NetWitness Platform vs Rapid7 InsightIDR comparison

NetWitness and Rapid7 are both solutions in the Security Information and Event Management (SIEM) category. NetWitness is ranked #23 with an average rating of 7.8, while Rapid7 is ranked #9 with an average rating of 8.1. NetWitness holds a 0.6% mindshare in SIEM, compared to Rapid7’s 2.6% mindshare. Additionally, 74% of NetWitness users are willing to recommend the solution, compared to 95% of Rapid7 users who would recommend it.

NetWitness Platform

Read 36 NetWitness Platform reviews

1,186 Views
764 Comparison Views

74% willing to recommend

Rapid7 InsightIDR

Read 32 Rapid7 InsightIDR reviews

4,623 Views
2,719 Comparison Views

95% willing to recommend

NetWitness Platform

Rapid7 InsightIDR

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 18, 2024

NetWitness Platform and Rapid7 InsightIDR compete in the cybersecurity tools category. Rapid7 InsightIDR seems to have the upper hand due to better features and customer service, despite NetWitness Platform being more affordable.

Features: NetWitness Platform offers robust threat detection, analytics, and comprehensive visibility. Rapid7 InsightIDR is favored for its simplicity, effective incident detection, and user-friendliness, leading to quicker threat identification.

Room for Improvement: NetWitness Platform needs enhancements in configuration complexity, integration with other tools, and easier deployment. Rapid7 InsightIDR could improve its alerting system, provide more customization options, and enhance its reporting features.

Ease of Deployment and Customer Service: NetWitness Platform is criticized for its lengthy deployment process and the need for expert handling. Rapid7 InsightIDR stands out with smoother deployment and better user support, making it easier to implement.

Pricing and ROI: NetWitness Platform is known for lower setup costs and decent ROI, but requires additional investment in expertise. Rapid7 InsightIDR, while more expensive, offers higher ROI due to its advanced features and effective threat management, justifying the higher cost.

To learn more, read our detailed NetWitness Platform vs. Rapid7 InsightIDR Report (Updated: January 2025).

Buyer's Guide

NetWitness Platform vs. Rapid7 InsightIDR

January 2025

Download the complete report

Helped 838,713 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

NetWitness Platform

Ranking in Security Information and Event Management (SIEM)

23rd

Average Rating

7.4

Reviews Sentiment

7.5

Number of Reviews

Ranking in other categories

Log Management (22nd)

Rapid7 InsightIDR

Ranking in Security Information and Event Management (SIEM)

9th

Average Rating

8.4

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

User Entity Behavior Analytics (UEBA) (3rd), Endpoint Detection and Response (EDR) (21st), Threat Deception Platforms (5th), Extended Detection and Response (XDR) (15th)

Mindshare comparison

As of February 2025, in the Security Information and Event Management (SIEM) category, the mindshare of NetWitness Platform is 0.6%, down from 0.8% compared to the previous year. The mindshare of Rapid7 InsightIDR is 2.6%, down from 2.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Information and Event Management (SIEM)

Featured Reviews

MdZaman

IT manager at a agriculture with 10,001+ employees

Really scalable for enterprise customers

The solution should have more integration capabilities with different platforms. The API is nearly open and scalable, so the solution can integrate with many platforms. The solution has more than 200 log sources in the scalability to support, but this is its limit. Installation is pretty easy. However, there are a couple of modules involved, so it is not as easy as it could be. We are talking about a distributed module, not a single-module type. This is what makes things a bit complex, instead of easier. I rate it as a seven out of ten on its installation and configuration capabilities.

Read full review

Asim Naeem

Principal IT Security & Compliance at IBEX Holdings Ltd

Providing comprehensive insight into alerts while working towards AI enhancement

I definitely recommend Rapid7 InsightIDR. It is becoming better, with improvements being continuously made to the product. Right now, I do not have any advice about Rapid7 for other users because every organization or user has different criteria or multiple use cases, so I refrain from commenting on that. I rate the overall solution seven out of ten.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"NetWitness Platform is valuable for creating rules that the solution must detect."

"The most valuable features are the threat prediction and network forensics."

"Incident management is its most valuable feature."

"The most valuable features are the integration and ease of use."

"The most valuable feature is the hunting ability to work in a CERT."

"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."

"The most valuable features are its ingestion of logs and raising of alerts based on those logs."

"The product has a user-friendly interface and a valuable feature for threat intelligence integration."

More NetWitness Platform pros

"It improved my organization by building a security alerting program."

"The solution is very scalable in terms of the licensing model."

"I rate Rapid7 nine out of 10 for affordability"

"Simple configuration and automatically syncs to the cloud platform."

"Rapid7's reporting is more robust than Tenable's."

"Another very important part of insightIDR is the ability to collect data from endpoint devices via agent software. With a large remote workforce, this allows visibility into the endpoints that are connected to the internet, but not to the corporate network."

"It is a very stable solution."

"The solution provides satisfying native integration features"

More Rapid7 InsightIDR pros

Cons

"The initial setup is complex. There are other solutions that are easier to implement."

"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."

"Its technical support could be better."

"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."

"I believe that integrating the solution with other products such as Oracle would be beneficial."

