSec. After considering their suggestions, we limited the AWS policies and downsized all overly excessive permissions to only what's necessary.
We are also using Rapid7 InsightCloudSec for other use cases, such as managing the whole networking structure of our AWS account, including VPC, subnetting, and ensuring the whole cloud security posture aligns with how it should be.
What is most valuable?
Rapid7 InsightCloudSec's best features include the immediate suggestions and support provided, as well as real-time visibility across multiple cloud environments, risk-based prioritization, automated cloud compliance, policy enforcement, and best practices for Infrastructure as Code security.
The automated compliance enforcement has helped our team significantly in cloud infrastructure entitlement management and maintaining the whole IAM governance as well as the container and Kubernetes security postures, plus conducting vulnerability assessments and generating comprehensive reports.
One of the best features is the agentless cloud-native vulnerability management plus cloud workload protection, as Rapid7 InsightCloudSec provides native vulnerability scanning for cloud workloads, containers, and VMs without needing an agent, simplifying deployment and reducing overhead.
It has positively impacted our organization by changing the whole efficiency, especially after updating our patching process to meet the CIS benchmark that was previously under-provisioned. This change uplifted our CIS compliance score. After implementing Rapid7 InsightCloudSec, we increased our CIS benchmark score from 48 to around 88 after addressing missing patches on some VM instances, indicating a significant positive impact.
The automated compliance enforcement has helped our team significantly in cloud infrastructure entitlement management and maintaining the whole IAM governance as well as the container and Kubernetes security postures, plus conducting vulnerability assessments and generating comprehensive reports.
One of the best features is the agentless cloud-native vulnerability management plus cloud workload protection, as Rapid7 InsightCloudSec provides native vulnerability scanning for cloud workloads, containers, and VMs without needing an agent, simplifying deployment and reducing overhead.
It has positively impacted our organization by changing the whole efficiency, especially after updating our patching process to meet the CIS benchmark that was previously under-provisioned. This change uplifted our CIS compliance score. After implementing Rapid7 InsightCloudSec, we increased our CIS benchmark score from 48 to around 88 after addressing missing patches on some VM instances, indicating a significant positive impact.
What needs improvement?
I currently do not have any specific suggestions for improvements, as I am still exploring the full capabilities of Rapid7 InsightCloudSec, but I wish the UI and UX for reporting could be more straightforward, simplifying the process of creating matrices and dashboards.
For how long have I used the solution?
I have been working in my current field for the past three and a half years.
What do I think about the stability of the solution?
Rapid7 InsightCloudSec seems very stable, having been deployed in production systems without causing any issues.
What do I think about the scalability of the solution?
Rapid7 InsightCloudSec is scalable, as it effectively monitors resources regardless of how much we scale up.
How are customer service and support?
I interacted with customer support after an endpoint compromise incident, and they responded quickly and provided clear insights that were essential for resolving the situation.
I would rate customer support a nine, as there is always room for improvement, but they have been generally impressive.
I would rate customer support a nine, as there is always room for improvement, but they have been generally impressive.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We previously used CyberArk and Sysdig, but we switched to Rapid7 InsightCloudSec for its comprehensive monitoring capabilities across our cloud security, as the previous solutions focused on specific areas and we needed a more general approach.
How was the initial setup?
I advise others considering Rapid7 InsightCloudSec to integrate it into their organization. While there may be upfront costs for setup, it pays off in long-term security benefits and risk reduction from breaches.
What was our ROI?
Rapid7 has provided us with a good return on investment, helping us plan migrations from outdated virtual machines to up-to-date, secure systems, which has led to savings in infrastructure costs and reduced the need for a large cybersecurity team.
What's my experience with pricing, setup cost, and licensing?
The pricing has been equivalent to the features provided. While it was not overly expensive, I do wish for more discounts for bulk purchases since we have implemented it widely across our cloud security posture. The setup cost was manageable, and the licensing process is seamless.
