Rapid7 InsightIDR Reviews

The main use case for InsightIDR is to investigate threat activity that can compromise the internal customer environment. We can track a threat from the first attempt or breach. Then we can investigate the threat from start to finish. 

InsightIDR's dashboard shows you live activity from the threat. 

InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment. So it's a challenge to get the customer to see the benefits of a cloud-based product in terms of ROI. If they switch to a cloud application, they won't have to pay for hardware maintenance or inventory. So with the next update, the customers want to see how it applies to their environment and its advantages over on-premise solutions. 

We've been using InsightIDR for two years.

InsightIDR runs on the cloud and communicates with the log collector on a local computer, so performance depends on the internet connection. It's just sending packets and TCP encryption, so it's not spending much bandwidth. If the internet connection is smooth, the performance will be fine.

InsightIDR can work with any size of business. It's easy to scale because it is on the cloud platform. It depends on the customer and the number of endpoints that they need to manage. 

I have contacted Rapid7 support but not for InsightIDR. It is with for another product of theirs. I think their support is good. The support team helped us run diagnostic tests and walked us through everything until the case was resolved.

I have experience with other SIEM tools as well. Last time, I used LogRhythm company for security intelligence. LogRhythm has two options for the deployment — on-prem and cloud— so customers have a choice when they are looking to invest with SIEM solution. Rapid7 does not have the same option. But with LogRhythm, we would have to pay hardware maintenance as it is an on-prem product.

The initial setup it's straightforward, and it's not complex to deploy or configure. Because it is a cloud product and cloud platform, we just have to start it up and integrate with the local collector. After that, we do the customization. Currently, we provide installation and support for customers who subscribe to Rapid7 InsightIDR.

InsightIDR is quite expensive. But with on-prem solutions, you need to wait for delivery then spend more money on maintenance and hardware. So any customer who understands cloud applications knows they just need to buy the license for the year. Then they can use it, and it's not hard to manage.

I rate InsightIDR eight out of a 10.  I would recommend it for a customer who isn't dead-set on an on-prem deployment. They can subscribe to Rapid7 because it is more valuable and delivers a greater return on investment. The initial setup is quick. There's no need to pay for hardware and it's easy to scale. Rapid7 InsightIDR integrates well with other solutions. It's also easy to configure because Rapid7 InsightIDR has a lot of instructions posted on their website that customers can follow if they need to get the source log. With other products, you might need to contact a consultant certified by the vendor to do the integration. 

I use the solution for its SIEM functionalities, log analysis, and behavioral analysis.

The solution is easy to use, and the interface is intuitive.

Currently, it lacks the functionalities provided by Rapid7's User Behavior Analytics (UBA). So, User Behavior Analytics (UBA) should be added in the new release.

I have been using the solution for two years. My company has a partnership with Rapid7.

It is a stable solution. My customers are happy to use it.

I do not have any plans to expand the usage of the solution. Currently, one hundred people are using the solution.

I have not used the technical support.

Previously, I used IBM.

I was not involved in the initial setup as I am not an engineer.

The pricing is good, and it is not very expensive.

I rate the overall solution a nine out of ten.

We provide InsightIDR for our banking and ICT clients. 

InsightIDR helps us investigate an environment to discover information about incidents. 

InsightIDR's integration with other solutions could be improved. Also, I'd like more control from the portal over what's happening on the endpoint side. For example, when I see an attack on an endpoint, I want to be able to stop it from the portal. 

I have used InsightIDR for four years. 

I rate InsightIDR 10 out of 10 for stability. 

I rate InsightIDR six out of 10 for scalability. The licensing model limits the scalability. The licenses are defined based on assets, so you have to purchase more licenses as you add assets. It's suitable for a small or medium-sized company. We have about 250 users. 

I rate Rapid7 support nine out of 10.

Positive

I rate InsightIDR eight out of 10 for ease of setup. It takes about seven working days to deploy. We install a connector on the LAN, which links up to the cloud and becomes one of your event sources. Next, you need to integrate everything with the console.

I rate InsightIDR six out of 10 for affordability. It isn't the cheapest solution I've seen, but it offers a greater value than less expensive competitors. 

I rate InsightIDR eight out of 10. It's worth a try. InsightIDR provides excellent visibility and threats. The network detection is fast, so you get alerts as soon as something happens. 

We're using Rapid7 as our SIEM. I'm the head of infrastructure and we are customers of Rapid7.

There are numerous valuable features in this solution. Since it's cloud-based, the configuration is very simple, the collector will automatically sync to the cloud platform. The UEB, the User, Entity, and Behavioral Analytics, has helped us a lot. If there's a slight change in user behavior such as login patterns, my SOX is now able to detect it immediately.

I'd like to be able to get the compliance report within the solution which is currently not possible. For example, the P-Series was around 77001 compliance report of your SIEM solution. That option is unfortunately not available. 

I've been using this solution for about 10 months. 

The solution is stable. 

Given that this is a cloud solution there are no limits to scalability. The company is constantly evaluating and evolving and that's reflected in the product.

We have two levels of support. They have a local presence and help us a lot although response times could be improved. The community is also very powerful, and the documentation is commendable.

The initial setup was very easy, it took us only 24 hours to set up around 1000 assets. Implementation was carried out in-house.

Licensing costs are based on a subscription model. The solution is very cost-effective because they are not charging based on the EPS but on the number of assets.