"The multi-tenant capabilities are lagging compared to IBM QRadar."

"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."

"More customizability is required, which is something that they need to improve on."

More NetWitness Platform cons

"The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."

"InsightIDR's integration with other solutions could be improved. Also, I'd like more control from the portal over what's happening on the endpoint side. For example, when I see an attack on an endpoint, I want to be able to stop it from the portal."

"One thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not."

"Rapid7 InsightIDR is not intuitive to search for logs. It should be more user-friendly and improve the dashboards. We should be able to use ready-made templates instead of having to build one."

"The ability to tune the collector for custom logs would greatly help."

"There is a future in AI with Rapid7, however, it is not fully operated. There are certain limitations with Rapid7 that I am working on."

"The main problem lies in the processes within the client's operating systems."

"The solution needs improvement in threat intelligence. Increasing the depth of intelligence to help users understand more about threats is a possibility. My suggestion is to expand access to other websites or resources."

More Rapid7 InsightIDR cons

Pricing and Cost Advice

"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."

"We are on an annual license for the use of the solution."

"It is cheap."

"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."

"The product price was reasonable for my region and the market."

"It’s cheaper to run virtual machines in a VMware environment."

"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."

"It provides tools to assist in selecting the appropriate license and usage scenarios."

More NetWitness Platform pricing and cost advice

"Licensing is straightforward. If, for some reason, you don’t meet the minimum licensing requirements, there is a third-party managed service that can help."

"Rapid7 InsightIDR is a cheaply priced product. On a scale of one to ten, where one is very expensive, and ten is very cheap, I rate the product's price at seven or eight."

"Rapid7 InsightIDR is priced very well and is cost-effective."

"I rate Rapid7 InsightIDR's price a four on a scale of one to ten, where one is cheap, and ten is expensive."

"I am sure that there are cheaper products out there, but none that meet so many of our needs whilst maintaining stability and usability."

"It is more reasonably priced than other vendors."

"Accurately predict your licensing counts as this is a subscription based product."

"The pricing and licensing are competitive."

More Rapid7 InsightIDR pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

838,713 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at Deloitte & Touche

Feb 26, 2015

HP ArcSight vs. IBM QRadar vs. McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm

We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…

Read full review

Top Industries

By visitors reading reviews

Financial Services Firm

18%

Computer Software Company

17%

Government

Insurance Company

Computer Software Company

16%

Financial Services Firm

Manufacturing Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about NetWitness Platform?

The product's initial setup phase was not at all difficult.

See all answers

What is your experience regarding pricing and costs for NetWitness Platform?

The product price was reasonable for my region and the market.

See all answers

What needs improvement with NetWitness Platform?

From an improvement perspective, the NetWitness Platform needs to release new features and improve in areas like log correlation. The tool needs to have easier integrations with the cloud. Building...

See all answers

What SOC product do you recommend?

For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...

See all answers

What do you like most about Rapid7 InsightIDR?

During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an applicati...

See all answers

What is your experience regarding pricing and costs for Rapid7 InsightIDR?

The product pricing is very cheap.

See all answers

Comparisons

Splunk Enterprise Security vs NetWitness Platform

Compared 35% of the time

IBM Security QRadar vs NetWitness Platform

Compared 19% of the time

RSA enVision vs NetWitness Platform

Compared 12% of the time

Cisco Secure Network Analytics vs NetWitness Platform

Compared 10% of the time

Microsoft Sentinel vs NetWitness Platform

Compared 9% of the time

More NetWitness Platform Competitors

Darktrace vs Rapid7 InsightIDR

Compared 12% of the time

Microsoft Sentinel vs Rapid7 InsightIDR

Compared 10% of the time

Rapid7 InsightVM vs Rapid7 InsightIDR

Compared 8% of the time

CrowdStrike Falcon vs Rapid7 InsightIDR

Compared 5% of the time

Splunk Enterprise Security vs Rapid7 InsightIDR

Compared 5% of the time

More Rapid7 InsightIDR Competitors

Product Reports

Buyer's Guide

NetWitness Platform

February 2025

Download NetWitness Platform product report

Buyer's Guide

Rapid7 InsightIDR

February 2025

Download Rapid7 InsightIDR product report

Also Known As

RSA Security Analytics

InsightIDR

Overview

NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

NetWitness

Parsing hundreds of trivial alerts. Managing a mountain of data. Manually forwarding info from your endpoints. Forget that. InsightIDR instantly arms you with the insight you need to make better decisions across the incident detection and response lifecycle, faster.

Rapid7

Sample Customers

Los Angeles World Airports, Reply

Liberty Wines, Pioneer Telephone, Visier

Buyer's Guide

NetWitness Platform vs. Rapid7 InsightIDR

January 2025

Free Report: NetWitness Platform vs. Rapid7 InsightIDR

Find out what your peers are saying about NetWitness Platform vs. Rapid7 InsightIDR and other solutions. Updated: January 2025.

DOWNLOAD NOW

838,713 professionals have used our research since 2012.

See our NetWitness Platform vs. Rapid7 InsightIDR report.

See our list of best Security Information and Event Management (SIEM) vendors.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.