Rapid7 InsightIDR is budget-friendly and has a good market position because not everybody can afford to go for LogRhythm or Splunk or QRadar. It is good for a middle-tier organization. In that market, there is competition now. I do not recommend Rapid7 InsightIDR for bigger companies because they trust these big brands such as QRadar or LogRhythm. The general perception is that these are the solutions for big organizations having hundreds of branches or more. Rapid7 InsightIDR fits in the middle tier. The integration of Rapid7 InsightIDR with the security stack works fine because the systems in this part of the world are not so much cloud-driven. They have something around 20% or 30% of services running from the cloud. The rest are usually on-premises. Office 365 is one service that they get from the cloud. Networking typically includes Cisco and Fortinet in their networks. For endpoints, the operating system is usually Windows or Linux, not Mac in an enterprise environment. Windows and Linux can be easily integrated with this solution. The dashboard functionalities of Rapid7 InsightIDR are usually about customer-friendliness. Customers want to have some rich enrichment of the analysis or the ticket alerts or the events that come out with some processing behind the scenes. They feel that it is a more rapid or more intense process at Splunk or LogRhythm or QRadar compared to Rapid7 InsightIDR. For automated threat intelligence features, customers usually go for a full SOAR solution. They want to have playbooks and everything to run. Although Rapid7 InsightIDR does claim that it has integrated SOAR, called InsightConnect, this is not as advanced as a dedicated SOAR solution. LogRhythm solutions or Splunk solution or Sumo Logic solution are doing business here as well. These are considered more rich in features compared to Rapid7 InsightIDR. I rate Rapid7 InsightIDR between a six and seven out of ten.
Principal IT Security & Compliance at IBEX Holdings Ltd
Real User
Top 5
Feb 6, 2025
I definitely recommend Rapid7 InsightIDR. It is becoming better, with improvements being continuously made to the product. Right now, I do not have any advice about Rapid7 for other users because every organization or user has different criteria or multiple use cases, so I refrain from commenting on that. I rate the overall solution seven out of ten.
InsightIDR automates everything through InsightConnect in a seven-day cycle. The product has improved significantly since its inception. However, based on feedback I've received from other products in the market, aside from InsightIDR. It improved because several sensors are deployed within the on-premise environment. It can be very efficient if the customer implements and operates it effectively. If you combine it with InsightIDR, then it may become more compact. Maybe IBM was a bit larger. So, having MDR is the main key point for this product. Overall, I rate the solution a four out of ten.
Director of Solutions and Alliances at a tech services company with 1-10 employees
Real User
Top 20
May 23, 2024
At our company, along with Rapid7 InsightIDR we use multiple cloud providers like Azure, Google, Oracle and AWS infrastructure to ingest data. I would advise others to select a reliable system integrator to implement Rapid7 InsightIDR for the correct use cases or business needs. The solution is satisfying, but there are multiple other solutions in the market, and having a partner can help a customer explore all the options before adopting one. Overall, I would rate Rapid7 InsightIDR an eight out of ten.
In one instance, we faced a threat from the DarkSide ransomware, known for its ability to execute without requiring administration privileges, including a privilege escalation part. This particular ransomware was embedded in an Excel file, and it didn't need any administrative privileges for execution. The hackers cleverly concealed the DarkSide ransomware within an Excel file. When an unsuspecting team member tried to open the file, an alert indicated the malicious nature of the Excel file. The employee was unaware that the Excel file contained a ransomware threat. As security personnel monitoring the endpoint received an alert, they immediately contacted the individual, notifying them about the presence of the DarkSide ransomware. The security team advised against opening the file and guiding the user to delete it. I cannot compare Rapid7 InsightIDR with other tools directly because it has integrated both EDR and SIM. It combines these functionalities into an XDR platform, operating at a different level compared to other services. Additionally, the network analysis provided is wonderful. The product is easy to use and easy to understand. It is lightweight. I rate it a nine out of ten. I recommend it for easy deployment, enabling swift detection from endpoints to the cloud. This accelerates security orchestration across various environments and endpoints, aiding in risk mitigation within hybrid environments. The system is valuable for discovering new threats and offers exposure management to enhance understanding of the entire security operation.
The benefit of the solution, first of all, is that it's cost-effective. It is also a Gartner leading solution, which provides more credibility in the customer's eyes. Eventually, it benefits us to translate that credibility into achieving more and more revenue through it. I recommend Rapid7 InsightIDR for SMB companies because there are better options in the market for enterprises. I rate the solution an eight out of ten.
I rate InsightIDR eight out of 10. It's worth a try. InsightIDR provides excellent visibility and threats. The network detection is fast, so you get alerts as soon as something happens.
Security Solution Engineer II at a security firm with 501-1,000 employees
Real User
Aug 12, 2022
One of the biggest reasons why we chose it as our security platform was that it is not only for security monitoring. We could see a lot of improvements coming over the next couple of years. Automation is one of the things that will be really important in the next few years. It is already there, but we didn't buy it. I would rate it a nine out of ten.
