Normally, we use the solution as an event viewer to collect and resume cases and playbooks.
Coordinator & Teacher at Pahldata
A stable solution that works well for playbooks and viewing events
Pros and Cons
- "The solution is very stable and works very well for what I need it to do."
- "The main problem lies in the processes within the client's operating systems."
What is our primary use case?
What needs improvement?
The main problem lies in the processes within the client's operating systems. XDR is superior to CMs. Observing how the processes function within the machine is essential if you are monitoring the client or servers, and not only the event with the first or second line but the third line is most important.
For how long have I used the solution?
I've been familiar with the solution for six months.
What do I think about the stability of the solution?
The solution is very stable and works very well for what I need it to do. The solution is completely different in an experienced environment and a real environment.
Buyer's Guide
Rapid7 InsightIDR
November 2024
Learn what your peers think about Rapid7 InsightIDR. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
817,354 professionals have used our research since 2012.
Which solution did I use previously and why did I switch?
I have worked with Wazuh before, but only to try it. Wazuh is more or less the same as Rapid7 InsightIDR.
What other advice do I have?
I rate Rapid7 InsightIDR an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
System Engineer at Starlabs Limited
It provides excellent visibility a fast response
Pros and Cons
- "InsightIDR helps us investigate an environment to discover information about incidents."
- "InsightIDR's integration with other solutions could be improved. Also, I'd like more control from the portal over what's happening on the endpoint side. For example, when I see an attack on an endpoint, I want to be able to stop it from the portal."
What is our primary use case?
We provide InsightIDR for our banking and ICT clients.
What is most valuable?
InsightIDR helps us investigate an environment to discover information about incidents.
What needs improvement?
InsightIDR's integration with other solutions could be improved. Also, I'd like more control from the portal over what's happening on the endpoint side. For example, when I see an attack on an endpoint, I want to be able to stop it from the portal.
For how long have I used the solution?
I have used InsightIDR for four years.
What do I think about the stability of the solution?
I rate InsightIDR 10 out of 10 for stability.
What do I think about the scalability of the solution?
I rate InsightIDR six out of 10 for scalability. The licensing model limits the scalability. The licenses are defined based on assets, so you have to purchase more licenses as you add assets. It's suitable for a small or medium-sized company. We have about 250 users.
How are customer service and support?
I rate Rapid7 support nine out of 10.
How would you rate customer service and support?
Positive
How was the initial setup?
I rate InsightIDR eight out of 10 for ease of setup. It takes about seven working days to deploy. We install a connector on the LAN, which links up to the cloud and becomes one of your event sources. Next, you need to integrate everything with the console.
What's my experience with pricing, setup cost, and licensing?
I rate InsightIDR six out of 10 for affordability. It isn't the cheapest solution I've seen, but it offers a greater value than less expensive competitors.
What other advice do I have?
I rate InsightIDR eight out of 10. It's worth a try. InsightIDR provides excellent visibility and threats. The network detection is fast, so you get alerts as soon as something happens.
Disclosure: My company has a business relationship with this vendor other than being a customer:
Buyer's Guide
Rapid7 InsightIDR
November 2024
Learn what your peers think about Rapid7 InsightIDR. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
817,354 professionals have used our research since 2012.
Database Administrator with 501-1,000 employees
User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day
Pros and Cons
- "User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day."
- "Log search allows us to dive deep into aggregated logs and query all event types at once."
- "The log aggregation and storage provided by InsightIDR has shown no issues with scalability; aggregating over one hundred millions events daily."
- "InsightIDR has allowed us to find potential security issues that we did not know existed, and get remediation quickly."
- "It would be useful to import threat intelligence in YARA format along with known incorrect email addresses."
What is our primary use case?
- Security incident
- Event management
How has it helped my organization?
InsightIDR has allowed us to find potential security issues that we did not know existed, and get remediation quickly.
What is most valuable?
- User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day.
- Log search allows us to dive deep into aggregated logs and query all event types at once.
What needs improvement?
Threat Intelligence: It would be useful to import threat intelligence in YARA format along with known incorrect email addresses.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
During the entire duration of use, there have been no issues noted with stability.
What do I think about the scalability of the solution?
