Our next-gen architecture is built to help you make sense of your ever-growing data.

Watch a 4-min demo video!

Rapid7 InsightVM: Key Features, Pros/Cons & Quick Tutorial

  • 8 min read

What Is Rapid7 InsightVM?

Rapid7 InsightVM is a vulnerability management tool that offers continuous visibility into security risks across a network. It equips IT teams to detect, prioritize, and remediate vulnerabilities. By providing real-time data, InsightVM helps organizations identify security weaknesses before they can be exploited by attackers.

In addition to its core vulnerability management functions, InsightVM integrates with various IT environments. It offers a cloud-based platform that enables scalability and accessibility, allowing users to manage security risks. The platform’s analytics and reporting capabilities make it useful for organizations seeking to improve their security posture.

This is part of a series of articles about cybersecurity tools (coming soon).

In this article, you will learn:

Key Features of Rapid7 InsightVM

Lightweight Endpoint Agent

The Rapid7 Insight Agent is a tool for continuous data collection from endpoints across an organization. Unlike traditional scanning methods, the Insight Agent operates in real time, gathering data even from assets that are difficult to scan actively. These include devices used by remote workers, systems that rarely connect to the corporate network, or sensitive assets that cannot be subjected to frequent scans.

Live Dashboards

Traditional software dashboards provide static snapshots that quickly become outdated. InsightVM’s Live Dashboards offer dynamic, real-time visibility into the organization’s risk landscape. These dashboards allow security teams to track progress, monitor trends, and explore data. Users can create views tailored to the needs of various stakeholders, from system administrators to executives like CISOs. The dashboard cards can be queried in plain language.

Active Risk Score

CVSS scores often result in thousands of vulnerabilities being flagged as critical, leaving security teams overwhelmed and unsure where to focus their efforts. The Active Risk Score provides an actionable approach by assigning each vulnerability a score from 1 to 1000. This score is based on the likelihood that a vulnerability will be exploited in a real-world attack. It incorporates data from threat intelligence feeds, including Rapid7’s proprietary research from resources like Project Lorelei and AttackerKB.

IT-Integrated Remediation Projects

Managing remediation workflows can be cumbersome, often involving lengthy reports, manual tracking, and inefficient communication between security and IT teams. InsightVM’s IT-Integrated Remediation Projects transform this process by providing a centralized platform for assigning, tracking, and managing remediation tasks in real time. Security teams can create projects that include vulnerabilities to be addressed and assign them directly to IT personnel. These tasks are then integrated into IT’s existing workflows, such as ticketing systems.

Attack Surface Monitoring with Project Sonar

InsightVM integrates with Rapid7’s Project Sonar, which continuously scans the public internet to identify exposed assets and vulnerabilities. This provides organizations with valuable insights into their external attack surface, including unmanaged or unknown assets that could pose security risks. By leveraging this data, security teams can ensure that they have a complete inventory of all external-facing systems.

Related content: Read our guide to threat hunting tools

Rapid7 InsightVM Pricing

Rapid7 InsightVM offers volume-based pricing, tailored to the number of assets an organization needs to monitor. The pricing model starts at $1.93 per asset per month when managing 500 assets, amounting to approximately $23.18 per asset annually. This pricing assumes a minimum commitment of 512 assets and requires annual billing.

The platform provides scalability, making it suitable for organizations of varying sizes. For larger environments with over 1,250 assets, volume discounts are available. For specific requirements or detailed cost breakdowns, customers can request a personalized quote.

In addition to the vulnerability management capabilities, the pricing includes features such as on-premises and remote endpoint assessments, unlimited scanning capabilities, attacker-based risk scoring, IT-integrated remediation tools, and access to Rapid7’s integrated threat intelligence feeds.

Zack Barak
CISO, Coralogix and Co-Founder, Snowbit

With over a decade of experience in the cybersecurity space, Zack is focused on delivering robust yet affordable security management for organizations with rapidly scaling data volumes.

Tips from the expert:

In my experience, here are tips to maximize the effectiveness of Rapid7 InsightVM in vulnerability management:

  1. Prioritize high-risk assets with custom tagging: Use InsightVM’s asset tagging feature to label critical systems, such as domain controllers or customer-facing servers. This helps prioritize vulnerabilities on these assets, ensuring rapid remediation for high-impact issues.
  2. Integrate with your IT ticketing system effectively: Address reported challenges with Jira integration by leveraging middleware or API-based automation. Custom scripts can help bridge gaps and ensure seamless tracking of remediation tasks in IT workflows.
  3. Tune Active Risk Score thresholds: Adjust Active Risk Score thresholds to align with your organization’s risk tolerance and business priorities. For example, set lower thresholds for internet-facing assets or systems handling sensitive data.
  4. Leverage Project Sonar for shadow IT discovery: Use the attack surface monitoring from Project Sonar to identify unmanaged devices or systems. Incorporate these into your regular scanning schedule to prevent vulnerabilities in forgotten or unknown assets.
  5. Combine agent-based and agentless scans: Deploy Insight Agents for continuous monitoring on remote and hard-to-reach systems, while using traditional scans for well-connected network segments. This hybrid approach ensures comprehensive visibility.

