Rapid7 partners with customers to achieve their security goals and advance their programs—not just scan assets, patch vulnerabilities, and repeat.
In The Total Economic Impact™ Of Rapid7 InsightVM, a November 2019 commissioned study conducted by Forrester Consulting on behalf of Rapid7, Forrester finds that InsightVM customers see a 342% return on investment over three years, along with a significant decrease in cybersecurity incidents and spend.
The Real Risk score in InsightVM assesses and prioritizes risk based on its potential impact to your organization and what attackers are actively doing in the wild. It factors in CVSS, malware and exploit exposure (via Metasploit and Exploit DB), exploitability, and vulnerability age to determine a granular, 1-1,000 score. Did we mention that InsightVM received the highest possible score in the criteria of Vulnerability Enumeration and Risk-Based Prioritization in the Forrester WaveTM?
Tenable touts its ability to determine the 3% of vulnerabilities most likely to be exploited in your environment with its “Predictive Prioritization” capabilities. What Tenable doesn’t tell you is that this index does not factor in your unique business context.
The results are clear: Customers who switched to InsightVM saved $2.3M in potential incidents and associated costs through up-front risk mitigation.
“Since using [InsightVM], we’ve cut down vulnerability detection and remediation time to under a week, added real-time progress tracking, and have more easily reported metrics to the C-suite. — James Cairns, IT Security Lead at Bow Valley College
InsightVM enables you to make measurable progress and effectively communicate that progress to executive stakeholders. Our customers tell us time and time again that value is easy to prove. In fact, Forrester Consulting found that customers see a 342% ROI over three years.
Unlike Tenable, InsightVM lets you track your efforts against Goals and SLAs—key metrics and KPIs that help demonstrate your team’s value to the security of your organization. Additionally, Remediation Projects in InsightVM identify individual steps that can reduce the most risk and inform you of how efficiently issues are resolved. The results from Goals and SLAs and Remediation Projects can then be presented in a number of pre-built and customizable reports. Customers who switched to InsightVM have seen a 60% reduction in patching efforts.
Both Rapid7 and Tenable publish SLAs and guarantee 99.95% uptime. However, on the off-chance our system availability drops, only Rapid7 offers up to 100% service credit of the prorated monthly fee paid. Tenable caps service credits at a mere 10%.
We also publicly report our uptime and provide transparency around our SLA.
Do either of these scenarios sound familiar?
These may be common challenges for security teams, but most vendors—including Tenable—don't provide you with the level of visibility needed to address them in an actionable or timely manner.
InsightVM directly integrates with Project Sonar, a Rapid7 research project that regularly scans the public internet to gain insights into global exposure to common vulns. Leveraging Attack Surface Monitoring with Project Sonar gives you a pulse on all of your external-facing, internet-connected assets, including those that may be undiscoverable with Tenable.
Vulnerability management is the cornerstone of every security program, but adapting to the evolving threat landscape requires purpose-built solutions that work together for threat detection and response, application security, automation, and more. At Rapid7, we partner with our customers to achieve their overall security goals—not just those specific to vulnerability management—while offering a simpler, unified line of sight across these best-of-breed solutions with the Insight cloud.
Let's take our Insight Agent as an example: With a shared agent across InsightVM and InsightIDR—a Leader in the Gartner Magic Quadrant for Security Information and Event Management (SIEM)—our customers get a holistic view of assets and the users behind them. To extend risk protection to the application layer, customers can go beyond application discovery in InsightVM to test and remediate with InsightAppSec, the highest rated DAST solution by an independent research firm three years in a row. Rapid7 was the only full stack vulnerability risk management vendor to be evaluated for its application security capabilities.
Tenable passes off its sole focus on vulnerability management as an advantage, but you’re the one left juggling multiple vendors and products with limited avenues to share data across them. Even Tenable’s own products—Nessus, Tenable.sc, and Tenable.io—don’t augment each other, causing many customers to have to purchase both Tenable.sc and Tenable.io, for example, to accomplish standard vulnerability management tasks.
Don't just take our word for it—hear why our customers choose the Insight cloud:
"Being able to interface on the dev level with the people who are actually building the product and who have written the API and the integrations is really huge... We’re excited to continue to build out the agent API with Rapid7."
— Christina Galligan, Director of Cybersecurity Operations at Rackspace
Comprehensive vulnerability management shouldn’t break the bank. InsightVM is priced based on the number of assets in your environment, and offers full functionality at no additional cost.
Here are just some of the InsightVM features and capabilities that often come at an extra charge with other vulnerability management vendors:
Tenable Nessus is a common entry point for those getting started with vulnerability management because of its low cost, but users learn its limitations quickly, often having to upgrade to Tenable.io at 10 times the cost. Even Tenable's SecurityCenter offering can't accommodate for organizations supporting a remote workforce.
Check out InsightVM Pricing for more details.
InsightVM makes it easy to collect information across your changing network. This includes the other components of your tech stack, such as VMWare, Amazon Web Services (AWS), Microsoft Azure, Docker, and McAfee ePO, as well as the automatic detection of new devices as they join your network.
Instead of monitoring and displaying every piece of network traffic, as with Tenable's passive vulnerability scanning, we identify the changes that truly impact your surface area and risk posture; this lets you monitor changes in your network without a deluge of false positives and the deployment of additional software. In fact, Forrester Consulting found that customers who switch to InsightVM see a 22% reduction in false positive alerts.