I rate InsightIDR eight out of a 10. I would recommend it for a customer who isn't dead-set on an on-prem deployment. They can subscribe to Rapid7 because it is more valuable and delivers a greater return on investment. The initial setup is quick. There's no need to pay for hardware and it's easy to scale. Rapid7 InsightIDR integrates well with other solutions. It's also easy to configure because Rapid7 InsightIDR has a lot of instructions posted on their website that customers can follow if they need to get the source log. With other products, you might need to contact a consultant certified by the vendor to do the integration.
The solution suits any size company, whether small, medium, or enterprise, it's a very good fit for all devices. The only drawback, for now, is the intel feeds which don't support any TAXII or STIX feeds so they need to be done manually. I rate the solution eight out of 10.
Linux admin at a wholesaler/distributor with 51-200 employees
Real User
Apr 5, 2021
I am not able to recommend this solution at this time. I don't know it well enough yet. Similarly, it is difficult to say at this time what needs to be improved. We need more time to explore. I would rate this solution a seven out of ten, only because I have recently started using it.
Enterprise Sales at a tech vendor with 11-50 employees
Real User
Jul 19, 2020
We are solution partners. The solution has a console with everything on the cloud, however, only the centers, the log collectors, are on-premise. This solution is actually cloud-based. People who want a solution, a very simplified and easy to start, and then they want to start immediately on a solution with fewer complications, so those would be the right customers. You can say SME, mid and large actually, but I think mid and large enterprises would be the right fitment. I would recommend the solution. Rapid7's professional services, including their planning, architecture, deployment, et cetera is up to the mark. I would recommend having a few workdays, in the initial planning stage, maybe for assessment of the solution and to take some time to understand everything before beginning. New users should reach out to their Rapid7 professional services for the planning portion of the implementation process. I would rate the solution eight out of ten.
IT Engineer Security Operation Team at a tech services company with 201-500 employees
Real User
Jan 7, 2020
On a scale from one to ten where one is the worst and ten is the best, I would rate this product as a nine-out-of-ten. It is very good but it could be better with a few details that would improve the utility of the investigations interface.
Information Security Manager at a tech vendor with 51-200 employees
Real User
Oct 2, 2018
Have a plan going forward (Syslog exports, agent-based collection, etc.) and ensure WMI is available if using Windows Servers. It was very easy to set up, but troubleshooting can be "fun" if an endpoint doesn't connect correctly. Don't be shy of support requests. They'd rather you be "that person" that keeps getting support, rather than being the one that ran into an issue and stopped using the product.
You should use it to drive change within your IT from a security point of view. Run a PoC and see exactly what it can do for you. The simple setup means it will be running in no time and you will get meaningful alerts straight away.
Parsing hundreds of trivial alerts. Managing a mountain of data. Manually forwarding info from your endpoints. Forget that. InsightIDR instantly arms you with the insight you need to make better decisions across the incident detection and response lifecycle, faster.
Rapid7 InsightIDR is budget-friendly and has a good market position because not everybody can afford to go for LogRhythm or Splunk or QRadar. It is good for a middle-tier organization. In that market, there is competition now. I do not recommend Rapid7 InsightIDR for bigger companies because they trust these big brands such as QRadar or LogRhythm. The general perception is that these are the solutions for big organizations having hundreds of branches or more. Rapid7 InsightIDR fits in the middle tier. The integration of Rapid7 InsightIDR with the security stack works fine because the systems in this part of the world are not so much cloud-driven. They have something around 20% or 30% of services running from the cloud. The rest are usually on-premises. Office 365 is one service that they get from the cloud. Networking typically includes Cisco and Fortinet in their networks. For endpoints, the operating system is usually Windows or Linux, not Mac in an enterprise environment. Windows and Linux can be easily integrated with this solution. The dashboard functionalities of Rapid7 InsightIDR are usually about customer-friendliness. Customers want to have some rich enrichment of the analysis or the ticket alerts or the events that come out with some processing behind the scenes. They feel that it is a more rapid or more intense process at Splunk or LogRhythm or QRadar compared to Rapid7 InsightIDR. For automated threat intelligence features, customers usually go for a full SOAR solution. They want to have playbooks and everything to run. Although Rapid7 InsightIDR does claim that it has integrated SOAR, called InsightConnect, this is not as advanced as a dedicated SOAR solution. LogRhythm solutions or Splunk solution or Sumo Logic solution are doing business here as well. These are considered more rich in features compared to Rapid7 InsightIDR. I rate Rapid7 InsightIDR between a six and seven out of ten.
I definitely recommend Rapid7 InsightIDR. It is becoming better, with improvements being continuously made to the product. Right now, I do not have any advice about Rapid7 for other users because every organization or user has different criteria or multiple use cases, so I refrain from commenting on that. I rate the overall solution seven out of ten.
InsightIDR automates everything through InsightConnect in a seven-day cycle. The product has improved significantly since its inception. However, based on feedback I've received from other products in the market, aside from InsightIDR. It improved because several sensors are deployed within the on-premise environment. It can be very efficient if the customer implements and operates it effectively. If you combine it with InsightIDR, then it may become more compact. Maybe IBM was a bit larger. So, having MDR is the main key point for this product. Overall, I rate the solution a four out of ten.
