We performed a comparison between Rapid7 InsightIDR and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The log aggregation and storage provided by InsightIDR has shown no issues with scalability; aggregating over one hundred millions events daily."
"The solution is very stable and works very well for what I need it to do."
"If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities."
"The UI is very good."
"The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort through all the logs, network and endpoint data, etc., and add it to an incident case as part of the investigation, is nice. Having it automatically timeline that additional data into the original incident timeline, and correlate it to other notable events and activities on the network, results in a huge improvement in our overall confidence that we've quickly traced down the right source of an issue."
"Rapid7 InsightIDR integrates well with other solutions. It's also easy to configure because Rapid7 InsightIDR has a lot of instructions posted on their website that customers can follow if they need to get the source log."
"Dashboards, including the main screen, provide much-needed information at a glance, without hours of coding and sifting through logs to find it. In case of an actual security incident, I have faith that insightIDR has retained all logs in a secure manner that prevents log tampering as well."
"I like the tool's user analysis feature."
"It is easy to use."
"It is easy to use and deploy. It comes with user-friendly manuals."
"The most valuable feature in ESM is its search and reporting feature. It's really nice."
"The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use."
"Trellix ESM is very user-friendly."
"It can be easily deployed with the other solutions."
"It is user-friendly. The notification part of McAfee ESM is very easy."
"It enables us to detect malicious threats, issues, or vulnerabilities in our network."
"Rapid7 InsightIDR is not intuitive to search for logs. It should be more user-friendly and improve the dashboards. We should be able to use ready-made templates instead of having to build one."
"Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries."
"The solution's XDR agents cannot compete with the XDR solutions out there yet."
"The APIs can be further improved in Rapid7."
"The main problem lies in the processes within the client's operating systems."
"The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."
"Cloud risk assessment is one area where I think they need a lot of improvement."
"Tenable Nessus is easier to deal with. It's more efficient and accurate. InsightIDR is heavier than Tenable in terms of performance and scanning. Rapid7 would be much easier to use if it had a network connector like Tenable. Tenable's connector allows continuous monitoring over the B caps."
"I would like to see fingerprint recognition included in the next release of this solution."
"The only drawback is that they don't have any packet capturing or network behavior analysis."
"Product-wise, adding accounts on a single data source by batch would be a really great help."
"I would like to see good analytics in future releases."
"There should be support for multitenancy in the product."
"I would like to see improvements to the user interface."
"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."
"The support from McAfee ESM could improve. They could improve the speed."
Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 30 reviews while Trellix ESM is ranked 19th in Security Information and Event Management (SIEM) with 34 reviews. Rapid7 InsightIDR is rated 8.4, while Trellix ESM is rated 7.4. The top reviewer of Rapid7 InsightIDR writes "Helps in the management of compliance, secret events and information". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and IBM Security QRadar, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Trellix Helix. See our Rapid7 InsightIDR vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.