Rapid7 InsightIDR vs Trellix ESM comparison

"InsightIDR’s ability to process millions of transactions per day, and to notify me of the most critical ones, is priceless. InsightIDR has the alerts tuned, and has the ability to quickly drill down to determine the threat level."

"If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities."

"InsightIDR helps us investigate an environment to discover information about incidents."

"​​User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day."

"The solution is very scalable in terms of the licensing model."

"The solution is easy to use, and the interface is intuitive."

"I rate Rapid7 nine out of 10 for affordability"

"The alerting to drive investigations and remediation has been its most valuable feature.​"

"Compared to other solutions, the user interface is good."

"It is easy to use and deploy. It comes with user-friendly manuals."

"The tool's effectiveness depends on how you define your log sources. To build visibility of incoming and outgoing traffic, you need logs from perimeter defense, firewalls, web application firewalls, and endpoint protection. With good traffic visibility, incident response time is really quick."

"The product’s most valuable feature is log monitoring."

"The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."

"The most valuable feature is for the security operation center because it provides visibility of all traffic within the company infrastructure."

"Trellix ESM is very user-friendly."

"It is user-friendly. The notification part of McAfee ESM is very easy."

"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."

"The dashboard is an area that could be simplified."

"The ability to tune the collector for custom logs would greatly help."

"Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."

"The solution needs improvement in threat intelligence. Increasing the depth of intelligence to help users understand more about threats is a possibility. My suggestion is to expand access to other websites or resources."

"Lacks a mobile application."

"One thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not."

"InsightIDR's integration with other solutions could be improved. Also, I'd like more control from the portal over what's happening on the endpoint side. For example, when I see an attack on an endpoint, I want to be able to stop it from the portal."

"It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI."

"There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee."

"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."

"Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface."

"McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support. It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better."

"The solution needs to improve case management. The UI is confusing."

"The initial setup is difficult and could improve."

"I would like to see fingerprint recognition included in the next release of this solution."

"I rate Rapid7 InsightIDR's price a four on a scale of one to ten, where one is cheap, and ten is expensive."

"Rapid7 InsightIDR charges us based on the endpoints we connect to."

"​I am sure that there are cheaper products out there, but none that meet so many of our needs whilst maintaining stability and usability.​"

"​Accurately predict your licensing counts as this is a subscription based product.​"

"Rapid7 InsightIDR's pricing is reasonable but we have challenges with the Minimum Order Quantity. It is not reasonable for customers who have less than one hundred devices. If they can reduce Minimum Order Quantity, it is good. You have to pay around 5000-6000 dollars per year for the product. The pricing includes maintenance and support costs."

"Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's also a provide-your-own-S3 option for longer retention if you don't want to pay for the additional retention years in your Rapid7 agreement."

"Rapid7 InsightIDR is a cheaply priced product. On a scale of one to ten, where one is very expensive, and ten is very cheap, I rate the product's price at seven or eight."

"It is on a yearly basis. For our own company, for about 250 users, it was 16,000 euros a year."

"The pricing is good, and they are competitive compared to providers such as RSA and IBM QRadar."

"The cost is all included. The finance department handles the financial part, and we mostly don't get involved in it."

"We renew our license annually."

"The price of McAfee ESM is higher than some of the other solutions. There are additional features that can be added at an additional fee."

"The cost is dependent on the customer's environment and requirements."

"When compared to IBM Security QRadar and other similar platforms, the pricing of McAfee ESM is reasonable and comparatively less expensive."

"Regarding pricing, Trellix ESM is not that expensive. It's less than half the cost of IBM QRadar."

"The pricing is fair."