InsightIDR - Next-gen SIEM

I am working with Rapid7 InsightOps  and Rapid7 InsightIDR  because the requirement is as such from the customer side, particularly the banks. Whatever the requirement is, these are the products that we are working with.

I usually recommend Rapid7 InsightIDR  for banks because that is the bigger chunk here who do business in cybersecurity or whose requirement is that compliance requirements need to be filled by certain products, which Rapid7 InsightIDR is one of them.

UEBA  is an important element these days, but usually the requirement is for threat detection, investigation, and response. This is what Rapid7 InsightIDR provides.

Banks typically go for threat detection, investigation, and response capabilities. End-user entity and behavior analysis, or UEBA , is certainly an important addition if we provide the solution along with UEBA. It provides that and this is something that the customer cannot ignore because they want to have a 360-degree coverage of their emails or for their users and what they are doing. This is definitely their requirement.

If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm , it is not as customizable as a SIEM  solution is. This is where it can improve if we keep in front the feature sets of a complete SIEM  solution. Most common in the market is QRadar, but it is depleting now. It has been taken over by some other products such as Splunk and LogRhythm . If we compare these things with Rapid7 InsightIDR, then there are definitely some gaps that need to be filled.

Data retention is also one concern because Rapid7 InsightIDR is cloud-based and operates on a subscription model. Whatever data you want to retain, it has to be paid for separately or it has a cost. Other solutions that are on-premises can have their own infrastructure or they provide some data retention for a month or in some capacity-wise, they provide that solution to them which makes them more attractive.

It has been about four to five years now that we have been working with Rapid7. Whatever the products, they were all related to vulnerability tools that we have been working with. It has been a journey of about five years with Rapid7.

Rapid7 InsightIDR is budget-friendly and has a good market position because not everybody can afford to go for LogRhythm or Splunk or QRadar. It is good for a middle-tier organization. In that market, there is competition now.

I do not recommend Rapid7 InsightIDR for bigger companies because they trust these big brands such as QRadar or LogRhythm. The general perception is that these are the solutions for big organizations having hundreds of branches or more. Rapid7 InsightIDR fits in the middle tier.

The integration of Rapid7 InsightIDR with the security stack works fine because the systems in this part of the world are not so much cloud-driven. They have something around 20% or 30% of services running from the cloud. The rest are usually on-premises. Office 365  is one service that they get from the cloud. Networking typically includes Cisco and Fortinet in their networks. For endpoints, the operating system is usually Windows or Linux, not Mac in an enterprise environment. Windows and Linux can be easily integrated with this solution.

The dashboard functionalities of Rapid7 InsightIDR are usually about customer-friendliness. Customers want to have some rich enrichment of the analysis or the ticket alerts or the events that come out with some processing behind the scenes. They feel that it is a more rapid or more intense process at Splunk or LogRhythm or QRadar compared to Rapid7 InsightIDR.

For automated threat intelligence features, customers usually go for a full SOAR  solution. They want to have playbooks and everything to run. Although Rapid7 InsightIDR does claim that it has integrated SOAR , called InsightConnect, this is not as advanced as a dedicated SOAR solution. LogRhythm solutions or Splunk solution or Sumo Logic solution are doing business here as well. These are considered more rich in features compared to Rapid7 InsightIDR.

I rate Rapid7 InsightIDR between a six and seven out of ten.

I am using Rapid7 InsightIDR  as an InsightIDR  solution. This tool is integrated with other solutions like endpoint and NDR, and it correlates alerts, giving me a comprehensive picture of the alerts.

The platform offers unlimited storage and agent-based solutions. I have user behavior analytics (UBA ) and MITRE ATT&CK as well. The user behavior analytics feature helps in enhancing the security posture by helping to identify user behaviors and engineering alerts based on them.

There is a future in AI with Rapid7, however, it is not fully operated. There are certain limitations with Rapid7 that I am working on. I have already opened a list of features with Rapid7, and they are working on it.

I have been using Rapid7 InsightIDR for about two years.

So far, I have not had any performance issues with Rapid7 InsightIDR. It is working well, and I have not faced any downtime in the last two years.

Every  product has some limitations, and Rapid7 is no exception, yet it is working for me perfectly right now.

I rate their technical team 8.5 out of ten, which is pretty good.

Currently, I am not working with the LogRhythm  solution. I have another SIEM  solution in place. Previously, three years back, I was working with LogRhythm , however, now I do not.

The initial setup was straightforward, and I did not face any complexities during the setup of the IDR product.

