No more typing reviews! Try our Samantha, our new voice AI agent.

Netsurion vs Rapid7 InsightIDR comparison

Netsurion and Rapid7 are both solutions in the Security Information and Event Management (SIEM) category. Netsurion is ranked #54, while Rapid7 is ranked #21 with an average rating of 7.8. Additionally, 92% of Netsurion users are willing to recommend the solution, compared to 96% of Rapid7 users who would recommend it.
Sponsored
Cortex XDR by Palo Alto Net...
Read 109 Cortex XDR by Palo Alto Networks reviews
  • 14,649 Views
  • 6,006 Comparison Views
96% willing to recommend
Netsurion
Read 24 Netsurion reviews
  • 2,213 Views
  • 1,173 Comparison Views
92% willing to recommend
Rapid7 InsightIDR
Read 32 Rapid7 InsightIDR reviews
  • 7,072 Views
  • 3,395 Comparison Views
96% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Sep 18, 2024

Rapid7 InsightIDR and Netsurion are both major players in the cybersecurity market. Rapid7 InsightIDR seems to have the upper hand for its ease of deployment and an intuitive interface, while Netsurion stands out for its feature-rich capabilities and robust customer service.

Features: Rapid7 InsightIDR includes comprehensive incident detection, automated response features, and an intuitive interface. Netsurion offers extensive threat intelligence, real-time log monitoring, and detailed analytics.

Room for Improvement: Rapid7 InsightIDR could improve its customizability, reporting functionality, and integration with other tools. Netsurion could refine its integration process with other tools, improve user customization options, and enhance its reporting features.

Ease of Deployment and Customer Service: Rapid7 InsightIDR is commended for smooth deployment models and responsive customer service. Netsurion benefits from positive feedback on its deployment process and exceptional customer service.