At our company, along with Rapid7 InsightIDR we use multiple cloud providers like Azure, Google, Oracle and AWS infrastructure to ingest data. I would advise others to select a reliable system integrator to implement Rapid7 InsightIDR for the correct use cases or business needs. The solution is satisfying, but there are multiple other solutions in the market, and having a partner can help a customer explore all the options before adopting one. Overall, I would rate Rapid7 InsightIDR an eight out of ten.
In one instance, we faced a threat from the DarkSide ransomware, known for its ability to execute without requiring administration privileges, including a privilege escalation part. This particular ransomware was embedded in an Excel file, and it didn't need any administrative privileges for execution. The hackers cleverly concealed the DarkSide ransomware within an Excel file. When an unsuspecting team member tried to open the file, an alert indicated the malicious nature of the Excel file. The employee was unaware that the Excel file contained a ransomware threat. As security personnel monitoring the endpoint received an alert, they immediately contacted the individual, notifying them about the presence of the DarkSide ransomware. The security team advised against opening the file and guiding the user to delete it. I cannot compare Rapid7 InsightIDR with other tools directly because it has integrated both EDR and SIM. It combines these functionalities into an XDR platform, operating at a different level compared to other services. Additionally, the network analysis provided is wonderful. The product is easy to use and easy to understand. It is lightweight. I rate it a nine out of ten. I recommend it for easy deployment, enabling swift detection from endpoints to the cloud. This accelerates security orchestration across various environments and endpoints, aiding in risk mitigation within hybrid environments. The system is valuable for discovering new threats and offers exposure management to enhance understanding of the entire security operation.
Overall, I rate the solution a nine out of ten.
I rate Rapid7 InsightIDR an eight out of ten.
The benefit of the solution, first of all, is that it's cost-effective. It is also a Gartner leading solution, which provides more credibility in the customer's eyes. Eventually, it benefits us to translate that credibility into achieving more and more revenue through it. I recommend Rapid7 InsightIDR for SMB companies because there are better options in the market for enterprises. I rate the solution an eight out of ten.
I would rate Rapid7 InsightIDR an eight out of ten.
I rate InsightIDR eight out of 10. It's worth a try. InsightIDR provides excellent visibility and threats. The network detection is fast, so you get alerts as soon as something happens.
I rate the overall solution a nine out of ten.
Compared to other solutions, Rapid7 is more flexible to use. We install, gather, and monitor logs easily with its help. I rate it as an eight.
I rate Rapid7 InsightIDR six out of 10.
I rate Rapid7 InsightIDR seven out of 10.
One of the biggest reasons why we chose it as our security platform was that it is not only for security monitoring. We could see a lot of improvements coming over the next couple of years. Automation is one of the things that will be really important in the next few years. It is already there, but we didn't buy it. I would rate it a nine out of ten.
I rate InsightIDR eight out of a 10. I would recommend it for a customer who isn't dead-set on an on-prem deployment. They can subscribe to Rapid7 because it is more valuable and delivers a greater return on investment. The initial setup is quick. There's no need to pay for hardware and it's easy to scale. Rapid7 InsightIDR integrates well with other solutions. It's also easy to configure because Rapid7 InsightIDR has a lot of instructions posted on their website that customers can follow if they need to get the source log. With other products, you might need to contact a consultant certified by the vendor to do the integration.
The solution suits any size company, whether small, medium, or enterprise, it's a very good fit for all devices. The only drawback, for now, is the intel feeds which don't support any TAXII or STIX feeds so they need to be done manually. I rate the solution eight out of 10.
I am not able to recommend this solution at this time. I don't know it well enough yet. Similarly, it is difficult to say at this time what needs to be improved. We need more time to explore. I would rate this solution a seven out of ten, only because I have recently started using it.
We are solution partners. The solution has a console with everything on the cloud, however, only the centers, the log collectors, are on-premise. This solution is actually cloud-based. People who want a solution, a very simplified and easy to start, and then they want to start immediately on a solution with fewer complications, so those would be the right customers. You can say SME, mid and large actually, but I think mid and large enterprises would be the right fitment. I would recommend the solution. Rapid7's professional services, including their planning, architecture, deployment, et cetera is up to the mark. I would recommend having a few workdays, in the initial planning stage, maybe for assessment of the solution and to take some time to understand everything before beginning. New users should reach out to their Rapid7 professional services for the planning portion of the implementation process. I would rate the solution eight out of ten.
On a scale from one to ten where one is the worst and ten is the best, I would rate this product as a nine-out-of-ten. It is very good but it could be better with a few details that would improve the utility of the investigations interface.
Have a plan going forward (Syslog exports, agent-based collection, etc.) and ensure WMI is available if using Windows Servers. It was very easy to set up, but troubleshooting can be "fun" if an endpoint doesn't connect correctly. Don't be shy of support requests. They'd rather you be "that person" that keeps getting support, rather than being the one that ran into an issue and stopped using the product.
You should use it to drive change within your IT from a security point of view. Run a PoC and see exactly what it can do for you. The simple setup means it will be running in no time and you will get meaningful alerts straight away.