Rapid7 InsightIDR Reviews

The following are our main use cases for InsightIDR:

• Log correlation and searching, as well as alerting;
• IDR Vulnerability management;
• IVM;
• Incident response;
• Breach detection.

The tool has improved my organization by:

• Building a security alerting program;
• IDR-driven improved patching;
• Implementing IVM.

The alerting to drive investigations and remediation has been its most valuable feature. Plus the ability to quickly search multiple logs makes investigations easier. Log correlation and alerting are also helpful.

It gives us one place to have everything easily accessible and the ability to alert (including customisation of alerts).

Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition.

While we have encountered stability issues, these are resource intensive systems so additional hardware solved this problem.

There have been no scalability issues. It's easy to add servers.

The technical support can be considered competent. However, they can be slow to discover solutions to tricky problems.

We did not previously use a different solution.

Very simple. Spin up a couple of servers, create all the log connectors and you are up and running. The setup was complete within days and we had alerts being generated straight away.

We did the installation without any technical help. The configuration was performed by non-technical staff.

The pricing and licensing are competitive. Licensing is simple and straightforward.

We did not evaluate any other solution in the market.

You should use it to drive change within your IT from a security point of view. Run a PoC and see exactly what it can do for you. The simple setup means it will be running in no time and you will get meaningful alerts straight away.

We are distributors and sell this product to our customers. I'm a security consultant. 

The features for user behavior analytics and the rules for attack review are valuable. I also like the honeypot feature. It's easy to integrate and collect data from other solutions. 

I'd like to see a better ability to customize the check within the console. Rules can be customized better if the integration is improved. They now have integration with CrowdStrike so maybe they could have some kind of integration with Microsoft.

I've been using this solution for a year. 

The solution is stable.

This is a cloud-based product so it's scalable.

The technical support could be improved. We've had times when our requests get stuck with the engineering team and we sometimes don't get a response. That's a problem for us. 

Neutral

All Rapid7 solutions are easy to deploy because if you have any one of the products, the integrations between these products become easier because they have a lot of the important things within a single port. You get a single platform to visualize a lot of different kinds of data.

The pricing is very competitive because the licensing model that we use is based on endpoints which is different from most other solutions.

This solution is suited to all sizes of organizations. We generally deal with small and medium-sized companies.  

I rate this solution eight out of 10. 

Rapid7's reporting is more robust than Tenable's. 

Tenable Nessus is easier to deal with. It's more efficient and accurate. InsightIDR is heavier than Tenable in terms of performance and scanning. Rapid7 would be much easier to use if it had a network connector like Tenable. Tenable's connector allows continuous monitoring over the B caps.

I worked with InsightIDR for about two years, but I switched to Tenable Nessus around two months ago.

Rapid7's customer support is awful. They didn't respond at all. Tenable's support is always available. I didn't have to visit the customer every time they wanted to perform a scan.

InsightIDR is easy to install, but the components inside are a bit complicated. Tenable was much easier.

I rate Rapid7 InsightIDR seven out of 10. 

I use it to track events on our infrastructure to help with secure access and detection. We have many firewalls and antivirus DHCP (The Dynamic Host Configuration Protocol) DNS (Domain Name System), logs of Office 365, et cetera. We use this software to monitor and track our traffic and usage by creating logs.  

The most valuable features have to do with ease-of-use. It is easy to check the events, investigate suspicious activities, and do forensic analysis. The web interface is great — very useful and user-friendly.  

The only thing I can think of to improve the product is that the interface for doing investigation needs to be enhanced. For example, we can add notes through the interface, but we can not attach files to the investigation. It would be a useful addition. It would give us more flexibility to resolve more complicated situations. 

I have been using this solution for about six months.  

This solution is stable. Because it is a software as a service product, when any bugs appear, the manufacturer can correct the problems quickly and deploy the solutions immediately. This is better than other solutions on-premises that we would need to install an upgrade to resolve any bugs or other issues.  

Because this is a software as a service solution, the provider manages the scalability. It has never been an issue from our end.  

The setup for the product was straightforward.  

Although we did do the deployments by ourselves, we did it with some support from the provider, but it was easy to deploy.  

On a scale from one to ten where one is the worst and ten is the best, I would rate this product as a nine-out-of-ten. It is very good but it could be better with a few details that would improve the utility of the investigations interface.  

We primarily use the solution for a combination of log management as well as threat detection.

The ease of use of the solution is excellent.

The individual setup is great. You can set it up and get it going in a short amount of time.

They have one agent for Insight where, basically, we can also install agents on Linux and Windows Servers as well as the endpoints. This agent provides for more capabilities in terms of threat detection. Normally, SIEM is more centered around log management and data mining. It's nice to have this extra layer. 