Pricing and ROI: Rapid7 InsightIDR's pricing is considered reasonable given its ROI, but some users find initial setup costs high. Netsurion receives favorable reviews for pricing, with users highlighting strong ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Netsurion vs. Rapid7 InsightIDR Report (Updated: March 2026).
Buyer's Guide
Netsurion vs. Rapid7 InsightIDR
March 2026
Download the complete report
Helped 885,880 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Extended Detection and Response (XDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
109
Ranking in other categories
Endpoint Protection Platform (EPP) (5th), Endpoint Detection and Response (EDR) (7th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (2nd)
Netsurion
Ranking in Extended Detection and Response (XDR)
43rd
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
24
Ranking in other categories
Managed Security Services Providers (MSSP) (33rd), Security Information and Event Management (SIEM) (54th), SOC as a Service (15th), Managed Detection and Response (MDR) (37th)
Rapid7 InsightIDR
Ranking in Extended Detection and Response (XDR)
20th
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
32
Ranking in other categories
Security Information and Event Management (SIEM) (21st), User Entity Behavior Analytics (UEBA) (10th), Endpoint Detection and Response (EDR) (34th), Threat Deception Platforms (8th)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
ABHISHEK_SINGH
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Read full review
John-Berry - PeerSpot reviewer
John-Berry
Information Technology Manager at ProfitSolv
The SOC center monitors, hunts, and notifies us of threats around the clock
I know they are working to resolve this issue, but Netsurion is currently unable to retrieve logs from S3 buckets. We use WP Engine for a lot of web hosting as well as AWS, and both of these platforms use S3 buckets. I would like Netsurion to be able to pull logs from Linux devices. We have some of that capability, and I believe they can do it. However, the way it works with Amazon is strange and glitchy. Therefore, working something out with Amazon would be great. Netsurion's SOC can be a bit too aggressive at times. We have asked them to adjust their playbook because I am tired of being notified about the same issue multiple times a day. I am aware of the issue, and it is not a cause for concern. Let's only take action on this issue if we see an actual problem.
Read full review
SohailHyder - PeerSpot reviewer
SohailHyder
Head Of Cyber Security at Super Secure
Has supported compliance needs for mid-sized organizations but lacks customization and advanced integration
If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as a SIEM solution is. This is where it can improve if we keep in front the feature sets of a complete SIEM solution. Most common in the market is QRadar, but it is depleting now. It has been taken over by some other products such as Splunk and LogRhythm. If we compare these things with Rapid7 InsightIDR, then there are definitely some gaps that need to be filled. Data retention is also one concern because Rapid7 InsightIDR is cloud-based and operates on a subscription model. Whatever data you want to retain, it has to be paid for separately or it has a cost. Other solutions that are on-premises can have their own infrastructure or they provide some data retention for a month or in some capacity-wise, they provide that solution to them which makes them more attractive.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Palo Alto is constantly adding new features."
"It is a simple platform to use."
"The dashboard is customizable."
"It integrates well into the environment."
"Its interface and pricing are most valuable. It is better than other vendors in terms of security."
"Threat identification and detection are the most valuable features of this solution."
"Cortex XDR can integrate the firewalls and determine the tendencies of the attacks. It's a new generation antivirus, with protection endpoints and detection response. It is very easy to use and everybody can operate the solution."
"The solution helps find bugs, and it is safe to use to prevent attacks by hackers."
More Cortex XDR by Palo Alto Networks pros
"Netsurion's 24/7 monitoring has enhanced the overall security of the company."
"Netsurion has its own security operations center, where it tracks information that comes across our telemetry."
"Having this in place gives us the ability to see what's going on, on a daily basis, on all of our systems across the enterprise."
"Netsurion's security operations center is critical for us because they provide 24/7 monitoring, we've never had another company meet the same need in the past, and it's a valuable tool to have."
"The solution provides actionable threat intelligence, it is not a passive service, they go in and perform mitigations on whatever they find, it is timely, and they provide context so it is understood by anyone who receives these reports."
"There are a host of things that are most valuable. Obviously monitoring our environment and reporting out different events is important. They perform a suite of services. They monitor all of our servers, all of our key infrastructure, like our DNS, our switches, all that stuff. They aggregate and correlate that quarterly. They'll tell us if we're getting a lot of login failures and something is going on or if something's weird."
"The managed SOC has been huge for freeing up staff to work on other responsibilities, and we are saving on at least one full-time employee."
"The managed service has been invaluable to us in terms of being able to narrow the scope of what really needs to be looked at and bringing those things to our attention to be dealt with."
More Netsurion pros
"Previously, when something happened, such as when a hacker was attacking one of our customers, we were always behind, or we did not know that we were hacked until the ransomware started, but with the Rapid7 solution, at every step, we could online see what a person was doing, and we could prevent ransomware."
"Simple configuration and automatically syncs to the cloud platform."
"​​User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day."
"We were able to identify criminals attempting to login from China and put a stop on their IP locations."
"I definitely recommend Rapid7 InsightIDR."
"The ability to ingest Office 365 log files, then process them into events and display them on a map."
"Rapid7's reporting is more robust than Tenable's."
"Rapid7 InsightIDR integrates well with other solutions. It's also easy to configure because Rapid7 InsightIDR has a lot of instructions posted on their website that customers can follow if they need to get the source log."
More Rapid7 InsightIDR pros
 

