Rapid7 InsightVM

What is Rapid7 InsightVM?

Rapid7 InsightVM is a vulnerability management platform that uses AI for risk prioritization and remediation automation. It is part of the Rapid7 Command Platform.

Key differentiators:

• Active Risk Scoring - scoring considering threat context
• Live Dashboards - real-time visibility
• Remediation Projects - remediation workflow
• 500+ integrations - ITOps automation

Active Risk Scoring

Unlike traditional CVSS, Active Risk Score considers:

graph LR
    subgraph "Traditional CVSS"
        A[Severity Score] --> B[Priority]
    end

    subgraph "Active Risk Score"
        C[CVSS Base] --> G[Active Risk]
        D[Exploit Availability] --> G
        E[Malware Usage] --> G
        F[Attacker Activity] --> G
        H[Business Context] --> G
    end

Active Risk Factors:

• CVSS Base Score - base vulnerability assessment
• Exploit Availability - exploit availability
• Malware Usage - usage in malware
• Attacker Activity - attacker activity
• Asset Criticality - asset criticality

Scanning Features

Discovery Methods

Method	Description	Use Case
Agent-based	Insight Agent on endpoint	Endpoints, servers
Agentless	Network scanning	Legacy, OT
Cloud API	Cloud provider integration	AWS, Azure, GCP
Container	Image scanning	Docker, Kubernetes

Scanning Scope

• Operating systems - Windows, Linux, macOS
• Applications - 80,000+ vulnerability checks
• Configurations - CIS Benchmarks, DISA STIG
• Cloud - AWS, Azure, GCP misconfigurations
• Containers - Docker, Kubernetes

Remediation Projects

InsightVM offers a unique approach to remediation:

[Vulnerability] --> [Remediation Project] --> [Assignment] --> [Tracking] --> [Verification]
                          |
                    [SLA Deadline]
                          |
                    [Progress Reports]

Remediation Projects Features:

• Vulnerability grouping - by solution, not individual CVEs
• Owner assignment - ticketing system integration
• SLA tracking - deadline monitoring
• Progress dashboards - progress visibility
• Auto-verification - automatic fix verification

Compliance & Reporting

Supported Standards

• CIS Benchmarks - Center for Internet Security
• PCI DSS - Payment Card Industry
• HIPAA - Healthcare compliance
• DISA STIG - Department of Defense
• NIST - National Institute of Standards

Reporting

• Executive dashboards - management view
• Technical reports - IT details
• Trend analysis - trend analysis
• Remediation reports - remediation reports
• Compliance reports - compliance reports

Integrations

ITSM & Ticketing

• ServiceNow (certified integration)
• Jira
• BMC Remedy
• Zendesk

Patch Management

• Microsoft SCCM/MECM
• Ivanti
• ManageEngine
• BigFix

SIEM/SOAR

• Splunk
• IBM QRadar
• Cortex XSOAR

Automation

• RESTful API
• PowerShell module
• Python SDK

Insight Agent

Lightweight agent for continuous monitoring:

• Size: ~25 MB
• CPU usage: <1%
• Memory: ~50 MB
• Automatic updates - self-updating
• Offline capability - offline operation

Agent Capabilities:

• Continuous vulnerability assessment
• Real-time asset data
• Log collection (for InsightIDR)
• Credential-less scanning

Who is it for?

Rapid7 InsightVM is for organizations that:

• Have many systems to monitor
• Need prioritization of thousands of vulnerabilities
• Require remediation workflow
• Want integration with ITSM and patch management

Comparison with Tenable

Feature	InsightVM	Tenable.io
Active Risk Scoring	✅	VPR
Remediation Projects	✅	✅
Agent	✅	✅
Cloud scanning	✅	✅
Container scanning	✅	✅
SIEM integration	✅ (InsightIDR)	Partial
Pricing model	Per-asset	Per-asset

Deployment with nFlo

1. Scoping - scanning scope definition
2. Architecture - scanning architecture design
3. Deployment - Scan Engine and Insight Agent installation
4. Configuration - scan and policy configuration
5. Integration - ITSM/patching integration
6. Training - team training
7. Optimization - tuning and optimization