I use it to track events on our infrastructure to help with secure access and detection. We have many firewalls and antivirus DHCP (The Dynamic Host Configuration Protocol) DNS (Domain Name System), logs of Office 365, et cetera. We use this software to monitor and track our traffic and usage by creating logs.
IT Engineer Security Operation Team at a tech services company with 201-500 employees
An effective tool for identifying threats to a network infrastructure
Pros and Cons
- "The web interface is great — very useful and user-friendly."
- "The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."
What is our primary use case?
What is most valuable?
The most valuable features have to do with ease-of-use. It is easy to check the events, investigate suspicious activities, and do forensic analysis. The web interface is great — very useful and user-friendly.
What needs improvement?
The only thing I can think of to improve the product is that the interface for doing investigation needs to be enhanced. For example, we can add notes through the interface, but we can not attach files to the investigation. It would be a useful addition. It would give us more flexibility to resolve more complicated situations.
For how long have I used the solution?
I have been using this solution for about six months.
Buyer's Guide
Rapid7 InsightIDR
October 2024
Learn what your peers think about Rapid7 InsightIDR. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
What do I think about the stability of the solution?
This solution is stable. Because it is a software as a service product, when any bugs appear, the manufacturer can correct the problems quickly and deploy the solutions immediately. This is better than other solutions on-premises that we would need to install an upgrade to resolve any bugs or other issues.
What do I think about the scalability of the solution?
Because this is a software as a service solution, the provider manages the scalability. It has never been an issue from our end.
How was the initial setup?
The setup for the product was straightforward.
What about the implementation team?
Although we did do the deployments by ourselves, we did it with some support from the provider, but it was easy to deploy.
What other advice do I have?
On a scale from one to ten where one is the worst and ten is the best, I would rate this product as a nine-out-of-ten. It is very good but it could be better with a few details that would improve the utility of the investigations interface.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Support Engineer at a tech services company with 51-200 employees
Lets you simplify threat detection and has a fast deployment
Pros and Cons
- "Rapid7 is easy to use and deploy. It is a simple solution and has easy data pulling."
- "The APIs can be further improved in Rapid7."
What is our primary use case?
The solution is used as a platform for a better understanding of the Intelligence products that different vendors sell.
What is most valuable?
Rapid7 is easy to use and deploy. It is a simple solution and has easy data pulling.
What needs improvement?
The APIs can be further improved in Rapid7.
For how long have I used the solution?
I have been using Rapid7 InsightIDR for two months.
What do I think about the stability of the solution?
It is stable solution.
What do I think about the scalability of the solution?
It is a scalable solution. Presently, there are only small businesses working with the solution.
How are customer service and support?
The technical support team is good.
How was the initial setup?
The initial setup is easy. The deployment took only half an hour. It's just a cloud platform. You just have to deploy a connector like Select Pro, and it will set the data from the on-premise. It will send it to the cloud platform, and you can have it installed in five to ten minutes.
What's my experience with pricing, setup cost, and licensing?
The pricing of the solution depends on the user. But there is a yearly licensing cost.
What other advice do I have?
It is a good solution but just has some API issues. I rate the solution an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: MSP
Buyer's Guide
Rapid7 InsightIDR
October 2024
Learn what your peers think about Rapid7 InsightIDR. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
Solution Specialist at a tech services company with 11-50 employees
A cloud-based solution that is licensed based on the number of assets instead of the number of EPS
Pros and Cons
- "The solution is very scalable in terms of the licensing model."
- "The solution's XDR agents cannot compete with the XDR solutions out there yet."
What is most valuable?
Rapid7 InsightIDR is a cloud-based solution. Customers don't have to provision storage either internally or externally, and everything is already factored into the cost of the solution. So that takes out the headache.
The solution is very scalable in terms of the licensing model. It's not licensed based on the number of EPS as in a traditional SIEM solution. It's licensed based on the number of assets, and I believe the customers have more control over their assets than their EPS.
What needs improvement?
The solution's XDR agents cannot compete with the XDR solutions out there yet. It has to be a stand-alone XDR solution, and I know they are working on that. They have to ensure that it has the full capabilities of an XDR solution.
For how long have I used the solution?
I have been working with Rapid7 InsightIDR for about two years.
What do I think about the stability of the solution?