Cons

"Data privacy is a matter of concern. You have to be careful with data privacy, it can be sensitive and Cortex can have most of your access."
"It takes time to scan the servers and devices."
"Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth."
"If you compare it to SentinelOne, which has more functionalities and detection capabilities on an open platform, the pricing on SentinelOne is far more reasonable and cheaper than Cortex XDR by Palo Alto Networks."
"A little bit more automation would be nice."
"The dashboard could use some significant improvement, just making it more useful with more information. It has a limited amount of information right now. It is customizable, but I'd love to see a better out-of-box dashboard."
"The solution should enhance the ADR and reporting."
"Palo Alto Networks Cortex XDR does not detect malicious activity like in other anti-virus solutions like Trend Micro and Windows with Cisco."
More Cortex XDR by Palo Alto Networks cons
"The system requirements are very, very high. So I need a pretty powerful server to run. If they could lighten that load so that the on-premise part of their product didn't impact my systems as much that would be ideal."
"Everything that I've wanted has been added in. EDR was added, and MITRE was added. Those were two big ones that we didn't even have to push for."
"There are some issues with searches taking a long period of time, but they assured me that they have implemented a new search function that's available in version 9, but which requires a solid-state hard drive."
"I would like to see a faster response when we see things like 15,000 lockouts."
"There are some issues with searches taking a long period of time, but they assured me that they have implemented a new search function that's available in version 9, but which requires a solid-state hard drive... Depending on how many logs you have it could take a long time to return the results if you're looking back prior to the last 30 days."
"Probably the biggest thing is just: Can I search for this and what's the best way to do it? If I'm looking for two events versus a singular event, I just throw it back at them."
"The weekly reporting could use some improvement. For example, when we handed them our landscape document, it took longer than I would have liked for those details to become noticeable within the reports."
"The threat detection and response is passive. We have asked if there were options for taking action, and we have not gotten any feedback on that, which would be useful to know. Depending on the situation and threat, some actions may not be possible, but we haven't gotten any feedback on what options could be directed and actionable with the understanding that it may have an extra cost. It would be nice to know or find out if it is actually possible to take actions by a SIEM service or a SIEM agent."
More Netsurion cons
"Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries."
"The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."
"The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."
"The product allows us to make only 30 custom rules."
"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses.​"
"I'd like to be able to get the compliance report within the solution which is currently not possible."
"Lacks a mobile application."
"InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment."
More Rapid7 InsightIDR cons
 

Pricing and Cost Advice

"The cost depends on your chosen license type, like Pro or other licenses."
"Our license will require renewal in August, after which the maintenance will continue as usual."
"The pricing seems fair, and I do like the licensing model. You use wherever they are, and it is elastic."
"The price of the product is not very economical."
"Cortex XDR's pricing is ok."
"It has reasonable pricing for the use cases it provides to the company."
"It's about $55 per license on a yearly basis."
"I did PoCs on products called Cylance and CrowdStrike. Although, I consider these products and they were also good, when it come to cost and budgetary factors, Traps has been proven to be better than the other two products. It is quite cost-effective and delivers all the entire solution which we require."
More Cortex XDR by Palo Alto Networks pricing and cost advice
"Licensing is very easy. Our CIO takes care of the billing, but in terms of price point, he hasn't complained, so it must be good."
"It is a bit expensive as compared to some of the other products that have come out in recent years. Expense-wise, the only downside is that it is not cheap."
"Our budget follows the calendar year. We just started a new budget year at the beginning of the month. We did budget for an increase in our threat management system selection. Therefore, we have the budget to implement and accommodate a threat management system change, including an increase for the quoted actions that we received to improve EventTracker. We are just waiting on our council to approve that budget, which might not be for a little while. Hopefully, when they do, we will be able to jump on doing something."
"We put together the package of what we needed. It was based pretty much on the number of agents that we were deploying. If we needed to manage logging from certain specific applications, like Active Directory and SQL Server, there has been no additional cost for that. We had agents deployed for those specific servers and the applications were included, then there was just an additional installation that they had to do for us."
"You are paying for different levels, especially as far as the monitoring goes and how often you review it with the team. The other factor that figures in is how many nodes are on your network, such as clients, network equipment, servers, etc. There are some additional pieces on top of that, but it's laid out pretty simply, as far as how much you're going to pay for a node."
"When we first got the EventTracker product, we were using SIEM Simplified. At the time they didn't call it that, but it was more of a service thing. So, there was a bit more hand-holding and getting stuff set up, along with failure reports, that they did during the first one to two years. Then, we decided that the the additional money to have someone do these daily reports wasn't terribly useful, so we discontinued that service."
"I don't know if the pricing is by the seat but we're paying about $20,000 to 25,000 a year. On top of that, we pay for the managed support services. That runs us about another $35,000 or $40,000 a year."
"In the security space, it's hard to quantify your return on investment. So, I don't. We spend about $40,000 a year and so. It's hard to say if the SIEM saved that much money."
More Netsurion pricing and cost advice
"Rapid7 InsightIDR is a cheaply priced product. On a scale of one to ten, where one is very expensive, and ten is very cheap, I rate the product's price at seven or eight."
"​Accurately predict your licensing counts as this is a subscription based product.​"
"Rapid7 InsightIDR's pricing is reasonable but we have challenges with the Minimum Order Quantity. It is not reasonable for customers who have less than one hundred devices. If they can reduce Minimum Order Quantity, it is good. You have to pay around 5000-6000 dollars per year for the product. The pricing includes maintenance and support costs."
"It is more reasonably priced than other vendors."
"It is on a yearly basis. For our own company, for about 250 users, it was 16,000 euros a year."
"Rapid7 InsightIDR is priced very well and is cost-effective."
"The pricing and licensing are competitive."
"Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's also a provide-your-own-S3 option for longer retention if you don't want to pay for the additional retention years in your Rapid7 agreement."
More Rapid7 InsightIDR pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
See recommendations
885,880 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
13%
Financial Services Firm
13%
Manufacturing Company
7%
Comms Service Provider
7%
Performing Arts
12%
Construction Company
9%
Manufacturing Company
8%
Outsourcing Company
8%
Financial Services Firm
9%
Computer Software Company
9%
Manufacturing Company
8%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business44
Midsize Enterprise20
Large Enterprise48
By reviewers
Company SizeCount
Small Business10
Midsize Enterprise7
Large Enterprise7
By reviewers
Company SizeCount
Small Business20
Midsize Enterprise5
Large Enterprise6
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
See all answers
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
See all answers
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
See all answers
Ask a question
Earn 20 points
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is a...
See all answers
What is your experience regarding pricing and costs for Rapid7 InsightIDR?
The product pricing is very cheap.
See all answers
What needs improvement with Rapid7 InsightIDR?
If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as ...
See all answers
 

