I've been using Rapid7's InsightIDK since it was called UserInsight (and later InsightUBA).
It has really grown in that time, and has become a very useful tool for keeping track of user activity within the environment -- suspicious login times/patterns, lockouts, etc.
My concern is that the pricing is not friendly for smaller environments that can absolutely benefit from this visibility. We're not talking about SIEM-lite level of features, but even small shops of 10-50 users could stand to track the information from Active Directory and DNS pertaining to user behavior.
Does anyone have experience with InsightIDK alternatives that would be budget friendly (4-figures vs 5-figures) for smaller organizations?
It can be cloud-based or on-premises (virtual appliance).
Any vendors I should be looking at?
Thanks
Here's a good article that helps point small businesses in the right direction for scanning tools. The 2 small business suggestions are at the end of the article from the author.
searchsecurity.techtarget.com
Hi Jason,
Upon further review, the tools recommended in that article are more along the lines of vulnerability management, rather than User Behavior Analytics, unfortunately.
Thanks, Jason
Currently, more and more company focus on SD-WAN solution which can handle both communication and security in a single box. For a small branch, it will be a good choice as ease of operation. And these product will include the security categorization. For example, Versa-Networks.
Thanks, Tommy. I will take a look at Gurucul, Dynatrace and Nexthink, as I have no experience with them. I do have a fair amount of experience with Splunk, and not only is their solution a bit overkill for my targets, but the costs are worse than Rapid7. :)
It has been some time since I looked at pricing models, however I would suggest looking at Splunk, Gurucul, Dynatrace and Nexthink.