In Forrester’s evaluation of vulnerability risk management (VRM) vendors, Rapid7 received the highest possible scores in nine out of the 14 categories, including Digital Footprinting, Vulnerability Enumeration, and Risk-Based Prioritization.
Unlike Tenable’s solutions which employ a passive monitoring approach, Rapid7 InsightVM proactively looks at vulnerabilities from the attackers’ perspective—those that are easiest to exploit in an actual attack.
In The Total Economic Impact™ Of Rapid7 InsightVM, a November 2019 commissioned study conducted by Forrester Consulting on behalf of Rapid7, Forrester also finds that InsightVM customers a 342% return on investment over three years, along with a significant decrease in cybersecurity incidents and spend.
The Real Risk score in InsightVM assesses and prioritizes risk based on its potential impact to your organization and what attackers are actively doing in the wild. It factors in CVSS, malware and exploit exposure (via Metasploit and Exploit DB), exploitability, and vulnerability age to determine a granular, 1-1,000 score. Did we mention that InsightVM received the highest possible score in the criteria of Vulnerability Enumeration and Risk-Based Prioritization in the Forrester WaveTM?
Tenable touts its ability to determine the 3% of vulnerabilities most likely to be exploited in your environment with its “Predictive Prioritization” capabilities. What Tenable doesn’t tell you is that this index does not factor in your unique business context.
The results are clear: Customers who switched to InsightVM saved $2.3M in potential incidents and associated costs through up-front risk mitigation.
“Since using [InsightVM], we’ve cut down vulnerability detection and remediation time to under a week, added real-time progress tracking, and have more easily reported metrics to the C-suite. — James Cairns, IT Security Lead at Bow Valley College
InsightVM enables you to make measurable progress and effectively communicate that progress to executive stakeholders. Our customers tell us time and time again that value is easy to prove. In fact, Forrester Consulting found that customers see a 342% ROI over three years.
Unlike Tenable, InsightVM lets you track your efforts against goals—key metrics and KPIs that help demonstrate your team’s value to the security of your organization. Additionally, Remediation Projects in InsightVM identify individual steps that can reduce the most risk and inform you of how efficiently issues are resolved. The results from Goals and Remediation Projects can then be presented in a number of pre-built and customizable reports. Customers who switched to InsightVM have seen a 60% reduction in patching efforts.
Both Rapid7 and Tenable publish SLAs and guarantee 99.95% uptime. However, on the off-chance our system availability drops, only Rapid7 offers up to 100% service credit of the prorated monthly fee paid. Tenable caps service credits at a mere 10%.
Do either of these scenarios sound familiar?
These may be common challenges for security teams, but most vendors—including Tenable—don't provide you with the level of visibility needed to address them in an actionable or timely manner.
InsightVM directly integrates with Project Sonar, a Rapid7 research project that regularly scans the public internet to gain insights into global exposure to common vulns. Leveraging Attack Surface Monitoring with Project Sonar gives you a pulse on all of your external-facing, internet-connected assets, including those that may be undiscoverable with Tenable.
Vulnerability management is the cornerstone of every security program, but adapting to the evolving threat landscape requires purpose-built solutions that work together for threat detection and response, application security, automation, and more. At Rapid7, we partner with our customers to achieve their overall security goals—not just those specific to vulnerability management—while offering a simpler, unified line of sight across these best-of-breed solutions with the Insight cloud.
Let's take our Insight Agent as an example: With a shared agent across InsightVM and InsightIDR—a Visionary in the Gartner Magic Quadrant for Security Information and Event Management (SIEM) two years in a row—our customers get a holistic view of assets and the users behind them.
Tenable passes off its sole focus on vulnerability management as an advantage, but you’re the one left juggling multiple vendors and products with limited avenues to share data across them. Even Tenable’s own products—Nessus, Tenable.sc, and Tenable.io—don’t augment each other, causing many customers to have to purchase both Tenable.sc and Tenable.io, for example, to accomplish standard vulnerability management tasks.
Don't just take our word for it—hear why our customers choose the Insight cloud:
In addition to the streamlining provided by Remediation Projects, InsightVM also integrates with patch management tools like IBM BigFix and Microsoft SCCM and ticketing systems like Atlassian Jira to expedite the most tedious parts of your remediation process. Automation-Assisted Patching lets you take this one step further by automatically applying patches in a matter of minutes, rather than hours or days. This gives you back the time and resources to be more productive and focus on the more strategic aspects of your security strategy. In The Total Economic Impact™ Of Rapid7 InsightVM, a November 2019 commissioned study conducted by Forrester Consulting on behalf of Rapid7, Forrester found that customers who switch to InsightVM experience a 60% reduction in patching efforts.
Tenable can give you a view of your patching systems, but it cannot orchestrate these systems to patch issues in a timely, automated way.
That said, we know that not every vulnerability can be remediated: With Automated Containment in InsightVM, you can decrease exposure from vulnerabilities by automatically implementing temporary (or permanent) compensating controls via your Network Access Control (NAC) systems, Firewalls, and Endpoint Detection and Response tools; these can act as both stopgaps or long term solutions to reduce exposure.
With direct integrations with Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) across the Insight cloud, Rapid7 is uniquely positioned to provide full visibility of your cloud-based infrastructure and enhance your overall cloud security posture. Not only does InsightVM automatically detect when new devices are spun up or taken down, but the Insight Agent can also be embedded in cloud and virtual images so that infrastructure is assessed as soon as it's live. This assessment extends to the configuration of your cloud-based infrastructure.
As an AWS Advanced Technology Partner, Rapid7 also integrates with Security Hub to automatically share vulnerability findings related to AWS assets. Having this centralized view provides security, IT, and DevOps teams instantaneous visibility into potential risk and attack vectors in their cloud environment. While Tenable's integration ends here, we're able to close the loop with InsightConnect, our security orchestration and automation solution; this integration lets you take action on findings in Security Hub, such as kicking off automated workflows for remediation.
Comprehensive vulnerability management shouldn’t break the bank. InsightVM is priced based on the number of assets in your environment, and offers full functionality at no additional cost.
Here are just some of the InsightVM features and capabilities that often come at an extra charge with other vulnerability management vendors:
Tenable Nessus is a common entry point for those getting started with vulnerability management because of its low cost, but users learn its limitations quickly, often having to upgrade to Tenable.io at 10 times the cost. Even Tenable's SecurityCenter offering can't accommodate for organizations supporting a remote workforce.
Check out InsightVM Pricing for more details.
InsightVM makes it easy to collect information across your changing network. This includes the other components of your tech stack, such as VMWare, Amazon Web Services (AWS), Microsoft Azure, Docker, and McAfee ePO, as well as the automatic detection of new devices as they join your network.
Instead of monitoring and displaying every piece of network traffic, as with Tenable's passive vulnerability scanning, we identify the changes that truly impact your surface area and risk posture; this lets you monitor changes in your network without a deluge of false positives and the deployment of additional software. In fact, Forrester Consulting found that customers who switch to InsightVM see a 22% reduction in false positive alerts.