Comparisons

Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks Logo
Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks
Compared 8% of the time
SentinelOne Singularity Complete vs Cortex XDR by Palo Alto Networks Logo
SentinelOne Singularity Complete vs Cortex XDR by Palo Alto Networks
Compared 5% of the time
CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks Logo
CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks
Compared 4% of the time
Cortex XSIAM vs Cortex XDR by Palo Alto Networks Logo
Cortex XSIAM vs Cortex XDR by Palo Alto Networks
Compared 4% of the time
Symantec Endpoint Security vs Cortex XDR by Palo Alto Networks Logo
Symantec Endpoint Security vs Cortex XDR by Palo Alto Networks
Compared 3% of the time
More Cortex XDR by Palo Alto Networks Competitors
IBM Security QRadar vs Netsurion Logo
IBM Security QRadar vs Netsurion
Compared 7% of the time
GoSecure Titan Platform vs Netsurion Logo
GoSecure Titan Platform vs Netsurion
Compared 5% of the time
Splunk Enterprise Security vs Netsurion Logo
Splunk Enterprise Security vs Netsurion
Compared 5% of the time
Legato Security vs Netsurion Logo
Legato Security vs Netsurion
Compared 4% of the time
ManageEngine Log360 vs Netsurion Logo
ManageEngine Log360 vs Netsurion
Compared 4% of the time
More Netsurion Competitors
Microsoft Sentinel vs Rapid7 InsightIDR Logo
Microsoft Sentinel vs Rapid7 InsightIDR
Compared 4% of the time
Splunk Enterprise Security vs Rapid7 InsightIDR Logo
Splunk Enterprise Security vs Rapid7 InsightIDR
Compared 4% of the time
CrowdStrike Falcon vs Rapid7 InsightIDR Logo
CrowdStrike Falcon vs Rapid7 InsightIDR
Compared 3% of the time
Rapid7 InsightVM vs Rapid7 InsightIDR Logo
Rapid7 InsightVM vs Rapid7 InsightIDR
Compared 3% of the time
Adlumin Security Operations vs Rapid7 InsightIDR Logo
Adlumin Security Operations vs Rapid7 InsightIDR
Compared 3% of the time
More Rapid7 InsightIDR Competitors
 

Product Reports

Buyer's Guide
Cortex XDR by Palo Alto Networks
April 2026
Cortex XDR by Palo Alto Networks reportDownload Cortex XDR by Palo Alto Networks product report
Buyer's Guide
Netsurion
March 2026
Netsurion reportDownload Netsurion product report
Buyer's Guide
Rapid7 InsightIDR
March 2026
Rapid7 InsightIDR reportDownload Rapid7 InsightIDR product report
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Netsurion Managed Threat Protection, Netsurion EventTracker
InsightIDR
 

Overview

Cortex XDR by Palo Alto Networks provides advanced threat detection with AI-driven endpoint protection and seamless integration, ensuring multi-layered security and automatic threat response.

