We use the tool for secret events, compliance, and information management.
InsightIDR - Next-gen SIEM
Rapid7External reviews
85 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Awesome Power!
What do you like best about the product?
Prompt, easy to parse alerts on the relevant assets it monitors that allows for a measured and swift response.
What do you dislike about the product?
That every contract I'm on doesn't use it. I am a big fan of the Rapid7 product as a Cybersecurity professional. I think this is the best on the market in the detection and response space.
What problems is the product solving and how is that benefiting you?
Every deployment I've been fortunate enough to to work on the administrator side of the operation is saving TIME and headache. So in terms of labor and my team's sanity = paying dividends.
Helps in the management of compliance, secret events and information
What is our primary use case?
What is most valuable?
I like the tool's user analysis feature.
What needs improvement?
Rapid7 InsightIDR is not intuitive to search for logs. It should be more user-friendly and improve the dashboards. We should be able to use ready-made templates instead of having to build one.
For how long have I used the solution?
We had done our first deployment three years ago.
What do I think about the stability of the solution?
Rapid7 InsightIDR is stable.
What do I think about the scalability of the solution?
The tool is cloud-based and scalable.
How are customer service and support?
Rapid7 InsightIDR's technical support is reactive and supportive. However, they only speak English. Our native language is French and it would be better if they can have some French speaking agents.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
The solution provides better value than competitors with its modules. The deployment is simple and straightforward. However, Rapid7 InsightIDR is not good for log management.
How was the initial setup?
One of our customers had a Huawei firewall and we required help to do the configuration. However, the installation was easy with other standard vendors like Cisco and Check Point. The product's deployment got completed in four to five days and we required three people to handle it. One person was in charge of the portal's initial set up and the other one handled the integration of on-premises devices. The third one took care of Office 365 integration.
What's my experience with pricing, setup cost, and licensing?
Rapid7 InsightIDR's pricing is reasonable but we have challenges with the Minimum Order Quantity. It is not reasonable for customers who have less than one hundred devices. If they can reduce Minimum Order Quantity, it is good. You have to pay around 5000-6000 dollars per year for the product. The pricing includes maintenance and support costs.
What other advice do I have?
I would rate Rapid7 InsightIDR an eight out of ten.
Rapid 7 IDR
What do you like best about the product?
We are now monitoring all logs from various security solutions sent to IDR and it helps our operations in correlating all these findings easily. Saves time in logging in to different UI and we now have a single console of correlation and source of alerts and notifications
What do you dislike about the product?
NOt all solutions can be integrated outside the box. We need to learn all parsings and eliminate all false positives. It takes time for the solution to learn network traffic
What problems is the product solving and how is that benefiting you?
We bought primarily for SIEM purpose and it is benefiting the company in terms of saving time for analyst to go over all solutions for every shift. It has a descent XDR features although we haven't maximized it yet.
It provides excellent visibility a fast response
What is our primary use case?
We provide InsightIDR for our banking and ICT clients.
What is most valuable?
InsightIDR helps us investigate an environment to discover information about incidents.
What needs improvement?
InsightIDR's integration with other solutions could be improved. Also, I'd like more control from the portal over what's happening on the endpoint side. For example, when I see an attack on an endpoint, I want to be able to stop it from the portal.
For how long have I used the solution?
I have used InsightIDR for four years.
What do I think about the stability of the solution?
I rate InsightIDR 10 out of 10 for stability.
What do I think about the scalability of the solution?
I rate InsightIDR six out of 10 for scalability. The licensing model limits the scalability. The licenses are defined based on assets, so you have to purchase more licenses as you add assets. It's suitable for a small or medium-sized company. We have about 250 users.
How are customer service and support?
I rate Rapid7 support nine out of 10.
How would you rate customer service and support?
Positive
How was the initial setup?
I rate InsightIDR eight out of 10 for ease of setup. It takes about seven working days to deploy. We install a connector on the LAN, which links up to the cloud and becomes one of your event sources. Next, you need to integrate everything with the console.
What's my experience with pricing, setup cost, and licensing?
I rate InsightIDR six out of 10 for affordability. It isn't the cheapest solution I've seen, but it offers a greater value than less expensive competitors.
What other advice do I have?
I rate InsightIDR eight out of 10. It's worth a try. InsightIDR provides excellent visibility and threats. The network detection is fast, so you get alerts as soon as something happens.
Great user behavior analytics feature; easy to integrate and collect data from other solutions
What is our primary use case?
We are distributors and sell this product to our customers. I'm a security consultant.
What is most valuable?
The features for user behavior analytics and the rules for attack review are valuable. I also like the honeypot feature. It's easy to integrate and collect data from other solutions.
What needs improvement?
I'd like to see a better ability to customize the check within the console. Rules can be customized better if the integration is improved. They now have integration with CrowdStrike so maybe they could have some kind of integration with Microsoft.
For how long have I used the solution?
I've been using this solution for a year.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
This is a cloud-based product so it's scalable.
How are customer service and support?
