Hey everyone,
My organization has been using Rapid7 for Vulnerability Management, but I have to say that it hasn't been my favorite tool—just not a fan for several reasons. I know part of it might just be me needing to learn it better, but if I had to consider switching, what would you recommend? I've heard good things about Tenable, but I'm curious about other options that are also user-friendly and intuitive. Any suggestions?
10 Answers
Tenable does have its own issues, but what problems are you having with Rapid7? I could tell you if Tenable handles those better.
Your username gives me old school vibes! Love it!
In my experience, Tenable is reliable and offers a clean user interface packed with data. Their support might not be the best, but we rarely need to reach out to them. Compared to AW, Rapid7 was a nightmare for us.
Don't underestimate Rapid7! It might just take some extra training to really grasp it. They offer courses and even an assessment of your setup to help out. Plus, don't forget Wazuh has a vulnerability detection module.
Consider integrating your vulnerability management tool with an inventory or RMM tool. Many of these have integrations that could help you visualize the data more effectively.
Any good RMM tools you would recommend?
Honestly, you probably just need to get better at using Rapid7. It’s not that complicated once you get the hang of it. I've tried all the major tools, and while they all have their pros and cons, Rapid7 competes well with them.
You’re right—I’m still figuring it out. I've been through several trainings, but they're not super helpful, and Rapid7's support didn’t provide the best training either.
I totally understand your frustration with Rapid7. It’s powerful but can be a bit clunky. I think Tenable is probably the best alternative for day-to-day use, especially when you're preparing reports. Qualys is another option that offers more than just basic scanning, and tools like OpenVAS or Defender can feel less outdated.
I've been thinking about this too. So many tools out there!
DefectDojo is another tool worth considering. It can centralize vulnerability management and incorporate reports from multiple tools, which might add more visibility.
It sounds like what you really need is a dependable patch management tool that shows vulnerabilities for each endpoint along with solutions.
If you’re not a fan of Rapid7, Tenable (Nessus/Tenable.io) and Qualys are solid alternatives with good dashboards and easy reporting. OpenVAS is a free option too, plus Microsoft Defender offers good vulnerability management features if you're already using Microsoft products.
I'm mostly looking for a simple way to see which hosts have vulnerabilities, like being able to click once and get the hostnames. Is that too much to ask? Or does it not work that way?