The Total Economic Impact™ Of Rapid7 InsightVM, a November 2019 commissioned study conducted by Forrester Consulting on behalf of Rapid7 shows that customers experienced a significant decrease in cybersecurity incidents and spend when switching to Rapid7 from one of our vulnerability risk management competitors. This translates to 342% return on investment (ROI) over three years for these InsightVM customers.
As stated by a Deputy CISO at a higher education institution who was interviewed for the study, "The value [of InsightVM] has been exceptional. We've grown substantially in the past years without growing cost at the same time. We've been able to continue mitigating risks as they have come quickly."
InsightVM helps security professionals effectively identify, assess, prioritize, and remediate vulnerabilities. Beyond providing best-of-breed functionality, InsightVM helps to extend security’s influence and align technical teams to reduce risk and accelerate progress towards common goals.
No matter the measure of success, InsightVM is built to give security professionals clarity, influence, and progress. Let’s dive into how.
How InsightVM helps you gain clarity into risk
InsightVM not only provides visibility into vulnerabilities, but also offers clarity into the operations, objectives, and impact of security programs for stakeholders across the organization. The result is a deeper understanding of risk and alignment towards common goals.
In fact, a key finding from the Forrester TEI study states that InsightVM provides a 33% reduction in investigation efforts compared to the competition. This is a result of better reporting and actionable insights that helped customers make visible progress.
With InsightVM, your entire attack surface is covered—on-premises, remote, cloud, virtual, and containerized assets are all identified and tracked. Even those external-facing assets that you may not even know exist can be identified using Attack Surface Monitoring with Project Sonar, a standard InsightVM feature.
Improving risk assessment
Additionally, InsightVM provides a 22% reduction in false positives compared to the competition. This is no surprise, given InsightVM is the only vulnerability risk management product with a bilateral integration with Metasploit Pro to validate exploitable vulnerabilities.
And it’s not just vulnerabilities on your assets that InsightVM notifies you about—it also considers cloud misconfigurations. Think about your AWS cloud assets like S3 buckets. Ensuring these are properly configured is a major undertaking. With InsightVM, you can rest easy knowing that any AWS cloud misconfigurations will be brought to your attention to fix.
Okay, so InsightVM has what you need to identify risk in your ecosystem, but how do you determine what to fix first?
InsightVM’s Real Risk score goes beyond CVSS when it comes to assessing and prioritizing risk. It also factors in malware and exploit exposure (via Metasploit Framework and Exploit DB), exploitability, and vulnerability age to determine a granular, 1-1,000 score. Doing so provides you with visibility on the potential impact to your organization and what attackers are actively doing in the wild.
How InsightVM extends security’s influence
InsightVM provides the foundation for security teams to expand their influence and eliminate silos by having a common language and shared objectives.
By enabling collaboration and influencing their peers in IT and development, security professionals using InsightVM can achieve a more efficient vulnerability risk management process.
Case in point: IT-integrated Remediation Projects and Goals & SLAs in InsightVM. These features provide a slew of benefits, including easy project scoping, integration with ticketing systems like ServiceNow and Jira, and solution-based remediation.
According to a Director of InfoSec at a healthcare provider who switched over to InsightVM from the competition, “The other problem with the competitor was the remediation instructions not being specific. While InsightVM told us the specific actions to remediate, the competitor would describe to us broadly and ask us to read articles for vulnerabilities."
How InsightVM helps you see shared progress
InsightVM is not another reactive security tool. It’s designed to support proactive, cross-functional programs by creating a sense of accountability and impact across teams as the organization tracks and celebrates Security’s progress.
Progress gained by InsightVM is best illustrated through Forrester’s TEI finding that InsightVM reduces patching efforts by 60% compared to the competition. According to the study, patching automation and improved workflows with InsightVM helped customers streamline the remediation process.
Mundane, repeatable tasks like patching can be automated with Automation-Assisted Patching. InsightVM integrates directly with BigFix and SCCM to carry this out, which enables you to control workflows as much or as little as you want.
With Automated Containment, you can decrease exposure from vulnerabilities by automatically implementing temporary (or permanent) compensating controls via your Network Access Control (NAC) systems, Firewalls, and Endpoint Detection and Response tools; these can act as both stopgaps or long term solutions to reduce exposure.
And, of course, all of these efforts to reduce risk would be meaningless if we couldn’t properly measure and report on them. Luckily, InsightVM’s reporting capabilities are known for their flexibility and customizability.
As stated by one customer interviewed for the TEI study, “The dashboards and reports in InsightVM are very flexible. We’re able to present the material in any number of different ways, so it’s nice. The C-level like the executive summaries and everyone else is getting the exact information that they need.”
The tangible results are clear: Up-front risk reduction with InsightVM helped customers avoid potential incidents and associated costs, saving them $2.3M over three years.
Source: The Total Economic Impact™ Of Rapid7 InsightVM, a November 2019 commissioned study conducted by Forrester Consulting on behalf of Rapid7