The technical support could be improved. We've had times when our requests get stuck with the engineering team and we sometimes don't get a response. That's a problem for us.
How would you rate customer service and support?
Neutral
How was the initial setup?
All Rapid7 solutions are easy to deploy because if you have any one of the products, the integrations between these products become easier because they have a lot of the important things within a single port. You get a single platform to visualize a lot of different kinds of data.
What's my experience with pricing, setup cost, and licensing?
The pricing is very competitive because the licensing model that we use is based on endpoints which is different from most other solutions.
What other advice do I have?
This solution is suited to all sizes of organizations. We generally deal with small and medium-sized companies.
I rate this solution eight out of 10.
An easy-to-use and stable solution with an intuitive interface
What is our primary use case?
I use the solution for its SIEM functionalities, log analysis, and behavioral analysis.
What is most valuable?
The solution is easy to use, and the interface is intuitive.
What needs improvement?
Currently, it lacks the functionalities provided by Rapid7's User Behavior Analytics (UBA). So, User Behavior Analytics (UBA) should be added in the new release.
For how long have I used the solution?
I have been using the solution for two years. My company has a partnership with Rapid7.
What do I think about the stability of the solution?
It is a stable solution. My customers are happy to use it.
What do I think about the scalability of the solution?
I do not have any plans to expand the usage of the solution. Currently, one hundred people are using the solution.
How are customer service and support?
I have not used the technical support.
Which solution did I use previously and why did I switch?
Previously, I used IBM.
How was the initial setup?
I was not involved in the initial setup as I am not an engineer.
What's my experience with pricing, setup cost, and licensing?
The pricing is good, and it is not very expensive.
What other advice do I have?
I rate the overall solution a nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Easy to install and manage
What do you like best about the product?
The installation process is very simple, making it easy to control and manage monitored endpoints.
What do you dislike about the product?
I have no negative points about the product
What problems is the product solving and how is that benefiting you?
Ease of management and greater visibility of processes and executions in the monitored environment
Incredible Software!
What do you like best about the product?
I love how easy it is to navigate and find what I need while at the same time being feature-rich with great depth. InsightIDR is my single pane of glass for all my security needs.
What do you dislike about the product?
There's a steep learning curve to get the most out of InsightIDR. It took me quite a while to get acclimated to the workflow but our organization is on the other of that now.
What problems is the product solving and how is that benefiting you?
We now have visibility into areas of our organization that we didn't have a clear line of sight into before. It's been great! Our level of security actioning has gone up a ton!
Detection Rule in Attack Behavior & User Behavior Insight are great for Incident Response Management
What do you like best about the product?
InsightIDR provides dependable incident detection so that we don't get misled with false security alerts in our platform. It offers various Insight Agents which is responsible for reliable endpoint threat detection quick. It effectively captures confidential data and includes relevant context to our alerts so that we obtain excellent visibility for all our security incidents.
What do you dislike about the product?
It effectively eliminates the need for parsing through our endpoint logs to track the issues & security breaches. It gives sophisticated Enhanced Endpoint Telemetry which offers a detailed history of archives from the moment its start activity on the endpoint is initiated. Overall, InsightIDR is suitable to manage our security incidents through its organized detection libraries and excellent user experience.
What problems is the product solving and how is that benefiting you?
We integrate our AWS CloudTrail with InsightIDR to obtain SaaS-based SIEM & XDR solutions for our internal and external attack detections. It delivers superb detection rules to explore various Attacker Behaviour Analytics, User Behaviour Analytics &Alert Modifications. It enables us to work more efficiently through its built-in automation capabilities & avoiding distractions by providing clear network traffic analysis.
Useful out of the box detection capabilities, some limitations
What do you like best about the product?
InsightIDR is easy to provision (SaaS plus an on-prem collector) and comes with a good mix of features and alerts configured by default. Setup is easy for different event sources, including AD, LDAP, DNS, endpoint agents, and some SaaS applications.
What do you dislike about the product?
The reporting and dashboards are a bit limited. It would be great if the dashboards had better drill-down functionality similar to what you can find in other SIEM / UEBA products. Some of the menu pop-out functionality is a bit clunky when limiting dashboards and reports to only include data from specific event sources. There is a learning curve associated with building new dashboards. The most useful of which require familiarity with Rapid7's proprietary query language.
What problems is the product solving and how is that benefiting you?
InsightIDR helps us to correlate logs across multiple event sources and multiple organizations. We use the product to detect anomalous activity and to investigate security incidents. We have also used the product to detect and thwart active password guessing attacks leveraged against cloud services. We expect the system to bring even more value as we deploy more functions - such as their network sensor (IDS) and deception technologies.
Recommendations to others considering the product:
Identify what you want to monitor, and develop a rollout plan. Expect that you may have to deploy at least one collector per monitored domain, as collectors may fail to collect events across domains, even if those domains are trusted by the domain hosting the collector and its associated monitoring user account. Before deploying, you may also wish to ensure that the product can integrate adequately will all of your in-scope SaaS applications via API.
showing 21 - 30