Rapid7 InsightIDR is a stable solution.
How are customer service and support?
Rapid7 InsightIDR's technical support is great and very responsive. Of course, their support depends on the SLAs.
How would you rate customer service and support?
Positive
What about the implementation team?
Rapid7 InsightIDR can be up or running in a matter of hours or minutes. It takes about a week or two to deploy the solution for an enterprise account with full integration of an IT use case.
What's my experience with pricing, setup cost, and licensing?
Rapid7 InsightIDR's pricing is reasonable.
What other advice do I have?
Overall, I rate Rapid7 InsightIDR a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Threat Intelligence Engineer at a tech services company with 11-50 employees
It's easy to install, but the components inside are a bit complicated.
Pros and Cons
- "Rapid7's reporting is more robust than Tenable's."
- "Tenable Nessus is easier to deal with. It's more efficient and accurate. InsightIDR is heavier than Tenable in terms of performance and scanning. Rapid7 would be much easier to use if it had a network connector like Tenable. Tenable's connector allows continuous monitoring over the B caps."
What is most valuable?
Rapid7's reporting is more robust than Tenable's.
What needs improvement?
Tenable Nessus is easier to deal with. It's more efficient and accurate. InsightIDR is heavier than Tenable in terms of performance and scanning. Rapid7 would be much easier to use if it had a network connector like Tenable. Tenable's connector allows continuous monitoring over the B caps.
For how long have I used the solution?
I worked with InsightIDR for about two years, but I switched to Tenable Nessus around two months ago.
How are customer service and support?
Rapid7's customer support is awful. They didn't respond at all. Tenable's support is always available. I didn't have to visit the customer every time they wanted to perform a scan.
How was the initial setup?
InsightIDR is easy to install, but the components inside are a bit complicated. Tenable was much easier.
What other advice do I have?
I rate Rapid7 InsightIDR seven out of 10.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
CoFounder & Head of Technology at intuity
Very intuitive, stable and integrates easily with other security products
Pros and Cons
- "Very intuitive and easy to set up."
- "Lacks a mobile application."
What is our primary use case?
We use this solution to develop our business and we also provide it to some of our customers. The primary use case is for security information and event management, monitoring and acting on any event.
What is most valuable?
The solution is very intuitive, it's easy to set up, is absolutely stable, and has a lot of integration with other security products.
What needs improvement?
I'd like to see a mobile application included and some feature related to the generality of segregation for internal users that access the application.
What do I think about the stability of the solution?
This solution is absolutely stable.
What do I think about the scalability of the solution?
This solution is scalable.
How are customer service and technical support?
The technical support is very good and respond quickly when there is a problem.
How was the initial setup?
The initial setup is reasonably straightforward, it takes a few hours. We've deployed it for 10 different clients and we have several engineers and eight certified technical staff that carry out implementation.
What's my experience with pricing, setup cost, and licensing?
You can scale the license as needed. It's really easy to update and upgrade.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Enterprise Sales at a tech vendor with 11-50 employees
Easy to use with a simple setup and good scalability
Pros and Cons
- "If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities."
- "Cloud risk assessment is one area where I think they need a lot of improvement."
What is our primary use case?
We primarily use the solution for a combination of log management as well as threat detection.
What is most valuable?
The ease of use of the solution is excellent.
The individual setup is great. You can set it up and get it going in a short amount of time.
They have one agent for Insight where, basically, we can also install agents on Linux and Windows Servers as well as the endpoints. This agent provides for more capabilities in terms of threat detection. Normally, SIEM is more centered around log management and data mining. It's nice to have this extra layer.
If you look at the agent part, the Insight agent, which is an optional component of InsightIDR, that agent also helps us to detect more threats, due to the fact that the endpoints are also vulnerable to a lot of security breaches.
If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities.
What needs improvement?
Earlier they didn't have a network flow capture product, so they were not able to capture the network flows. We were able to capture the logs but not the network flows. Now, they have acquired a company called NetFort, and now they are also using the capture network flows. This was one of the shortcomings of the product which they have now rectified after acquisition of the company.
Cloud risk assessment is one area where I think they need a lot of improvement.
The solution should have a CIS Benchmark in terms of, I would say, config change detection.
For how long have I used the solution?