The incident response time is good, and I can easily find or search any incident. I easily build the queries in Rapid7 and search my relevant logs or relevant investigation logs.

I have EDR, XDR , NDR, TLP, and many other solutions like these.

I definitely recommend Rapid7 InsightIDR. It is becoming better, with improvements being continuously made to the product.

Right now, I do not have any advice about Rapid7 for other users because every organization or user has different criteria or multiple use cases, so I refrain from commenting on that. I rate the overall solution seven out of ten.

The solution lacks an AI-driven capability. While other competitors emphasize AI as the most important feature.

I have been using Rapid7 InsightIDR as a distributor for seven years.

The product's stability is high. I rate the solution’s stability an eight out of ten.

Due to its cloud-based nature and numerous agents, its scalability is high. This, combined with its on-premise environment, ensures rapid performance. It can handle several thousand. It is best suited for large-scale businesses.

Support is slow. I'm not satisfied with the support so far.

Due to the product's complexity, the initial setup can be challenging. Additionally, setting up the product and training the customer can be quite demanding. Deploying the appliance or sensor on-premises can take up to twelve months.

The product pricing is very cheap.

InsightIDR automates everything through InsightConnect in a seven-day cycle.

The product has improved significantly since its inception. However, based on feedback I've received from other products in the market, aside from InsightIDR.

It improved because several sensors are deployed within the on-premise environment. It can be very efficient if the customer implements and operates it effectively.

If you combine it with InsightIDR, then it may become more compact. Maybe IBM was a bit larger. So, having MDR is the main key point for this product.

Overall, I rate the solution a four out of ten.

Our company is a system integrator for Rapid7 InsightIDR. We use the latest SaaS version of the product. Rapid7 InsightIDR works as the foundation of the security operation center in our company. The solution is used in our organization for data ingesting for multiple security devices and solutions. Rapid7 InsightIDR provides insights and stability on the security aspects of the company.

The unconventional detection rules of Rapid7 InsightIDR are quite beneficial. The solution provides satisfying native integration features.

The searching feature in Rapid7 InsightIDR needs to evolve. For instance, when pursuing an incident handling task, extensive searching is required, and the solution's own query language can only be used. In situations similar to the aforementioned example, the solution becomes difficult to use. It would be interesting if the vendor could make the search feature like the Google search engine.

I have been working with Rapid7 InsightIDR for three years.

Overall, the solution is stable enough. I would rate the stability a nine out of ten.

The product's scalability seems good enough. In our company, we are able to manage a couple of thousand devices comfortably using only one single tenant.

Through our company, thousands of users are using the interface of Rapid7 InsightIDR to process data and check incidents. I have implemented data ingestion for couple of thousand devices that include virtual machines, switches, routers and firewalls.

For all the aforementioned devices we haven't faced any issues in our company. Rapid7 InsightIDR is used in our company, majorly for medium and enterprise grade customers, where some enterprises have more than 5000 employees and some less than that.

Our company mostly receives fast and suitable support from Rapid7 InsightIDR, but sometimes the response arrives quite slow. I would rate the technical support a seven out of ten.

I would rate the initial setup a nine out of ten. It's quite straightforward to put the solution to work. Once Rapid7 InsightIDR activates the tenant, the deployment process becomes straightforward. In our company, we just download the agents and install them in the customers' virtual machines.

Following the aforementioned step, some integration with Azure Entra ID authentication services or on-prem authentication is required. Thus, some base integration is required for login data. For the final stage of deployment, as part of the company, we configure a couple of customizations for the detection rules to start ingesting data; the niche customizations can be performed easily for the use cases.

In our company we have an engineering deployment team who are highly skilled in setup processes. For client companies with less than 500 devices, usually one full-time engineer is enough for the deployment. For clients with 500 devices, when we at our company use automation to deploy the agents, it takes only a couple of days to finish the deployment process.

The solution has a mid-range price point in the market. The licensing cost depends on the customer size and the negotiation on whether to add IVM. There are multiple add-ons to the base licensing fee, we use them only for specific customers of our organization. The additional licenses increase the pricing drastically, so we try to stick with the base license at our company.

At our company, along with Rapid7 InsightIDR we use multiple cloud providers like Azure, Google, Oracle and AWS infrastructure to ingest data.

I would advise others to select a reliable system integrator to implement Rapid7 InsightIDR for the correct use cases or business needs. The solution is satisfying, but there are multiple other solutions in the market, and having a partner can help a customer explore all the options before adopting one. Overall, I would rate Rapid7 InsightIDR an eight out of ten.