Is Rapid7 InsightIDR the right choice to be used in SOC?
Hello,
Is Rapid7 InsightIDR an efficient solution (to be used in SOC as an analysis tool) in comparison with other SIEM products, such as IBM QRadar, Splunk, and LogRhythm NextGen SIEM?
Senior Network Architect / Network Team Leader at ICE Consulting. Inc.
Real User
2022-02-15T18:46:40Z
Feb 15, 2022
Yes, Rapid7 is a great tool for a SOC to use for analysis of Security Events, as is the others you mentioned.
Do your homework before choosing the tool, as staffing and engineering work for any tool you choose is a requirement a lot of companies don't consider until after they have locked themselves into a contract.
I would also suggest looking into SYNPR from Securonix, we have been using that tool in our SOC for a little over a year now, It took about 300 manhours working with engineers from Securonix to completely implement the SNYPR platform and set up the rules and policies to filter out the false positives. but the analysis tools it provides are adequate for managing the incidents from over 30 clients and a combined total of about 10,000 sources and an incident rate of 1500/hr. of which 5-15 are actionable incidents.
Just my experience, I hope it helps in your decision-making process, BTW we support a global organization that has Rapid7 InsightIDR deployed to its internal SOC team, and act as their escalation point for incident management.
Search for a product comparison in Security Information and Event Management (SIEM)
The use of SIEM products will focus a lot broader on managing all sources of target systems log integration and correlation, while InsightIDR will work best with existing Rapid7 solutions.
Alternatively, several SIEM would have a plugin to integrate VA result into the repository, providing assets classification and prioritization based on the vulnerability result from Rapid7.
If you look at Gartner's 2020 Magic Quadrant for SIEM solutions, you will see that Rapid 7 is even ahead of LogRhythm.
If you look at the 2021 Quadrant, you can see that some players, while are losing their ground in the leaders' Quadrant (like LogRhythm), Rapid 7 has maintained a position in the leaders' quadrant.
Feel free to reach out to me for any support to help get you moving on this decision.
Director of Community at PeerSpot (formerly IT Central Station)
Real User
Aug 10, 2021
@PrasanthPrasad besides being listed in MQ, what makes Rapid7 InsightIDR be a better choice than IBM QRadar, Splunk, and LogRhythm NextGen SIEM?
Can you please specify some technical facts? Thanks
Parsing hundreds of trivial alerts. Managing a mountain of data. Manually forwarding info from your endpoints. Forget that. InsightIDR instantly arms you with the insight you need to make better decisions across the incident detection and response lifecycle, faster.
Yes, Rapid7 is a great tool for a SOC to use for analysis of Security Events, as is the others you mentioned.
Do your homework before choosing the tool, as staffing and engineering work for any tool you choose is a requirement a lot of companies don't consider until after they have locked themselves into a contract.
I would also suggest looking into SYNPR from Securonix, we have been using that tool in our SOC for a little over a year now, It took about 300 manhours working with engineers from Securonix to completely implement the SNYPR platform and set up the rules and policies to filter out the false positives. but the analysis tools it provides are adequate for managing the incidents from over 30 clients and a combined total of about 10,000 sources and an incident rate of 1500/hr. of which 5-15 are actionable incidents.
Just my experience, I hope it helps in your decision-making process, BTW we support a global organization that has Rapid7 InsightIDR deployed to its internal SOC team, and act as their escalation point for incident management.
No, Navin,
The use of SIEM products will focus a lot broader on managing all sources of target systems log integration and correlation, while InsightIDR will work best with existing Rapid7 solutions.
Alternatively, several SIEM would have a plugin to integrate VA result into the repository, providing assets classification and prioritization based on the vulnerability result from Rapid7.
Of course.
If you look at Gartner's 2020 Magic Quadrant for SIEM solutions, you will see that Rapid 7 is even ahead of LogRhythm.
If you look at the 2021 Quadrant, you can see that some players, while are losing their ground in the leaders' Quadrant (like LogRhythm), Rapid 7 has maintained a position in the leaders' quadrant.
Feel free to reach out to me for any support to help get you moving on this decision.
@PrasanthPrasad besides being listed in MQ, what makes Rapid7 InsightIDR be a better choice than IBM QRadar, Splunk, and LogRhythm NextGen SIEM?
Can you please specify some technical facts? Thanks