Which other solutions did I evaluate?
Before choosing Rapid7 InsightCloudSec, we did not evaluate other options thoroughly. While we had a few POC integrations with Snyk, they were not as effective as Rapid7 InsightCloudSec.
What other advice do I have?
Everything is under control for the cloud security postures at this time. My overall review rating for Rapid7 InsightCloudSec is eight.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Security operations have become faster and collaboration improves through real-time log monitoring and automated alerts
What is our primary use case?
My main use case for Rapid7 InsightCloudSec is log monitoring and vulnerability management for our servers, which are the two main aspects I focus on.
Our applications are hosted on EKS, which send logs to Rapid7 InsightCloudSec, so whatever occurs in our application and whatever logs are coming through, we can see that in Rapid7 InsightCloudSec very quickly. This is one use case where Rapid7 InsightCloudSec helps us significantly, and related to the servers that we have on AWS, we have vulnerability management, so we can see the CVEs of vulnerabilities and we can patch them and fix them immediately. This is how Rapid7 InsightCloudSec helps us.
These are the main aspects of Rapid7 InsightCloudSec that I have used.
What is most valuable?
Rapid7 InsightCloudSec offers a mix of all these advantages, with speed being a key factor. As soon as I patch my server, it immediately reflects in Rapid7 InsightCloudSec console the vulnerabilities, so it is very quick and easy to see what vulnerabilities are present in my server. Related to log management, we previously used Sumo Logic, but Sumo Logic was somewhat complicated, whereas Rapid7 InsightCloudSec is very simple to search for logs, and it also works very quickly.
Rapid7 InsightCloudSec integrations are also really valuable, so we have Rapid7 InsightCloudSec integrated with our AWS instances and also our Slack channels. If a major vulnerability comes in, we get notified in our Slack, which is a significant advantage.
Rapid7 InsightCloudSec has helped us save thirty percent time in our log retrievals, and it completely changed log searching, making it really fast when we search for logs, with no prior knowledge required. This is a big advantage. Vulnerability management has also led to a fifty percent reduction in cyberattacks in our organization when we use Rapid7 InsightCloudSec.
What needs improvement?
I have a suggestion for Rapid7 InsightCloudSec; the interface can be more intuitive and faster, with a cleaner dashboard that includes customizable widgets and somewhat streamlined navigation to improve usability. For a first-time user who starts using Rapid7 InsightCloudSec, it is somewhat complicated to navigate through the UI and search for logs or vulnerabilities, so this is one aspect that could be improved.
Rapid7 InsightCloudSec could also be integrated with third-party tools such as GitLab CI/CD pipelines and cloud-native services such as EKS, which would improve its appeal to DevOps and cloud teams. Rapid7 InsightCloudSec already provides us real-time feedback loops, but if it also provides real-time feedback to the developers, then it would help the application shift left, meaning the security will shift left as well.
For how long have I used the solution?
I have been using Rapid7 InsightCloudSec for the past four years.
What do I think about the stability of the solution?
I have not faced any limitations with my data volume regarding the stability of Rapid7 InsightCloudSec.
Which solution did I use previously and why did I switch?
We were previously using Sumo Logic for log management, but for threat assessment, we have always used Rapid7 InsightCloudSec. However, for log management, Sumo Logic required query language and skills, taking up significant time to query as well, which is why Rapid7 InsightCloudSec helps us there.
What was our ROI?
Based on return on investment metrics, Rapid7 InsightCloudSec has helped us save thirty percent time in log searching and fifty percent time in vulnerabilities. With automated vulnerability detection, Rapid7 InsightCloudSec helps teams reduce the time by thirty to fifty percent, which directly cuts exposure time and lowers risk. By catching issues early, Rapid7 InsightCloudSec helps us prevent costly breaches or regulatory fines; for example, automating patching and misconfiguration audits can save thousands in operational overhead, while pre-built compliance reports and container monitoring eliminate manual audit prep, cutting audit preparation by forty to sixty percent.
