No more typing reviews! Try our Samantha, our new voice AI agent.

Devo vs Rapid7 InsightIDR comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Devo
Ranking in Security Information and Event Management (SIEM)
27th
Average Rating
8.4
Reviews Sentiment
6.6
Number of Reviews
25
Ranking in other categories
Log Management (27th), IT Operations Analytics (7th), AIOps (19th)
Rapid7 InsightIDR
Ranking in Security Information and Event Management (SIEM)
25th
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
32
Ranking in other categories
User Entity Behavior Analytics (UEBA) (11th), Endpoint Detection and Response (EDR) (47th), Threat Deception Platforms (6th), Extended Detection and Response (XDR) (28th)
 

Mindshare comparison

As of July 2026, in the Security Information and Event Management (SIEM) category, the mindshare of Devo is 1.2%, up from 1.1% compared to the previous year. The mindshare of Rapid7 InsightIDR is 2.2%, down from 2.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Rapid7 InsightIDR2.2%
Devo1.2%
Other96.6%
Security Information and Event Management (SIEM)
 

Featured Reviews

FR
Strategic Account Executive at a computer software company with 51-200 employees
Has improved investigative workflows with interactive dashboards and simplified data correlation
The data analytics cloud component focuses on real-time analytics, which is very impressive. The SIEM collects and correlates logs data from different sources and can integrate with ServiceNow, hardware asset management, and software asset management. The security orchestration, automation, and response (SOAR) is another valuable feature. The security data platform serves as the foundation of Devo. Regarding advanced query capabilities, Devo offers several models including query logs, visual query builder, language integrated query, and SQL, with SQL being the most frequently used querying data capability. The single pane of glass that Devo offers is the SOC. The tools in Devo's active ports are for investigating, not just viewing data. They are more interactive than other market solutions. The drill-down reports capabilities allow analysts to click on any element in a widget. When they see a spike in a line chart for a failed login, which could be a true or false attempt, they can click that spike, and a table widget on the same active board instantly populates with raw logs of data for those specific failed logins. This is particularly important for enterprise companies with numerous endpoints and users. The dynamic filtering of inputs significantly reduces the time cybersecurity analysts spend trying to figure out failed logins and identifying false positives.
SohailHyder - PeerSpot reviewer
Head Of Cyber Security at Super Secure
Has supported compliance needs for mid-sized organizations but lacks customization and advanced integration
If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as a SIEM solution is. This is where it can improve if we keep in front the feature sets of a complete SIEM solution. Most common in the market is QRadar, but it is depleting now. It has been taken over by some other products such as Splunk and LogRhythm. If we compare these things with Rapid7 InsightIDR, then there are definitely some gaps that need to be filled. Data retention is also one concern because Rapid7 InsightIDR is cloud-based and operates on a subscription model. Whatever data you want to retain, it has to be paid for separately or it has a cost. Other solutions that are on-premises can have their own infrastructure or they provide some data retention for a month or in some capacity-wise, they provide that solution to them which makes them more attractive.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The querying and the log-retention capabilities are pretty powerful. Those provide some of the biggest value-add for us."
"The most powerful feature is the way the data is stored and extracted. The data is always stored in its original format and you can normalize the data after it has been stored."
"It's very, very versatile."
"Having one integrated tool helped us by removing the multiple teams, multiple pieces of equipment, and multiple software solutions from the equation."
"Devo has improved our visibility, log management efficiency, and investigation capabilities positively."
"It centralizes security management within a business, functioning as a core system for a SOC."
"Devo saves us hours in every investigation."
"Scalability is one of Devo's strengths."
"The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort through all the logs, network and endpoint data, etc., and add it to an incident case as part of the investigation, is nice. Having it automatically timeline that additional data into the original incident timeline, and correlate it to other notable events and activities on the network, results in a huge improvement in our overall confidence that we've quickly traced down the right source of an issue."
"It gives all the advantages of a SIEM, however, using clever AI, it looks for patterns of behavior rather than just flooding me with all the alerts."
"I have seen that Rapid7 InsightIDR provides security to the networks and endpoints in the company."
"I am able to run automated actions based on the output of reports, leaving me extra time to focus on more pressing matters."
"Intelligent alerting to avoid the common problem of alert fatigue associated with traditional SIEMs."
"The technical support is a solid 10 out of 10 as they take the time to answer any questions or problems which may arise in a reasonable time frame."
"I like the tool's user analysis feature."
"It improved my organization by building a security alerting program."
 

