InsightVM Product Features

The Rapid7 Insight Agent automatically collects data from all your endpoints, even those from remote workers and sensitive assets that cannot be actively scanned, or that rarely join the corporate network.

Most software dashboards are static: a snapshot of your risk at a particular time, unclickable and instantly out of date. InsightVM Live Dashboards are live and interactive by nature. You can easily create custom cards and full dashboards for anyone—from system admins to CISOs—and query each card with simple language to track progress of your security program.

CVSS-based risk scores can result in thousands of “critical” vulnerabilities, making it very difficult for security teams to best prioritize the vulnerabilities with the most risk reduction. With Active Risk, security teams can prioritize vulnerabilities on a 1-1000 scale indicating those that are actively being exploited in the wild or the likelihood of an attacker exploiting the vulnerability in a real attack. The score is based on the latest CVSS and enriched with multiple threat intelligence feeds, including proprietary Rapid7 research from Project Lorelei and AttackerKB to provide security teams with a threat-aware vulnerability risk score.

Trash the thousand-page remediation reports, complex spreadsheets, and confusing back-and-forth email tag. With Remediation Projects, security teams can assign and track remediation duties in real time, providing continuous visibility into how well issues are being fixed. Take it one step further by integrating InsightVM directly with IT's ticketing systems to fold remediation seamlessly into their daily workload.

As your organization grows and your infrastructure becomes more complex, maintaining visibility into your changing attack surface becomes more challenging. InsightVM directly integrates with Project Sonar, a Rapid7 research project that regularly scans the public internet to gain insights into global exposure to common vulns. By leveraging Attack Surface Monitoring with Project Sonar, you can be confident that you have a pulse on all of your external-facing assets, both known and unknown.

"The threat feeds in InsightVM let me sort through the noise of other "high" severity vulnerabilities with low probability of exploitation, and go straight to the vulns that matter—the ones that are actively targeted by attackers."

— Chad Kliewer, Information Security Officer at Pioneer Telephone

Leverage our researchers' insights into the threat landscape and recent attacker methods with complimentary Threat Feeds in InsightVM. This dynamic view shows you the threats that are most relevant to your environment, enabling you to better protect against current, impending threats and react quickly to critical, named vulnerabilities.

Between the notifications of high criticality vulns and back-and-forth email communications that frequently come with vulnerability assessment, we don't often get to ask ourselves, "what is the true effectiveness of my vulnerability management program?" This question becomes increasingly difficult to answer when the completion of remediation tasks spans multiple teams and projects. This is where Goals and SLAs come in.

With Goals and SLAs, you can ensure that you're making (and tracking) progress toward your goals and service level agreements (SLAs) at an appropriate pace, and maintaining compliance with the standards you've set for your program.

Your team should have the power to take control of your Security Console, not the other way around. InsightVM's RESTful API makes it (almost ridiculously) simple to accomplish more within your unique security program. It was built to easily automate virtually any aspect of vulnerability management, from data collection to risk analysis, and integrate InsightVM capabilities with your other processes.

Beyond your own internal security goals, we know many organizations are also accountable for compliance to various security policies and standards. InsightVM eases this process by offering pre-built scan templates for common compliance requirements. Once you've assessed your risk posture, you can take clear, actionable steps to compliance. To go a step further, Custom Policy Builder allows you to modify existing benchmarks or create new policies from scratch to meet the needs of your unique operating environment.