Which other solutions did I evaluate?
Before choosing Rapid7 InsightCloudSec, I evaluated different options, considering many available solutions, with Tenable being one of them due to its strong vulnerability scanning and compliance checks, but its UI is not as intuitive.
What other advice do I have?
Rapid7 InsightCloudSec helps us collaborate in many ways, with the first being the shared dashboard and reporting, as teams can build and share real-time dashboards or schedule reports across security, DevOps, and management. The second is the ticketing and alert integration, where Rapid7 InsightCloudSec integrates with tools such as Jira, ServiceNow, and PagerDuty, enabling automatic creation of tickets. The third is the role-based access, allowing different teams to get tailored access, helping them focus on the data relevant to them while maintaining compliance and accountability.
Rapid7 InsightCloudSec helps with compliance or regulatory requirements in my organization by using tools such as InsightVM to continuously scan my environment for vulnerabilities and misconfiguration, which ensures the assets stay in line with compliant frameworks such as SOC 2 and GDPR. It offers out-of-the-box customizable compliance reports that map directly to regulatory controls, making audits faster and less painful by showing evidence of adherence and required security practices. All the security event scans and remediation actions are logged, creating a detailed audit trail that auditors appreciate and helping to prove due diligence and continuous compliance over time.
Rapid7 InsightCloudSec is a powerful and reliable security platform with strong capabilities in vulnerability management and threat detection. The agent-based scanning, dashboarding, and prioritization engine are very effective, especially in a hybrid cloud environment. There is room for improvement such as UI responsiveness, scan performance at scale, and deeper CI/CD integration, which would enhance the overall offering. I would rate Rapid7 InsightCloudSec as an eight out of ten.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Reduces security incidents and simplifies daily log and vulnerability management tasks
What is our primary use case?
My main use case for Rapid7 InsightCloudSec is vulnerability management, where I can see the vulnerable servers and the vulnerabilities related to them so that I can patch and fix them. The next use case is log management, which I am currently using as well. We have applications where we collect logs from those applications, and that is also being done in Rapid7.
For vulnerability management, I use Rapid7 InsightCloudSec in my daily workflow by discovering multiple servers in our AWS accounts. Those AWS servers are discovered in Rapid7, and I can see the vulnerability, the CVE numbers, and all the critical vulnerabilities related to them so that I can fix them and we can stop cyber attacks or attacks related to those vulnerabilities before they happen. This is how it helps us in vulnerability management.
I also use Rapid7 InsightCloudSec as log management, so all our EKS clusters and every application send logs to Rapid7, making it very quick to search for logs, which is a useful aspect of Rapid7 InsightCloudSec.
What is most valuable?
The best features of Rapid7 InsightCloudSec, in my opinion, are log management, application security, vulnerability management, SIEM, and attack surface management.
Out of those features, I find myself using log management and vulnerability management the most because I want to stay on top of all the vulnerabilities and get them fixed before they cause us any harm. This is the one thing that I use very extensively. The other one is log management to view the logs from my applications and see who has what access to everyone in our AWS account. Rapid7 InsightCloudSec helps us in these areas.
Rapid7 InsightCloudSec has positively impacted our organization, as log management and vulnerability management in our company improved significantly. We have remediation for the vulnerabilities, and the fixes are there, making it very easy to navigate. The log management is also very fast, so overall, it has helped us a lot.
It has reduced the number of security incidents that used to happen by 40%, and the log management time has been reduced by 20 to 30%. Previously, we were using Sumo Logic for log management, but this new log management is quite good, which has helped us save 20% time and 30% cost.
What needs improvement?
Rapid7 InsightCloudSec can be enhanced by improving the UI/UX. The interface could be more intuitive and faster. A new dashboard with customizable widgets and streamlined navigation would improve usability, especially for managing multiple environments or reports.
