Rapid7 InsightIDR Reviews

I used the solution to monitor networks and prevent them from real-time threats.

The solution's most valuable feature is its ability to fetch insights on threats and log activities. 

They should add more configuration and security features to the solution.

I have used the solution for more than a year and a half.

I rate the solution's stability as a seven.

We have two thousand customers using the solution. It works best for the medium-scale industry. I rate its scalability as an eight.

The solution's initial setup is easy. The deployment process involves installing and collecting agents to communicate with the systems. In the case of multiple machines, it takes around five to six months to complete it. I rate the process as an eight.

The solution's license costs around Rs. 20,00,000. It is more reasonable than other vendors. I rate its pricing as an eight.

Compared to other solutions, Rapid7 is more flexible to use. We install, gather, and monitor logs easily with its help. I rate it as an eight.

I was looking for a behavior analytics solution to help me monitor our users' activity and to notify of any suspicious activity.

InsightIDR was able to meet those needs and even exceed it by providing full SIEM capabilities, even for devices they don’t support directly. Most importantly, I don’t need a team of people dedicated to log collecting and sifting.

With the full suite of Rapid7 products, I am able to provide effective oversight to the information security program with measurable progress. This is a very difficult thing to measure with the ever-changing threat landscape. Dashboards, including the main screen, provide much-needed information at a glance, without hours of coding and sifting through logs to find it. In case of an actual security incident, I have faith that insightIDR has retained all logs in a secure manner that prevents log tampering as well.

InsightIDR’s ability to process millions of transactions per day, and to notify me of the most critical ones, is priceless. InsightIDR has the alerts tuned, and has the ability to quickly drill down to determine the threat level, which is very important to me as a one-person security department.

Another very important part of insightIDR is the ability to collect data from endpoint devices via agent software. With a large remote workforce, this allows visibility into the endpoints that are connected to the internet, but not to the corporate network.

I would like the ability to adjust the threshold of certain existing alerts.  Currently the only option is to change the notifications or create my own alert. 

I have not encountered any stability issues with the local collector. On the rare occasion that the cloud part of insightIDR is undergoing maintenance or having other issues, I usually receive a notification from Rapid7 before I even notice a problem.

I have not seen any issues with scalability. On average, insightIDR is processing about 60 million events per day from my environment.

The technical support folks at Rapid7 are a great bunch of folks. I haven’t had much need to contact them, but when I have they have been extremely professional and will escalate issues and suggestions to developers, if needed.

I actually purchased the predecessor, InsightUBA, which quickly changed into the insightIDR that we have today. There was no other previous solution.

Setup was extremely simple. An implementation specialist was assigned to me to help get me started and to learn my environment and challenges.

For the most part, all communications are sent to a log aggregation server. It is as simple as pointing syslogs to that server. For some, such as Active Directory and Exchange, there are plugins that are simple to install on those servers to make sure the appropriate logs are sent.

From InsightIDR, it is as simple as choosing from a list of supported log sources, or you can create a generic log source by specifying a port number. It’s that simple.

Licensing is straightforward. If, for some reason, you don’t meet the minimum licensing requirements, there is a third-party managed service that can help.

I did not consider any other options in depth. Most other options I saw required one or more full-time employees to maintain.

In the past I have made several requests and have had the opportunity to work with developers and user-interface specialists to add enhancements to the product. The effort that Rapid7 puts into the user interface, after gaining first-hand use-case information directly from us, the end users, is unprecedented.  Even when I worked for much larger companies, I did not see so many suggestions turn into reality.

Be sure to take full advantage of the agents. I have not seen any performance problems on the endpoints, and having this level of information from outside the network is difficult otherwise.

Visibility and response.

I am able to run automated actions based on the output of reports, leaving me extra time to focus on more pressing matters.

The ability to ingest Office 365 log files, then process them into events and display them on a map. This feature is particularly useful as it allows us to view students who are attempting to bypass our content filters, and it shows us users who have been phished.

Personally, I feel it would greatly benefit from more supported log sources. Additionally, the ability to tune the collector for custom logs would greatly help.

Product is cloud-based. Thus far, it has proven to be stable.

No product scales extremely well

The technical support is a solid 10 out of 10 as they take the time to answer any questions or problems which may arise in a reasonable time frame.

Initial setup was straightforward. 

I had a support engineer sit with me through the whole process over the course of three days. He was a huge help!

This is a great product. The team is very willing to work with companies. My suggestion is to call the Rapid7 sales department and see how they can help.

We did PoC with a couple of other products. However, Rapid7 InsightIDR was the best product for our needs and budget.

We evaluated LogRhythm and AlienVault. Both were inferior in regards to pricing or performance.

I used it in my previous company. We were the integrator of the solution, and also a partner of Rapid7 at the time. 

We used it for security monitoring and also for analytics. We used it for our own company, and like an MSSP, we sold this to our customers. So, we did security monitoring for our customers and interim response for them.

It was cloud-based, and I was using its latest version.

Previously, when something happened, such as when a hacker was attacking one of our customers, we were always behind, or we didn't know that we were hacked until the ransomware started. With the Rapid7 solution, at every step, we could online see what a person was doing, and we could prevent ransomware. Previously, we could never say it can be really prevented, but with Rapid7, we could see the first steps of what they were trying to do, and we could mitigate those steps before there is a big outage.

The biggest reason why we chose Rapid7 was to gain value in a really quick time. Its deployment doesn't take months. It just takes a few days.

When something is happening, such as there is hacking or something else going on, the information provided is really helpful. It almost tells you what to do. It is enriched with a lot of information.

One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level.

It could have intelligence. It is available as a separate product but not as a part of the platform itself.

It is definitely stable. We never have any outages. I would rate it a ten out of ten in terms of stability.

