We performed a comparison between Cortex XDR by Palo Alto Networks and Rapid7 InsightIDR based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."All of the security components are valuable including, antiphishing, antispam, and stage three antivirus."
"The integration, visibility, vulnerability management, and device identification are valuable."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"The best feature is probably the alert generation. When I do a security reset, the other session triggers instantly from the Defender console, and I can work on it. The policies are three times, but they are also ready to install it."
"Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise."
"Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"The common and advanced security policies for threat hunting and blocking attacks are valuable."
"Monitoring is most valuable."
"Being a cloud solution it is very flexible in serving internal and external connections and a broad range of devices."
"We can use Cortex XDR to get the entire graph of the incidents from source to destination, and we can take remedial action."
"Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place."
"Stability is one of the features we like the most."
"The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly. The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that."
"Stability is a primary factor, and then there's the ease of distribution and policy management."
"The live terminal is probably the best thing ever. It gives you the access to get straight onto any machine."
"The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort through all the logs, network and endpoint data, etc., and add it to an incident case as part of the investigation, is nice. Having it automatically timeline that additional data into the original incident timeline, and correlate it to other notable events and activities on the network, results in a huge improvement in our overall confidence that we've quickly traced down the right source of an issue."
"The product works well. Stability-wise, I rate the solution a ten out of ten."
"Features for user behavior analytics and the rules for attack review are good."
"User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day."
"Rapid7 InsightIDR integrates well with other solutions. It's also easy to configure because Rapid7 InsightIDR has a lot of instructions posted on their website that customers can follow if they need to get the source log."
"InsightIDR helps us investigate an environment to discover information about incidents."
"I rate Rapid7 nine out of 10 for affordability"
"We were able to identify criminals attempting to login from China and put a stop on their IP locations."
"It would be helpful if the solution could scan faster when it comes to scanning attachments to emails."
"The web filtering solution needs to be improved because currently, it is very simple."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"The Defender agent itself is more compatible with Windows 10 and Windows 11. Other than these two lines, there are so many compatibility issues. Security is not only about Microsoft. The core technical aspects of it are quite good, but it would be good if they can better support non-Microsoft solutions in terms of putting the agents directly into VMware and other virtualization solutions. There should be more emphasis on RHEL and other operating systems that we use, other than Windows, in the server category."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"One of the biggest downsides of Microsoft products, in general, is that the menus are often difficult to find, as they tend to move from place to place between versions."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"It should support more mobile operating systems. That is one of the cons of their infrastructure right now."
"It is an enterprise-level solution. Its price could be less expensive."
"Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer."
"The solution should force customers to integrate with network traffic to see the full benefits of XDR."
"It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue."
"Impact on system performance is horrible, adding a lot of delays for users."
"There are a large number of false positives."
"There is a severe gap in functionality between Windows, Linux, and Mac versions. For example all folder restriction settings are Windows only. Traps 5.0+ does not have SAML / LDAP integration."
"I feel it would greatly benefit from more supported log sources."
"The dashboard is an area that could be simplified."
"InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment."
"One thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not."
"The solution needs improvement in threat intelligence. Increasing the depth of intelligence to help users understand more about threats is a possibility. My suggestion is to expand access to other websites or resources."
"The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."
"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."
"The solution's XDR agents cannot compete with the XDR solutions out there yet."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Extended Detection and Response (XDR) with 80 reviews while Rapid7 InsightIDR is ranked 12th in Extended Detection and Response (XDR) with 30 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Rapid7 InsightIDR is rated 8.4. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Rapid7 InsightIDR writes "Helps in the management of compliance, secret events and information". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Fortinet FortiEDR, whereas Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and IBM Security QRadar. See our Cortex XDR by Palo Alto Networks vs. Rapid7 InsightIDR report.
See our list of best Extended Detection and Response (XDR) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.