The log aggregation and storage provided by InsightIDR has shown no issues with scalability; aggregating over one hundred millions events daily. The only constriction point in deployment is the collectors as they are required for agentless logging. However, keeping with the documentation provided for deployment, it handles the load appropriately if the documentation is adhered to.
How are customer service and technical support?
Among the best! Their support responds promptly. They fully resolve issues before closing tickets.
Which solution did I use previously and why did I switch?
We did not use a previous solution.
How was the initial setup?
The initial setup is quite straightforward and can be accomplished from their Quick Start Guide. As the platform is quite adaptable, it can continue to be expanded to add many different log types, which you may find to be a continuous process.
What's my experience with pricing, setup cost, and licensing?
Accurately predict your licensing counts as this is a subscription based product.
Which other solutions did I evaluate?
We evaluated FireEye Helix, LogRhythm, Splunk, and IBM QRadar.
What other advice do I have?
The product is a shift in paradigm being cloud-based with cloud storage. Be prepared to set up several virtual collector servers within your network, if you have a large network.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Pre-Sale Consultant at Yip In Tsoi Co., LTD.
Initial setup is quick, there is no need to pay for hardware, and it's easy to scale
Pros and Cons
- "Rapid7 InsightIDR integrates well with other solutions. It's also easy to configure because Rapid7 InsightIDR has a lot of instructions posted on their website that customers can follow if they need to get the source log."
- "InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment."
What is our primary use case?
The main use case for InsightIDR is to investigate threat activity that can compromise the internal customer environment. We can track a threat from the first attempt or breach. Then we can investigate the threat from start to finish.
What is most valuable?
InsightIDR's dashboard shows you live activity from the threat.
What needs improvement?
InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment. So it's a challenge to get the customer to see the benefits of a cloud-based product in terms of ROI. If they switch to a cloud application, they won't have to pay for hardware maintenance or inventory. So with the next update, the customers want to see how it applies to their environment and its advantages over on-premise solutions.
For how long have I used the solution?
We've been using InsightIDR for two years.
What do I think about the stability of the solution?
InsightIDR runs on the cloud and communicates with the log collector on a local computer, so performance depends on the internet connection. It's just sending packets and TCP encryption, so it's not spending much bandwidth. If the internet connection is smooth, the performance will be fine.
What do I think about the scalability of the solution?
InsightIDR can work with any size of business. It's easy to scale because it is on the cloud platform. It depends on the customer and the number of endpoints that they need to manage.
How are customer service and support?
I have contacted Rapid7 support but not for InsightIDR. It is with for another product of theirs. I think their support is good. The support team helped us run diagnostic tests and walked us through everything until the case was resolved.
Which solution did I use previously and why did I switch?
I have experience with other SIEM tools as well. Last time, I used LogRhythm company for security intelligence. LogRhythm has two options for the deployment — on-prem and cloud— so customers have a choice when they are looking to invest with SIEM solution. Rapid7 does not have the same option. But with LogRhythm, we would have to pay hardware maintenance as it is an on-prem product.
How was the initial setup?
The initial setup it's straightforward, and it's not complex to deploy or configure. Because it is a cloud product and cloud platform, we just have to start it up and integrate with the local collector. After that, we do the customization. Currently, we provide installation and support for customers who subscribe to Rapid7 InsightIDR.
What's my experience with pricing, setup cost, and licensing?
InsightIDR is quite expensive. But with on-prem solutions, you need to wait for delivery then spend more money on maintenance and hardware. So any customer who understands cloud applications knows they just need to buy the license for the year. Then they can use it, and it's not hard to manage.
What other advice do I have?
I rate InsightIDR eight out of a 10. I would recommend it for a customer who isn't dead-set on an on-prem deployment. They can subscribe to Rapid7 because it is more valuable and delivers a greater return on investment. The initial setup is quick. There's no need to pay for hardware and it's easy to scale. Rapid7 InsightIDR integrates well with other solutions. It's also easy to configure because Rapid7 InsightIDR has a lot of instructions posted on their website that customers can follow if they need to get the source log. With other products, you might need to contact a consultant certified by the vendor to do the integration.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Head of Infrastructure at Pearl Data Direct
Great UEB feature, simple configuration that automatically syncs to the cloud platform
Pros and Cons
- "Simple configuration and automatically syncs to the cloud platform."