It is definitely scalable. I would rate it a ten out of ten in terms of scalability.

We had six users who were monitoring the systems. There were 10 customers with about 10,000 employees in total.

They are responsive, but there is scope for improvement. I would rate them an eight out of ten.

Positive

It is straightforward. I would rate it a nine out of ten in terms of the ease of setup.

In terms of maintenance, it is all cloud-based. So, the maintenance is done by the vendor.

It must be really high, but we never looked at the real numbers.

It is on a yearly basis. For our own company, for about 250 users, it was 16,000 euros a year.

We had a list of three products. We tried them all, and in the end, we went for Rapid7 because it was easy to deploy, and it required little or no maintenance. The price was another reason.

One of the biggest reasons why we chose it as our security platform was that it is not only for security monitoring. We could see a lot of improvements coming over the next couple of years. Automation is one of the things that will be really important in the next few years. It is already there, but we didn't buy it.

I would rate it a nine out of ten.

We are using Rapid7 to provide threat detection and response services to our clients. It covers 1,200 users and 1,100 assets. 

Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already.

I have used Rapid7 for about three years. 

I rate Rapid7 six out of 10 for scalability. 

Setting up Rapid7 is simple. You only need to download the agents and collectors. It's a cloud-based solution with on-premise agents. Five security admins manage the solution.

We worked with the vendor during the initial installation. Our system is hybrid, so some of our endpoints are being scanned directly from the cloud, but others use the collectors. 

I rate Rapid7 nine out of 10 for affordability 

I rate Rapid7 InsightIDR six out of 10.

We provide InsightIDR for our banking and ICT clients. 

InsightIDR helps us investigate an environment to discover information about incidents. 

InsightIDR's integration with other solutions could be improved. Also, I'd like more control from the portal over what's happening on the endpoint side. For example, when I see an attack on an endpoint, I want to be able to stop it from the portal. 

I have used InsightIDR for four years. 

I rate InsightIDR 10 out of 10 for stability. 

I rate InsightIDR six out of 10 for scalability. The licensing model limits the scalability. The licenses are defined based on assets, so you have to purchase more licenses as you add assets. It's suitable for a small or medium-sized company. We have about 250 users. 

I rate Rapid7 support nine out of 10.

Positive

I rate InsightIDR eight out of 10 for ease of setup. It takes about seven working days to deploy. We install a connector on the LAN, which links up to the cloud and becomes one of your event sources. Next, you need to integrate everything with the console.

I rate InsightIDR six out of 10 for affordability. It isn't the cheapest solution I've seen, but it offers a greater value than less expensive competitors. 

I rate InsightIDR eight out of 10. It's worth a try. InsightIDR provides excellent visibility and threats. The network detection is fast, so you get alerts as soon as something happens. 

I use the solution for its SIEM functionalities, log analysis, and behavioral analysis.

The solution is easy to use, and the interface is intuitive.

Currently, it lacks the functionalities provided by Rapid7's User Behavior Analytics (UBA). So, User Behavior Analytics (UBA) should be added in the new release.

I have been using the solution for two years. My company has a partnership with Rapid7.

It is a stable solution. My customers are happy to use it.

I do not have any plans to expand the usage of the solution. Currently, one hundred people are using the solution.

I have not used the technical support.

Previously, I used IBM.

I was not involved in the initial setup as I am not an engineer.

The pricing is good, and it is not very expensive.

I rate the overall solution a nine out of ten.

The main use case for InsightIDR is to investigate threat activity that can compromise the internal customer environment. We can track a threat from the first attempt or breach. Then we can investigate the threat from start to finish. 

InsightIDR's dashboard shows you live activity from the threat. 

InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment. So it's a challenge to get the customer to see the benefits of a cloud-based product in terms of ROI. If they switch to a cloud application, they won't have to pay for hardware maintenance or inventory. So with the next update, the customers want to see how it applies to their environment and its advantages over on-premise solutions. 

We've been using InsightIDR for two years.

InsightIDR runs on the cloud and communicates with the log collector on a local computer, so performance depends on the internet connection. It's just sending packets and TCP encryption, so it's not spending much bandwidth. If the internet connection is smooth, the performance will be fine.

InsightIDR can work with any size of business. It's easy to scale because it is on the cloud platform. It depends on the customer and the number of endpoints that they need to manage. 

I have contacted Rapid7 support but not for InsightIDR. It is with for another product of theirs. I think their support is good. The support team helped us run diagnostic tests and walked us through everything until the case was resolved.

I have experience with other SIEM tools as well. Last time, I used LogRhythm company for security intelligence. LogRhythm has two options for the deployment — on-prem and cloud— so customers have a choice when they are looking to invest with SIEM solution. Rapid7 does not have the same option. But with LogRhythm, we would have to pay hardware maintenance as it is an on-prem product.

The initial setup it's straightforward, and it's not complex to deploy or configure. Because it is a cloud product and cloud platform, we just have to start it up and integrate with the local collector. After that, we do the customization. Currently, we provide installation and support for customers who subscribe to Rapid7 InsightIDR.

InsightIDR is quite expensive. But with on-prem solutions, you need to wait for delivery then spend more money on maintenance and hardware. So any customer who understands cloud applications knows they just need to buy the license for the year. Then they can use it, and it's not hard to manage.

I rate InsightIDR eight out of a 10.  I would recommend it for a customer who isn't dead-set on an on-prem deployment. They can subscribe to Rapid7 because it is more valuable and delivers a greater return on investment. The initial setup is quick. There's no need to pay for hardware and it's easy to scale. Rapid7 InsightIDR integrates well with other solutions. It's also easy to configure because Rapid7 InsightIDR has a lot of instructions posted on their website that customers can follow if they need to get the source log. With other products, you might need to contact a consultant certified by the vendor to do the integration.