Better than most of the products in the market, but not the best
What do you like best about the product?
Vulnerability views
Reporting
Dashboards
Tons of threat intelligence and research data integrated with the product by Rapid7. Stuff like Metasploit DB, AttackerKB and project Heisenberg are some of the best integrations.
Remediation Projects
Risk Scoring – the new Active Risk Scoring is awesome.
Scan Assistant (probably the best service for vuln scanning)
What do you dislike about the product?
The security console is a lot buggy.
Native Jira integration is not really native. Breaks all the time.
Sometimes it takes days to identify some vulnerabilities which is a major drawback especially for critical vulnerabilities (Jetbrains TeamCity CVSS10 vuln is one example, took it 3 days to identify vulnerable assets)
Too much administrative efforts to setup stuff.
What problems is the product solving and how is that benefiting you?
InsightVM is solving all our vulnerability management problems. It checks all the boxes starting from identification to remediation of a vulnerability. I cannot say it is a fully fledged and completely mature tool but it is far better than the other tools I’ve used in the past (Tenable, Qualys, MS Defender)
This post was originally published on 3rd party site mentioned in the title of this site