- "Inability to get access to compliance reports within the solution."
What is our primary use case?
We're using Rapid7 as our SIEM. I'm the head of infrastructure and we are customers of Rapid7.
What is most valuable?
There are numerous valuable features in this solution. Since it's cloud-based, the configuration is very simple, the collector will automatically sync to the cloud platform. The UEB, the User, Entity, and Behavioral Analytics, has helped us a lot. If there's a slight change in user behavior such as login patterns, my SOX is now able to detect it immediately.
What needs improvement?
I'd like to be able to get the compliance report within the solution which is currently not possible. For example, the P-Series was around 77001 compliance report of your SIEM solution. That option is unfortunately not available.
For how long have I used the solution?
I've been using this solution for about 10 months.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
Given that this is a cloud solution there are no limits to scalability. The company is constantly evaluating and evolving and that's reflected in the product.
How are customer service and technical support?
We have two levels of support. They have a local presence and help us a lot although response times could be improved. The community is also very powerful, and the documentation is commendable.
How was the initial setup?
The initial setup was very easy, it took us only 24 hours to set up around 1000 assets. Implementation was carried out in-house.
What's my experience with pricing, setup cost, and licensing?
Licensing costs are based on a subscription model. The solution is very cost-effective because they are not charging based on the EPS but on the number of assets.
What other advice do I have?
The solution suits any size company, whether small, medium, or enterprise, it's a very good fit for all devices. The only drawback, for now, is the intel feeds which don't support any TAXII or STIX feeds so they need to be done manually.
I rate the solution eight out of 10.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Manager
It improved my organization by building a security alerting program
Pros and Cons
- "The alerting to drive investigations and remediation has been its most valuable feature."
- "It improved my organization by building a security alerting program."
- "Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."
What is our primary use case?
The following are our main use cases for InsightIDR:
- Log correlation and searching, as well as alerting;
- IDR Vulnerability management;
- IVM;
- Incident response;
- Breach detection.
How has it helped my organization?
The tool has improved my organization by:
- Building a security alerting program;
- IDR-driven improved patching;
- Implementing IVM.
What is most valuable?
The alerting to drive investigations and remediation has been its most valuable feature. Plus the ability to quickly search multiple logs makes investigations easier. Log correlation and alerting are also helpful.
It gives us one place to have everything easily accessible and the ability to alert (including customisation of alerts).
What needs improvement?
Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
While we have encountered stability issues, these are resource intensive systems so additional hardware solved this problem.
What do I think about the scalability of the solution?
There have been no scalability issues. It's easy to add servers.
How are customer service and technical support?
The technical support can be considered competent. However, they can be slow to discover solutions to tricky problems.
Which solution did I use previously and why did I switch?
We did not previously use a different solution.
How was the initial setup?
Very simple. Spin up a couple of servers, create all the log connectors and you are up and running. The setup was complete within days and we had alerts being generated straight away.
What about the implementation team?
We did the installation without any technical help. The configuration was performed by non-technical staff.
What's my experience with pricing, setup cost, and licensing?
The pricing and licensing are competitive. Licensing is simple and straightforward.
Which other solutions did I evaluate?
We did not evaluate any other solution in the market.
What other advice do I have?
You should use it to drive change within your IT from a security point of view. Run a PoC and see exactly what it can do for you. The simple setup means it will be running in no time and you will get meaningful alerts straight away.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Officer at a tech vendor with 201-500 employees
Enables the use of honey pots, honey users, and honey files to monitor for suspicious patterns
Pros and Cons
- "Intelligent alerting to avoid the common problem of alert fatigue associated with traditional SIEMs."
- "Great coverage of all systems within our network from endpoint to firewall."
- "Integration with threat modeling from the Metasploit and InsightIDR repositories."
- "Enables the use of honey pots, honey users, and honey files to monitor for suspicious patterns."
- "One thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not."
What is our primary use case?
It is used to maintain our security posture by monitoring inside our network for behavior likely to be conducive with elements of the kill chain.
I was an early adopter of the product. I have seen it get better over time, making use of the data and methodologies used by the industry standard and Rapid7 Metasploit community.