The overall UI/UX needs improvement, as performance and speed can also become a concern when scaling large environments or pulling reports, which can sometimes lag. This can impact teams that rely on real-time or near-real-time data. Optimizing backend performance and offering more granular control over scans could be an improvement. Additionally, if Rapid7 InsightCloudSec could support more third-party tools or modern CI/CD pipelines, integrating it into my developer workflow would reduce time to fix and foster a shift-left security mindset.
For how long have I used the solution?
I have been using Rapid7 InsightCloudSec for the past four years.
What other advice do I have?
That covers everything regarding the features. I would rate this review an 8 out of 10.
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Provides centralized visibility through dashboards and alerts, allowing customers to receive reports on cloud vulnerabilities and security posture
What is our primary use case?
In India, most customers currently focus on cloud security solutions. Particularly, they are concerned about data security for their workloads on AWS and Azure platforms. These are the things we encounter from customers.
What is most valuable?
The tool provides centralized visibility through dashboards and alerts, allowing customers to receive reports on cloud vulnerabilities and security posture. Rapid7 InsightCloudSec provides customers with a robust understanding of cloud security.
As many customers are transitioning from on-premises to cloud environments, it is crucial to enhance security posture. It offers insights into data location, vulnerabilities, and overall security measures for cloud-based workloads.
The solution's most valuable features include its intelligence platform and ability to provide a holistic view of organizational threats. It offers visibility across various environments, including cloud and on-premises, as well as applications and external sources.
The real-time threat detection capability operates more near real-time rather than instantaneously. However, the tool proactively identifies vulnerabilities before they become known to the respective vendors. The solution offers a vast database of vulnerabilities and international threat exposure to recognize attack signatures.
Customers have successfully addressed compliance issues using the policy engine. For example, they utilize a comprehensive database with 150 attack scenarios. Additionally, it offers tools for endpoint reduction, encryption, and response, as well as to capture vulnerabilities and facilitate vulnerability disclosure.
The tool's integration capabilities are extensive and widely utilized by many customers. Technically, partners are fully capable of integrating it. Additionally, it has a team in India that can support customers with integration. Overall, their strong partner channel network ensures effective integration of the product into existing networks.
What needs improvement?
Rapid7 InsightCloudSec could be better at showing dashboards for virtual firewalls and appliances. Compared to other solutions like Palo Alto, this area is not as good. So, they should work on improving this for virtual devices.
For how long have I used the solution?
I have been working with the product for more than a year.
What do I think about the stability of the solution?
Rapid7 InsightCloudSec is stable.
What do I think about the scalability of the solution?
The tool is scalable.
How are customer service and support?
The solution does offer support across other regions, but they currently lack a local support center in India. Improving this aspect would certainly be beneficial.
How would you rate customer service and support?
Neutral
How was the initial setup?
We have been comfortable with the tool's deployment process. Maintaining it isn't too difficult. The retention rate for renewals has been pretty high, indicating customer satisfaction. The solution seems to be maintaining performance well. The attention data is high compared to other vendors, suggesting clients use it. They're also investing in more customer success managers to improve retention and usage. Overall, maintenance seems to be well-managed.
What other advice do I have?
I rate the overall product an eight out of ten.
Offers workload protection for Kubernetes and container security
What is our primary use case?
We use Rapid7 InsightCloudSec as a CSPM tool.
What is most valuable?
The tool's most valuable feature is workload protection for Kubernetes and container security. It has agents that identify bugs or lack of security on runtime containers.
What needs improvement?
The tool needs to improve its documentation.
For how long have I used the solution?
I have been using the product for eight to nine years.
What do I think about the stability of the solution?
The product's on-prem version had many challenges. The SaaS version is working fine.
What do I think about the scalability of the solution?
Rapid7 InsightCloudSec is scalable.
How was the initial setup?
Rapid7 InsightCloudSec's deployment is straightforward.
What other advice do I have?
I rate Rapid7 InsightCloudSec an eight out of ten.
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
showing 1 - 7