Cortex XDR is designed to safeguard endpoints against malware and suspicious activities. It offers advanced threat detection and response capabilities using behavioral analysis, AI, and machine learning. It seamlessly integrates with security infrastructures, providing endpoint security, firewall integration, and enhanced visibility in both cloud-based and on-premises environments.

What are the key features of Cortex XDR?
  • Advanced Threat Detection: Uses AI and machine learning for proactive threat identification.
  • Multi-layered Security: Combines various security measures for comprehensive protection.
  • Endpoint Protection: Safeguards against malware and exploits.
  • Behavioral Analysis: Monitors suspicious activity for early detection.
  • Automatic Threat Response: Automates responses to neutralize threats.
What benefits should users expect?
  • Ease of Use: Simplifies security management with intuitive design.
  • Resource Efficiency: Minimizes impact on system resources.
  • Integration Capabilities: Works well with existing security setups.
  • Reduced Analyst Workload: Automates processes to decrease manual intervention.

Organizations in diverse sectors deploy Cortex XDR to protect against malware, leveraging its advanced threat detection capabilities. Its integration with existing security infrastructures appeals to those seeking comprehensive protection in both cloud and on-premises environments, providing enhanced visibility and threat intelligence.

Palo Alto Networks

Netsurion offers robust SIEM capabilities enhanced by managed services, facilitating efficient threat identification and response with real-time alerts and comprehensive reporting.

Netsurion stands out for its integration of SIEM, IDS, and vulnerability management. Its real-time threat alerts and dashboards enhance user response capabilities. With centralized logging from Windows, Linux, Cisco devices, firewalls, and Active Directory, Netsurion enables effective compliance support for HIPAA and PCI standards. Managed Threat Protection with the embedded MITRE ATT&CK Framework enhances threat intelligence, while its evolving interface aims to improve user interactions. However, some users find deployment and searching challenging, pointing to areas for improvement.

What are Netsurion's key features?
  • SIEM Capabilities: Efficient threat identification using real-time alerts and dashboards.
  • Managed Services: Provides remote monitoring and advisory support.
  • Comprehensive Reporting: Assists in compliance and actionable insights.
  • MITRE ATT&CK Framework: Enhances threat intelligence and management.
  • Seamless Integration: Works with existing systems for streamlined operations.
What benefits should users consider in reviews?
  • Threat Response Tool: Rapid identification and response to security incidents.
  • Usability: Efforts to evolve and simplify user interactions.
  • Operational Efficiency: Streamlined processes through integration and managed services.
  • Compliance Support: Assistance with industry standards like HIPAA and PCI.

Netsurion is frequently implemented in industries requiring comprehensive security monitoring and compliance, such as healthcare and finance. It aids businesses in consolidating security efforts, offering insights into user activities and system changes, an asset for companies lacking substantial internal resources.

Netsurion

Parsing hundreds of trivial alerts. Managing a mountain of data. Manually forwarding info from your endpoints. Forget that. InsightIDR instantly arms you with the insight you need to make better decisions across the incident detection and response lifecycle, faster.

Rapid7
 

Sample Customers

CBI Health Group, University Honda, VakifBank
The Salvation Army, The FRESH Market, Pacific Western Bank, NASA, American Academy of Orthopaedic Surgeons (AAOS), and Talbot’s Stores
Liberty Wines, Pioneer Telephone, Visier
Buyer's Guide
Netsurion vs. Rapid7 InsightIDR
March 2026
Free Report: Netsurion vs. Rapid7 InsightIDR
Find out what your peers are saying about Netsurion vs. Rapid7 InsightIDR and other solutions. Updated: March 2026.
DOWNLOAD NOW
885,880 professionals have used our research since 2012.
See our Netsurion vs. Rapid7 InsightIDR report.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.