Rapid7 InsightIDR vs Trellix ESM comparison

"Log search allows us to dive deep into aggregated logs and query all event types at once.​"

"I have seen that Rapid7 InsightIDR provides security to the networks and endpoints in the company."

"Dashboards, including the main screen, provide much-needed information at a glance, without hours of coding and sifting through logs to find it. In case of an actual security incident, I have faith that insightIDR has retained all logs in a secure manner that prevents log tampering as well."

"The solution is easy to use, and the interface is intuitive."

"The technical support is a solid 10 out of 10 as they take the time to answer any questions or problems which may arise in a reasonable time frame."

"During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an application belongs to a known ransomware group. The system rates the threat, offering a clear detection ratio, such as 97 out of 100. It not only identifies threats but also illustrates the associated behaviors, helping us understand the potential risk to a particular endpoint."

"Very intuitive and easy to set up."

"InsightIDR’s ability to process millions of transactions per day, and to notify me of the most critical ones, is priceless. InsightIDR has the alerts tuned, and has the ability to quickly drill down to determine the threat level."

"It is user-friendly. The notification part of McAfee ESM is very easy."

"The product’s most valuable feature is log monitoring."

"The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it."

"The most valuable feature is the capability to correlate different events from different platforms that we feed into it."

"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."

"The most valuable feature in ESM is its search and reporting feature. It's really nice."

"I rate the tool's deployment an eight out of ten. The deployment is completed in two days."

"It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints."

"Inability to get access to compliance reports within the solution."

"The ability to tune the collector for custom logs would greatly help."

"Rapid7 InsightIDR is not intuitive to search for logs. It should be more user-friendly and improve the dashboards. We should be able to use ready-made templates instead of having to build one."

"I would like to see more development in InsightIDR towards building their SIEM solution and converting it to XDR."

"InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment."

"Currently, it lacks the functionalities provided by Rapid7's User Behavior Analytics (UBA)."

"Cloud risk assessment is one area where I think they need a lot of improvement."

"One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level."

"It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI."

"It is more difficult to operate Trellix ESM than other solutions."

"The product's stability is an area of concern where improvements are required."

"Tech support is required each time there is a system update of the solution."

"I would like to see good analytics in future releases."

"We cannot add new data sources to the most recent version."

"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."

"There's no software support from McAfee."

"The pricing and licensing are competitive."

"​Accurately predict your licensing counts as this is a subscription based product.​"

"Rapid7 InsightIDR charges us based on the endpoints we connect to."

"Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's also a provide-your-own-S3 option for longer retention if you don't want to pay for the additional retention years in your Rapid7 agreement."

"It is on a yearly basis. For our own company, for about 250 users, it was 16,000 euros a year."

"Rapid7 InsightIDR's pricing is reasonable."

"I rate Rapid7 InsightIDR's price a four on a scale of one to ten, where one is cheap, and ten is expensive."

"Rapid7 InsightIDR is priced very well and is cost-effective."

"The price is good. It's moderate. We follow a pay-as-you-go model. There are different models available, and they can also be monthly. You can choose monthly or yearly. It's very flexible. If our existing customers exceed the current plan, you can just call McAfee and get it extended."

"When compared to IBM Security QRadar and other similar platforms, the pricing of McAfee ESM is reasonable and comparatively less expensive."

"You should buy the distributed option instead of the all-in-one for environments with more than 1000 end points."

"The licensing cost is based on EPS."

"The cost is all included. The finance department handles the financial part, and we mostly don't get involved in it."

"The product is slightly expensive."

"McAfee is the right choice for a low-budget solution."

"Regarding pricing, Trellix ESM is not that expensive. It's less than half the cost of IBM QRadar."