No more typing reviews! Try our Samantha, our new voice AI agent.

Rapid7 InsightIDR vs USM Anywhere comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Rapid7 InsightIDR
Ranking in Endpoint Detection and Response (EDR)
47th
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
33
Ranking in other categories
Security Information and Event Management (SIEM) (25th), User Entity Behavior Analytics (UEBA) (11th), Threat Deception Platforms (6th), Extended Detection and Response (XDR) (28th)
USM Anywhere
Ranking in Endpoint Detection and Response (EDR)
40th
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
115
Ranking in other categories
Log Management (29th), Security Information and Event Management (SIEM) (29th), Compliance Management (14th)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Prajwal Chougale - PeerSpot reviewer
SOC Analyst L2 at a tech services company with 51-200 employees
Centralized threat hunting has improved alert accuracy and simplifies incident investigations
I would say there are two areas for improvement: the reporting dashboard that provides insights or reports weekly or monthly lacks detailed information about how logs are being ingested. While the details are there, they could be more concise and easier to understand for any level of authority. The second area is alert tuning; compared to Microsoft Sentinel, Rapid7 InsightIDR provides fewer alerts with more static alert functionality and lacks dynamic alerting exposures. There could be improvements to learn from past alert activities for more dynamic alert configurations. These two areas are the main areas for improvement; everything else is good.
Kris Nawani - PeerSpot reviewer
Co-Founder/Director at Bangkok MSP Company Limited
Offers complete coverage without the need to install additional software
USM Anywhere is used for threat detection and investigation. It provides a solution with built-in threat intelligence and various other investigation tools The solution offers complete coverage without the need to install additional software, as it is maintained by the vendor. It helps in saving…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Cortex XDR is a very capable solution for protecting large networks and a lot of endpoints. It's very useful because the automation is very high, and if you combine it with the features on Palo Alto firewalls, it provides very strong protection."
"The tool is designed to scale for large enterprises and handle large volumes of data."
"Cortex is the best solution for avoiding security breaches, malware attacks, and other kinds of security issues."
"These days it's machine-learning technology and behavior-based analytics features that make us more secure."
"The most valuable feature of Cortex XDR by Palo Alto Networks is its machine-learning capabilities. Additionally, there is full integration with other solutions."
"Stability is a primary factor, and then there's the ease of distribution and policy management; Cortex XDR by Palo Alto Networks is very easy to work with, and we're quite happy with them."
"The biggest positive impact I see from Cortex XDR by Palo Alto Networks is a significant reduction in the number of people required to manage it."
"There are a lot of lead solutions in this space, however, Palo Alto is number one."
"The UI is very good."
"The log aggregation and storage provided by InsightIDR has shown no issues with scalability; aggregating over one hundred millions events daily."
"Rapid7 is easy to use and deploy. It is a simple solution and has easy data pulling."
"The alerting to drive investigations and remediation has been its most valuable feature, plus the ability to quickly search multiple logs makes investigations easier."
"If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities."
"We were able to identify criminals attempting to login from China and put a stop on their IP locations."
"The most valuable features have to do with ease-of-use, as it is easy to check the events, investigate suspicious activities, and do forensic analysis, and the web interface is great — very useful and user-friendly."
"During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an application belongs to a known ransomware group. The system rates the threat, offering a clear detection ratio, such as 97 out of 100. It not only identifies threats but also illustrates the associated behaviors, helping us understand the potential risk to a particular endpoint."
"AlienVault has an advanced component within one package. With this, we can cover more area with one solution."
"AT&T AlienVault USM is good for ELK Stack, the user experience is great because of its architecture. The ELK has a great performance and it has very good speed in the search and Kibana. Additionally, the visuals and dashboards and very nice and customizable."
"It helps to monitor the entire office in in a single point."
"It’s pretty easy to setup but to really take advantage you should have a dedicated person who will devote their time to customizing and utilizing the power this solution has."
"Students becoming acclimated to the product can go out into the field and have first-hand knowledge on how to use a USM or SIEM product."
"The solution also provides basic log storage options for periods of 15, 30, and 90 days."
"The setup is very easy and straightforward."
"The ease of implementation is the most valuable feature."
 