Rapid7 InsightVM Limitations and Challenges

While Rapid7 InsightVM is a vulnerability management solution, it does come with several limitations that organizations should consider. These limitations were reported by users on the G2 platform:

  1. Complex setup process: Initial deployment can be challenging due to the platform’s complexity. Setting up and configuring the tool often requires significant administrative effort and technical expertise, which can delay implementation.
  2. High cost: Compared to similar tools on the market, InsightVM is relatively expensive. This high cost may make it less appealing for smaller organizations or those with budget constraints.
  3. False positives: Some users have reported instances of false positives in scan results. This can lead to unnecessary remediation efforts, wasted resources, and potential frustration for IT and security teams.
  4. Buggy security console: The security console has been described as buggy by some users, potentially impacting its reliability during critical operations.
  5. Unreliable Jira integration: The native integration with Jira has been noted as unreliable, frequently breaking and disrupting workflows for organizations relying on this feature for vulnerability tracking and management.
  6. Delayed detection of vulnerabilities: In certain cases, InsightVM has taken days to identify vulnerabilities, even for high-risk ones. For example, it reportedly required three days to detect assets vulnerable to the JetBrains TeamCity CVSS10 issue.
  7. Limited filtering and encryption processing: The platform’s filtering capabilities are less advanced than some competitors, making it harder to fine-tune vulnerability results. Additionally, it does not process encrypted packets, which is a limitation for organizations that regularly use encryption.
  8. Complex reports: The generated reports are not intuitive, particularly for individuals without a technical or cybersecurity background. This makes it difficult for non-technical stakeholders to interpret findings, and the limited customization options further compound this issue.

Quick Tutorial: Getting Started with Rapid7 InsightVM

To install InsightVM on a Linux system, you will need:

  • The latest Linux installer and its checksum file for verifying the download integrity.
  • A valid product key for license activation.
  • Ensure SELinux is disabled.
  • It’s also recommended to install tmux or screen for interactive terminal sessions.
  • According to our testing, to get reasonable performance, you will need to install InsightVM on a machine with 4 or 8 CPUs and at least 16GB RAM.

Installation Steps:

1. Disable SELinux: Open the file /etc/selinux/config with a text editor. Locate the line starting with SELINUX= and change its value to disabled. Save the changes and reboot the system using:

shutdown -r now

2. Verify the Installer: Download the installer and the checksum file. Validate the file using:

sha512sum -c <installer_file_name_checksum_file>

Ensure the checksum matches. If successful, you will see an “OK” message.

3. Make the Installer Executable: Grant execution permissions –

chmod +x <installer_file_name>

4. Run the Installer: Execute the installer with –

./<installer_file_name>

Follow the prompts to complete the installation.

Check the Security Console service is running using the following command:

sudo systemctl status nexposeconsole

If not, please start it using this command:

sudo systemctl start nexposeconsole

You can access the security console by browsing to http://<YOUR IP OR HOSTNAME>:3780. Upon first access, you will be taken to the following:

Exploring the InsightVM Security Console

Once installed, the Security Console provides an overview of the IT environment. Key areas of the home page include:

1. Default Dashboard Panels

  • Risk and Assets Over Time: Displays graphs for the total number of assets and your overall risk score. These metrics help you track vulnerability trends and management effectiveness.
  • Sites: Lists all configured sites, their status, and scan metrics. Provides quick links to detailed scan results and site settings.
  • Current Scans for All Sites: Shows scans in progress, with real-time updates on their status.
  • Asset Groups: Displays groups of assets for ongoing monitoring, categorized by criteria like device type or risk level.
  • Asset Tags: Shows tags applied to assets, making it easier to filter and organize based on attributes such as function or criticality.

2. Filtered Asset Search: Filter scanned assets by parameters like vulnerability severity, location, or operating system. This is essential for identifying high-risk assets or creating targeted reports.

3. Create Dropdown: A shortcut for tasks like creating new sites, asset groups, or reports.

4. Calendar: Displays all scheduled scans and reports, allowing you to manage timing and avoid conflicts.

Creating and Scanning a Site

From the home page, follow these steps.

Define a Site

  1. Click the Create dropdown and select Site.
  2. Enter a name and description in the Info & Security section.
  3. In the Assets section, specify the assets to scan by IP address, range, or name.

Configure Authentication

  1. Go to Authentication and click Add Credentials.
  2. Provide a name and description for the credentials.
  3. Under the Account tab, select the authentication method and enter the required details.
  4. Test the credentials by providing an IP address or FQDN and port number. Successful tests will show a confirmation message.

Perform a Full Scan

  1. Under the Scan Template tab, choose Full Audit without Web Spider.
  2. Select a scan engine under the Select Engine tab.
  3. Click Save & Scan to initiate the scan.
  4. Monitor the scan’s progress in the Scan Progress section. Once complete, review the results, including risk scores for each asset. Use this data to prioritize and remediate vulnerabilities.

Coralogix: Ultimate Alternative to Rapid7 InsightVM

Coralogix sets itself apart in observability with its modern architecture, enabling real-time insights into logs, metrics, and traces with built-in cost optimization. Coralogix’s straightforward pricing covers all its platform offerings including APM, RUM, SIEM, infrastructure monitoring and much more. With unparalleled support that features less than 1 minute response times and 1 hour resolution times, Coralogix is a leading choice for thousands of organizations across the globe.

Learn more about Coralogix

Observability and Security
that Scale with You.

Enterprise-Grade Solution