We performed a comparison between NetWitness Platform and Rapid7 InsightIDR based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"Performance and reporting are very good."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"The most valuable feature is the hunting ability to work in a CERT."
"It improved my organization by building a security alerting program."
"The solution is very stable and works very well for what I need it to do."
"The log aggregation and storage provided by InsightIDR has shown no issues with scalability; aggregating over one hundred millions events daily."
"Simple configuration and automatically syncs to the cloud platform."
"Dashboards, including the main screen, provide much-needed information at a glance, without hours of coding and sifting through logs to find it. In case of an actual security incident, I have faith that insightIDR has retained all logs in a secure manner that prevents log tampering as well."
"The product works well. Stability-wise, I rate the solution a ten out of ten."
"The solution's initial setup is easy."
"Another very important part of insightIDR is the ability to collect data from endpoint devices via agent software. With a large remote workforce, this allows visibility into the endpoints that are connected to the internet, but not to the corporate network."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"More customizability is required, which is something that they need to improve on."
"The implementation needs assistance."
"The solution should have more integration capabilities with different platforms."
"The tool's integration capability isn't so great."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"It is not so easy to customize this product."
"The APIs can be further improved in Rapid7."
"Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."
"Currently, it lacks the functionalities provided by Rapid7's User Behavior Analytics (UBA)."
"InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment."
"They should add more configuration and security features to it."
"I would like to see more development in InsightIDR towards building their SIEM solution and converting it to XDR."
"One thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not."
"The searching feature in Rapid7 InsightIDR needs to evolve"
NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews while Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 30 reviews. NetWitness Platform is rated 7.4, while Rapid7 InsightIDR is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Rapid7 InsightIDR writes "Helps in the management of compliance, secret events and information". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Microsoft Sentinel, whereas Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and IBM Security QRadar. See our NetWitness Platform vs. Rapid7 InsightIDR report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.