Cons

"The GUI could be improved. It's a little bit cumbersome. It could be more user-friendly."
"Cortex XDR could improve its sales support team, including better commission structures and referral programs."
"Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms."
"I think sometimes Cortex XDR agent automatically stops event capturing from the device, and then even the dashboard does not get any notifications from the agent."
"There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, is not user-friendly."
"Cortex XDR by Palo Alto Networks could improve by offering remote management. It would be useful to look at the client's issue to fix it."
"Fine-tuning the detection policy requires experience because the policy is very complex in Cortex XDR by Palo Alto Networks, and we get high false positive alerts."
"It is not a suitable solution if you are looking for a single product with multiple features such as DLP, encryption, rollback, etc."
"InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment."
"Lacks a mobile application."
"I chose eight out of ten because of the analytical rules; they lack dynamic rules, and also due to the dashboard and reporting part."
"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses.​"
"If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as a SIEM solution is."
"The product allows us to make only 30 custom rules."
"Personally, I feel it would greatly benefit from more supported log sources."
"Needs a better ability to customize the check within the console."
"The UI and overall processes need a little bit more love. This shows in the error banners that come up when you select certain things. There isn't a day that goes by that the UI doesn't error out and I can't view events for an alarm."
"Sometimes the log is unclear, and the report is a bit ambiguous."
"I had a renegade plugin that was installed by the company who helped me with the initial setup. The plugin was missing a command to rotate logs and would fill my hard drives capacity to full quickly."
"I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins."
"The solution is very user-friendly, but the dashboard could be improved as well as the level of customization."
"The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve. The tool has vulnerability scanning, but it is not that efficient."
"We've had some stability problems, not a lot, but a few. Updates seem to be the worst. That seems to be when the stability problems come up."
"The only recommended changes I can think of is to have the ability to filter logs."
 

Pricing and Cost Advice

"This is an expensive solution."
"Every customer has to pay for a license because it doesn't work with what you get from a managed services provider."
"The price was fine."
"The pricing is a little bit on the expensive side."
"Its pricing is kind of in line with its competitors and everybody else out there."
"It's the most expensive solution, but features-wise, it's quite strong. It's very good for protection, so the results are very good in the case of protection. I would rate it a two out of ten in terms of pricing."
"Our customers have expressed that the price is high."
"The pricing seems fair, and I do like the licensing model. You use wherever they are, and it is elastic."
"Rapid7 InsightIDR's pricing is reasonable but we have challenges with the Minimum Order Quantity. It is not reasonable for customers who have less than one hundred devices. If they can reduce Minimum Order Quantity, it is good. You have to pay around 5000-6000 dollars per year for the product. The pricing includes maintenance and support costs."
"Licensing is straightforward. If, for some reason, you don’t meet the minimum licensing requirements, there is a third-party managed service that can help."
"The pricing and licensing are competitive."
"The pricing of the solution depends on the user. But there is a yearly licensing cost."
"It is more reasonably priced than other vendors."
"It is a reasonably priced solution."
"Rapid7 InsightIDR is priced very well and is cost-effective."
"Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's also a provide-your-own-S3 option for longer retention if you don't want to pay for the additional retention years in your Rapid7 agreement."
"Negotiate the best package for your environment."
"I rate the price of AT&T AlienVault USM a four out of five."
"So far, it has been a good solution for a tight budget."
"It's very reasonably priced. It was one of the lowest among the ones I looked at. Licensing is pretty flexible. They can do a two-year or a three-year, even a one-year, perhaps."
"They are a little more expensive than Microsoft."
"Pricing is very competitive with other products and you get much more functionality from AlienVault."
"It's affordable for most customers."
"AlienVault is certainly not nearly as expensive as Splunk or QRadar. It's decently priced, but I don't have the exact figure."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
904,836 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Manufacturing Company
9%
Financial Services Firm
9%
Computer Software Company
8%
Comms Service Provider
7%
Construction Company
22%
Financial Services Firm
9%
Comms Service Provider
9%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business22
Midsize Enterprise5
Large Enterprise6
By reviewers
Company SizeCount
Small Business65
Midsize Enterprise29
Large Enterprise25
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is a...
What needs improvement with Rapid7 InsightIDR?
If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as ...
What is your primary use case for Rapid7 InsightIDR?
I am working with Rapid7 InsightOps and Rapid7 InsightIDR because the requirement is as such from the customer side, ...
What needs improvement with AT&T AlienVault USM?
There are scalability issues due to a 60 TB limit, which restricts its use for large customers like banks. It is also...
What is your primary use case for AT&T AlienVault USM?
USM Anywhere is used for threat detection and investigation. It provides a solution with built-in threat intelligence...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
InsightIDR
AT&T AlienVault USM, AlienVault, AlienVault USM, Alienvault Cybersecurity
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Liberty Wines, Pioneer Telephone, Visier
Abel & Cole, Bank of Ireland, Bluegrass Cellular, CareerBuilder, Claire's, Hays Medical Center, Hope International, McCurrach, McKinsey & Company, Party Delights, Pepco Holdings, Richland School District, Ricoh, SaveMart, Shake Shack, Steelcase, TaxAct, Taylor Morrison, Vonage and Zoom
Find out what your peers are saying about Rapid7 InsightIDR vs. USM Anywhere and other solutions. Updated: June 2026.
904,836 professionals have used our research since 2012.