How has it helped my organization?
We were able to identify criminals attempting to login from China and put a stop on their IP locations.
What is most valuable?
- Intelligent alerting to avoid the common problem of alert fatigue associated with traditional SIEMs.
- Great coverage of all systems within our network from endpoint to firewall.
- Integration with threat modeling from the Metasploit and InsightIDR repositories.
- Enables the use of honey pots, honey users, and honey files to monitor for suspicious patterns.
It gives all the advantages of a SIEM. However, using clever AI, it looks for patterns of behavior rather than just flooding me with all the alerts.
What needs improvement?
Although the solution has been improving continually in the time I have been using it, there could be areas of improvement.
The one thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
None at all. Even as an early adopter, there were no significant issues with stability. Due to the continual improvement, I do not recall the last issue that I had with the system.
What do I think about the scalability of the solution?
We are only a small PLC with 300 staff over six sites and two continents, so scalability has never been a major concern. However, the InsightIDR system looks to be scalable, if required.
How are customer service and technical support?
Technical support is excellent both technically, timely, and professional throughout any incident or enhancement request.
Which solution did I use previously and why did I switch?
This was our first look at a security as a single entity. After creating a threat register, we were able to mitigate over two-thirds of the threats with this one product.
How was the initial setup?
It is very simple. It is a case of requesting a trial from Rapid7, then connecting the relevant logging devices, such as our AD servers or DNS servers to it and sitting back.
Obviously, there is more to it than that, but that is the principle.
What's my experience with pricing, setup cost, and licensing?
I am sure that there are cheaper products out there, but none that meet so many of our needs whilst maintaining stability and usability.
Which other solutions did I evaluate?
At the time, there was no other product that came close to InsightIDR feature set coupled with Rapid7's world leading security position producing other products, such as Metasploit and Nexpose (InsiteVR), which we also use.
What other advice do I have?
Use it. The setup is minimal, but the payback is phenomenal.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Security Consultant at a comms service provider with 51-200 employees
Great user behavior analytics feature; easy to integrate and collect data from other solutions
Pros and Cons
- "Features for user behavior analytics and the rules for attack review are good."
- "Needs a better ability to customize the check within the console."
What is our primary use case?
We are distributors and sell this product to our customers. I'm a security consultant.
What is most valuable?
The features for user behavior analytics and the rules for attack review are valuable. I also like the honeypot feature. It's easy to integrate and collect data from other solutions.
What needs improvement?
I'd like to see a better ability to customize the check within the console. Rules can be customized better if the integration is improved. They now have integration with CrowdStrike so maybe they could have some kind of integration with Microsoft.
For how long have I used the solution?
I've been using this solution for a year.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
This is a cloud-based product so it's scalable.
How are customer service and support?
The technical support could be improved. We've had times when our requests get stuck with the engineering team and we sometimes don't get a response. That's a problem for us.
How would you rate customer service and support?
Neutral
How was the initial setup?
All Rapid7 solutions are easy to deploy because if you have any one of the products, the integrations between these products become easier because they have a lot of the important things within a single port. You get a single platform to visualize a lot of different kinds of data.
What's my experience with pricing, setup cost, and licensing?
The pricing is very competitive because the licensing model that we use is based on endpoints which is different from most other solutions.
What other advice do I have?
This solution is suited to all sizes of organizations. We generally deal with small and medium-sized companies.
I rate this solution eight out of 10.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Buyer's Guide
Download our free Rapid7 InsightIDR Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Security Information and Event Management (SIEM) User Entity Behavior Analytics (UEBA) Endpoint Detection and Response (EDR) Threat Deception Platforms Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Splunk Enterprise Security
Microsoft Sentinel
IBM Security QRadar
Elastic Security
LogRhythm SIEM
Sumo Logic Security
Fortinet FortiSIEM
AlienVault OSSIM
Securonix Next-Gen SIEM
USM Anywhere
Exabeam
Buyer's Guide
Download our free Rapid7 InsightIDR Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What SOC product do you recommend?
- Is Rapid7 InsightIDR the right choice to be used in SOC?
- What is the difference between IDR and EDR?
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- What Questions Should I Ask Before Buying SIEM?