I've been using the solution for about one year.
What do I think about the scalability of the solution?
Since it is on cloud, so we need to just provision the collectors, which is like a sensor that captures logs on-premise and sends it to their cloud, the metadata. We are able to scale more. The scalability is high. There is no issue related to redundancy or high availability. Since it is on cloud, it is taken care of from their data center.
The solution is more suited towards larger enterprises, and not really ideal for smaller companies.
How are customer service and technical support?
The technical support is good. They follow and adhere to their SLA terms. Based on the customer's needs, they can go with a higher level of support. Based on their standard support, they adhere to whatever is their SLA terms are and they are typically good enough. There's no complaints of any lag in service. They do a good job.
Which solution did I use previously and why did I switch?
I've used other products such as QRadar and other SIEM solutions and I find this solution is much more simplified and user-friendly. Their DNA is also really in security, which they can feed quite effectively into their SIEM. They understand security far better than other OEMs.
How was the initial setup?
The initial setup is not complex. It's straightforward. Deployment takes less than two weeks. It is based on the customer's environment, however, on average, you can assume it will take one to two weeks. You only need about two to three people to handle the deployment.
What about the implementation team?
We're an integrator for Rapid7. We handle deployments for our customers.
What's my experience with pricing, setup cost, and licensing?
If you look at any other SIEM solution, the license is based on events per second or EPS based licensing. Here, the licensing is the number of assets, and the number of days the log would be retained on their cloud. That is one of the huge differences between this solution and the competition.
What other advice do I have?
We are solution partners.
The solution has a console with everything on the cloud, however, only the centers, the log collectors, are on-premise. This solution is actually cloud-based.
People who want a solution, a very simplified and easy to start, and then they want to start immediately on a solution with fewer complications, so those would be the right customers. You can say SME, mid and large actually, but I think mid and large enterprises would be the right fitment.
I would recommend the solution. Rapid7's professional services, including their planning, architecture, deployment, et cetera is up to the mark. I would recommend having a few workdays, in the initial planning stage, maybe for assessment of the solution and to take some time to understand everything before beginning. New users should reach out to their Rapid7 professional services for the planning portion of the implementation process.
I would rate the solution eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Linux admin at a wholesaler/distributor with 51-200 employees
Suitably priced, stable, and easy to set up, but the dashboard needs improvement
Pros and Cons
- "It is a very stable solution."
- "The dashboard is an area that could be simplified."
What is our primary use case?
We use this solution for monitoring intrusion detection and prevention.
What is most valuable?
The most valuable feature is monitoring.
What needs improvement?
The dashboard is an area that could be simplified. For management, it should be clear and the files should be there.
For how long have I used the solution?
I have only recently started using this solution. It's been a couple of months.
I believe that we are using th latest version.
What do I think about the stability of the solution?
It is very stable.
What do I think about the scalability of the solution?
It's a scalable solution. We have more than 1,000 users and we plan to continue using it.
How are customer service and technical support?
We have not had the need to contact technical support.
Which solution did I use previously and why did I switch?
Previously, we were using another solution. We changed because the price was completely suitable.
How was the initial setup?
The initial setup was straightforward. It was simple.
We have a team of four to deploy and maintain this solution.
What's my experience with pricing, setup cost, and licensing?
It is a reasonably priced solution.
What other advice do I have?
I am not able to recommend this solution at this time. I don't know it well enough yet. Similarly, it is difficult to say at this time what needs to be improved. We need more time to explore.
I would rate this solution a seven out of ten, only because I have recently started using it.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Rapid7 InsightIDR Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Security Information and Event Management (SIEM) User Entity Behavior Analytics (UEBA) Endpoint Detection and Response (EDR) Threat Deception Platforms Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
Fortinet FortiEDR
Splunk Enterprise Security
Microsoft Sentinel
SentinelOne Singularity Complete
Darktrace
Cortex XDR by Palo Alto Networks
Commvault Cloud
Microsoft Defender XDR
IBM Security QRadar
Elastic Security
Sophos UTM
Buyer's Guide
Download our free Rapid7 InsightIDR Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What SOC product do you recommend?
- Is Rapid7 InsightIDR the right choice to be used in SOC?
- What is the difference between IDR and EDR?
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- What Questions Should I Ask Before Buying SIEM?