If you look at the agent part, the Insight agent, which is an optional component of InsightIDR, that agent also helps us to detect more threats, due to the fact that the endpoints are also vulnerable to a lot of security breaches. 

If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities.

Earlier they didn't have a network flow capture product, so they were not able to capture the network flows. We were able to capture the logs but not the network flows. Now, they have acquired a company called NetFort, and now they are also using the capture network flows. This was one of the shortcomings of the product which they have now rectified after acquisition of the company.

Cloud risk assessment is one area where I think they need a lot of improvement.

The solution should have a CIS Benchmark in terms of, I would say, config change detection.

I've been using the solution for about one year.

Since it is on cloud, so we need to just provision the collectors, which is like a sensor that captures logs on-premise and sends it to their cloud, the metadata. We are able to scale more. The scalability is high. There is no issue related to redundancy or high availability. Since it is on cloud, it is taken care of from their data center.

The solution is more suited towards larger enterprises, and not really ideal for smaller companies.

The technical support is good. They follow and adhere to their SLA terms. Based on the customer's needs, they can go with a higher level of support. Based on their standard support, they adhere to whatever is their SLA terms are and they are typically good enough. There's no complaints of any lag in service. They do a good job.

I've used other products such as QRadar and other SIEM solutions and I find this solution is much more simplified and user-friendly. Their DNA is also really in security, which they can feed quite effectively into their SIEM. They understand security far better than other OEMs.

The initial setup is not complex. It's straightforward. Deployment takes less than two weeks. It is based on the customer's environment, however, on average, you can assume it will take one to two weeks. You only need about two to three people to handle the deployment.

We're an integrator for Rapid7. We handle deployments for our customers.

If you look at any other SIEM solution, the license is based on events per second or EPS based licensing. Here, the licensing is the number of assets, and the number of days the log would be retained on their cloud. That is one of the huge differences between this solution and the competition.

We are solution partners.

The solution has a console with everything on the cloud, however, only the centers, the log collectors, are on-premise. This solution is actually cloud-based.

People who want a solution, a very simplified and easy to start, and then they want to start immediately on a solution with fewer complications, so those would be the right customers. You can say SME, mid and large actually, but I think mid and large enterprises would be the right fitment.

I would recommend the solution. Rapid7's professional services, including their planning, architecture, deployment, et cetera is up to the mark. I would recommend having a few workdays, in the initial planning stage, maybe for assessment of the solution and to take some time to understand everything before beginning. New users should reach out to their Rapid7 professional services for the planning portion of the implementation process.

I would rate the solution eight out of ten.

We use this solution to develop our business and we also provide it to some of our customers. The primary use case is for security information and event management, monitoring and acting on any event. 

The solution is very intuitive, it's easy to set up, is absolutely stable, and has a lot of integration with other security products.

I'd like to see a mobile application included and some feature related to the generality of segregation for internal users that access the application.

This solution is absolutely stable. 

This solution is scalable. 

The technical support is very good and respond quickly when there is a problem.

The initial setup is reasonably straightforward, it takes a few hours. We've deployed it for 10 different clients and we have several engineers and eight certified technical staff that carry out implementation. 

You can scale the license as needed. It's really easy to update and upgrade.

The solution is used as a platform for a better understanding of the Intelligence products that different vendors sell. 

Rapid7 is easy to use and deploy. It is a simple solution and has easy data pulling. 

The APIs can be further improved in Rapid7. 

I have been using Rapid7 InsightIDR for two months. 

It is stable solution. 

It is a scalable solution. Presently, there are only small businesses working with the solution. 

The technical support team is good. 

The initial setup is easy. The deployment took only half an hour. It's just a cloud platform. You just have to deploy a connector like Select Pro, and it will set the data from the on-premise. It will send it to the cloud platform, and you can have it installed in five to ten minutes.

The pricing of the solution depends on the user. But there is a yearly licensing cost. 

It is a good solution but just has some API issues. I rate the solution an eight out of ten. 

We use this solution for monitoring intrusion detection and prevention.

The most valuable feature is monitoring.

The dashboard is an area that could be simplified.  For management, it should be clear and the files should be there.

I have only recently started using this solution. It's been a couple of months.

I believe that we are using th latest version.

It is very stable.

It's a scalable solution. We have more than 1,000 users and we plan to continue using it.

We have not had the need to contact technical support.

Previously, we were using another solution. We changed because the price was completely suitable.

The initial setup was straightforward. It was simple.

We have a team of four to deploy and maintain this solution.

It is a reasonably priced solution.

I am not able to recommend this solution at this time. I don't know it well enough yet. Similarly, it is difficult to say at this time what needs to be improved. We need more time to explore.

I would rate this solution a seven out of ten, only because I have recently started using it.