Cons

"There is room for improvement in the ability to parse different log types. I would go as far as to say the product is deficient in its ability to parse multiple, different log types, including logs from major vendors that are supported by competitors. Additionally, the time that it takes to turn around a supported parser for customers and common log source types, which are generally accepted standards in the industry, is not acceptable. This has impacted customer onboarding and customer relationships for us on multiple fronts."
"The Activeboards feature is not as mature regarding the look and feel."
"One improvement area for Devo could be simplifying some configuration and improving the onboarding for new analysts because it is quite complex for fresher or new analysts who are handling Devo."
"There are some issues from an availability and functionality standpoint, meaning the tool is somewhat slow. There were some slow response periods over the past six to nine months, though it has yet to impact us terribly as we are a relatively small shop. We've noticed it, however, so Devo could improve the responsiveness."
"Some basic reporting mechanisms have room for improvement."
"We only use the core functionality and one of the reasons for this is that their security operation center needs improvement."
"It's stable but it's not extremely stable."
"Some of the documentation could be improved a little bit. A lot of times it doesn't go as deep into some of the critical issues you might run into. They've been really good to shore us up with support, but some of the documentation could be a little bit better."
"The main problem lies in the processes within the client's operating systems."
"The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."
"InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment."
"The product allows us to make only 30 custom rules."
"The ability to tune the collector for custom logs would greatly help."
"One thing that springs to mind is easier API integration with ITSMs."
"Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries."
"I would like the ability to adjust the threshold of certain existing alerts. Currently the only option is to change the notifications or create my own alert."
 

Pricing and Cost Advice

"It's a per gigabyte cost for ingestion of data. For every gigabyte that you ingest, it's whatever you negotiated your price for. Compared to other contracts that we've had for cloud providers, it's significantly less."
"Pricing is based on the number of gigabytes of ingestion by volume, and it's on a 30-day average. If you go over one day, that's not a big deal as long as the average is what you expected it to be."
"The way Devo prices things is based on the amount of data, and I wish the tiers had more granularity. Maybe at this point they do, but when we first negotiated with them, there were only three or four tiers."
"It's very competitive. That was also a primary draw for us. Some of the licensing models with solutions like Splunk and Sentinel were attractive upfront, but there were so many micro-charges and services we would've had to add on to make them what we wanted. We had to include things like SOAR and extended capabilities, whereas all those capabilities are completely included with the Devo platform. I haven't seen any additional fee."
"I like the pricing very much. They keep it simple. It is a single price based on data ingested, and they do it on an average. If you get a spike of data that flows in, they will not stick it to you or charge you for that. They are very fair about that."
"Devo was very cost-competitive... Devo did come with that 400 days of hot data, and that was not the case with other products."
"Be cautious of metadata inclusion for log types in pricing, as there are some "gotchas" with that."
"Devo is a hosted or subscription-based solution, whereas before, we purchased QRadar, so we owned it and just had to pay a maintenance fee. We've encountered this with some other products, too, where we went over to subscription-based. Our thought process is that with subscription based, the provider hosts and maintains the tool, and it's offsite. That comes with some additional fees, but we were able to convince our upper management it was worth the price. We used to pay under 10k a year for maintenance, and now we're paying ten times that. It was a relatively tough sell to our management, but I wonder if we have a choice anymore; this is where the market is."
"It is on a yearly basis. For our own company, for about 250 users, it was 16,000 euros a year."
"The pricing is good, and it is not very expensive."
"The pricing and licensing are competitive."
"Rapid7 InsightIDR charges us based on the endpoints we connect to."
"Rapid7 InsightIDR is a cheaply priced product. On a scale of one to ten, where one is very expensive, and ten is very cheap, I rate the product's price at seven or eight."
"Rapid7 InsightIDR's pricing is reasonable but we have challenges with the Minimum Order Quantity. It is not reasonable for customers who have less than one hundred devices. If they can reduce Minimum Order Quantity, it is good. You have to pay around 5000-6000 dollars per year for the product. The pricing includes maintenance and support costs."
"​I am sure that there are cheaper products out there, but none that meet so many of our needs whilst maintaining stability and usability.​"
"Rapid7 InsightIDR is priced very well and is cost-effective."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
904,146 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
14%
Construction Company
10%
Manufacturing Company
9%
Outsourcing Company
8%
Financial Services Firm
9%
Manufacturing Company
9%
Computer Software Company
8%
Comms Service Provider
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise5
Large Enterprise12
By reviewers
Company SizeCount
Small Business21
Midsize Enterprise5
Large Enterprise6
 

Questions from the Community

What is your experience regarding pricing and costs for Devo?
Pricing generally depends on the scale, data ingestion requirements, and integrations for what the enterprise monitoring needs. I have not been part of the procurement process, so I am not aware of...
What needs improvement with Devo?
One improvement area for Devo could be simplifying some configuration and improving the onboarding for new analysts because it is quite complex for fresher or new analysts who are handling Devo.UI ...
What is your primary use case for Devo?
Devo serves as our centralized log monitoring, threat investigation, alert monitoring, and security analytics platform. We use it to collect logs from multiple systems so we can correlate the event...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What needs improvement with Rapid7 InsightIDR?
If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as a SIEM solution is. This is where it can improve if we keep in front the feature...
What is your primary use case for Rapid7 InsightIDR?
I am working with Rapid7 InsightOps and Rapid7 InsightIDR because the requirement is as such from the customer side, particularly the banks. Whatever the requirement is, these are the products that...
 

Also Known As

No data available
InsightIDR
 

Overview

 

Sample Customers

United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel
Liberty Wines, Pioneer Telephone, Visier
Find out what your peers are saying about Devo vs. Rapid7 InsightIDR and other solutions. Updated: June 2026.
904,146 professionals have used our research since 2012.