The solution suits any size company, whether small, medium, or enterprise, it's a very good fit for all devices. The only drawback, for now, is the intel feeds which don't support any TAXII or STIX feeds so they need to be done manually. 

I rate the solution eight out of 10. 

• Security incident
• Event management

InsightIDR has allowed us to find potential security issues that we did not know existed, and get remediation quickly.

• User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day. 
• Log search allows us to dive deep into aggregated logs and query all event types at once.

Threat Intelligence: It would be useful to import threat intelligence in YARA format along with known incorrect email addresses.

During the entire duration of use, there have been no issues noted with stability.

The log aggregation and storage provided by InsightIDR has shown no issues with scalability; aggregating over one hundred millions events daily. The only constriction point in deployment is the collectors as they are required for agentless logging. However, keeping with the documentation provided for deployment, it handles the load appropriately if the documentation is adhered to.

Among the best! Their support responds promptly. They fully resolve issues before closing tickets.

We did not use a previous solution.

The initial setup is quite straightforward and can be accomplished from their Quick Start Guide. As the platform is quite adaptable, it can continue to be expanded to add many different log types, which you may find to be a continuous process.

Accurately predict your licensing counts as this is a subscription based product.

We evaluated FireEye Helix, LogRhythm, Splunk, and IBM QRadar.

The product is a shift in paradigm being cloud-based with cloud storage. Be prepared to set up several virtual collector servers within your network, if you have a large network.

The following are our main use cases for InsightIDR:

• Log correlation and searching, as well as alerting;
• IDR Vulnerability management;
• IVM;
• Incident response;
• Breach detection.

The tool has improved my organization by:

• Building a security alerting program;
• IDR-driven improved patching;
• Implementing IVM.

The alerting to drive investigations and remediation has been its most valuable feature. Plus the ability to quickly search multiple logs makes investigations easier. Log correlation and alerting are also helpful.

It gives us one place to have everything easily accessible and the ability to alert (including customisation of alerts).

Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition.

While we have encountered stability issues, these are resource intensive systems so additional hardware solved this problem.

There have been no scalability issues. It's easy to add servers.

The technical support can be considered competent. However, they can be slow to discover solutions to tricky problems.

We did not previously use a different solution.

Very simple. Spin up a couple of servers, create all the log connectors and you are up and running. The setup was complete within days and we had alerts being generated straight away.

We did the installation without any technical help. The configuration was performed by non-technical staff.

The pricing and licensing are competitive. Licensing is simple and straightforward.

We did not evaluate any other solution in the market.

You should use it to drive change within your IT from a security point of view. Run a PoC and see exactly what it can do for you. The simple setup means it will be running in no time and you will get meaningful alerts straight away.

It is used to maintain our security posture by monitoring inside our network for behavior likely to be conducive with elements of the kill chain.

I was an early adopter of the product. I have seen it get better over time, making use of the data and methodologies used by the industry standard and Rapid7 Metasploit community.

We were able to identify criminals attempting to login from China and put a stop on their IP locations.

• Intelligent alerting to avoid the common problem of alert fatigue associated with traditional SIEMs.
• Great coverage of all systems within our network from endpoint to firewall.
• Integration with threat modeling from the Metasploit and InsightIDR repositories.
• Enables the use of honey pots, honey users, and honey files to monitor for suspicious patterns.

It gives all the advantages of a SIEM. However, using clever AI, it looks for patterns of behavior rather than just flooding me with all the alerts.

Although the solution has been improving continually in the time I have been using it, there could be areas of improvement. 

The one thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not.

None at all. Even as an early adopter, there were no significant issues with stability. Due to the continual improvement, I do not recall the last issue that I had with the system.

We are only a small PLC with 300 staff over six sites and two continents, so scalability has never been a major concern. However, the InsightIDR system looks to be scalable, if required.

Technical support is excellent both technically, timely, and professional throughout any incident or enhancement request.

This was our first look at a security as a single entity. After creating a threat register, we were able to mitigate over two-thirds of the threats with this one product.

It is very simple. It is a case of requesting a trial from Rapid7, then connecting the relevant logging devices, such as our AD servers or DNS servers to it and sitting back. 

Obviously, there is more to it than that, but that is the principle.

I am sure that there are cheaper products out there, but none that meet so many of our needs whilst maintaining stability and usability.

At the time, there was no other product that came close to InsightIDR feature set coupled with Rapid7's world leading security position producing other products, such as Metasploit and Nexpose (InsiteVR), which we also use.

Use it. The setup is minimal, but the payback is phenomenal.

We are distributors and sell this product to our customers. I'm a security consultant. 

The features for user behavior analytics and the rules for attack review are valuable. I also like the honeypot feature. It's easy to integrate and collect data from other solutions. 

I'd like to see a better ability to customize the check within the console. Rules can be customized better if the integration is improved. They now have integration with CrowdStrike so maybe they could have some kind of integration with Microsoft.

I've been using this solution for a year. 

The solution is stable.

This is a cloud-based product so it's scalable.

The technical support could be improved. We've had times when our requests get stuck with the engineering team and we sometimes don't get a response. That's a problem for us. 

Neutral

All Rapid7 solutions are easy to deploy because if you have any one of the products, the integrations between these products become easier because they have a lot of the important things within a single port. You get a single platform to visualize a lot of different kinds of data.

The pricing is very competitive because the licensing model that we use is based on endpoints which is different from most other solutions.

This solution is suited to all sizes of organizations. We generally deal with small and medium-sized companies.  

I rate this solution eight out of 10.