We performed a comparison between Rapid7 InsightIDR and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"The analytic rule is the most valuable feature."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The UI is very good."
"The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort through all the logs, network and endpoint data, etc., and add it to an incident case as part of the investigation, is nice. Having it automatically timeline that additional data into the original incident timeline, and correlate it to other notable events and activities on the network, results in a huge improvement in our overall confidence that we've quickly traced down the right source of an issue."
"I rate Rapid7 nine out of 10 for affordability"
"Dashboards, including the main screen, provide much-needed information at a glance, without hours of coding and sifting through logs to find it. In case of an actual security incident, I have faith that insightIDR has retained all logs in a secure manner that prevents log tampering as well."
"The ability to ingest Office 365 log files, then process them into events and display them on a map."
"The technical support is a solid 10 out of 10 as they take the time to answer any questions or problems which may arise in a reasonable time frame."
"Integration with threat modeling from the Metasploit and InsightIDR repositories."
"The alerting to drive investigations and remediation has been its most valuable feature."
"Integrity with many vendors: This simplifies the implementation and integration with different devices"
"Three features stand out for me: the SDK for writing Python, the customizable and adaptable diagnostic dashboard, and the optimizer for collecting data."
"The ability to quickly search logs, performance data, and other inputs has helped tremendously with troubleshooting."
"I have found the installation can be of medium difficulty to very complex depending on the use case."
"If I need to integrate devices for logs, it is easier with Splunk. We can integrate different applications, network devices, and databases. It is also very rich in documents. It is the best."
"Splunk has significantly helped with aggregation and correlation of critical logs. Not having to grep on each individual server has made everyone more efficient."
"We can ingest and correlate data from virtually any type of system."
"The solution allows easy gathering and ingestion of the data."
"The solution should allow for a streamlined CI/CD procedure."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"The main problem lies in the processes within the client's operating systems."
"Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries."
"The dashboard is an area that could be simplified."
"I feel it would greatly benefit from more supported log sources."
"Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."
"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."
"InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment."
"The product allows us to make only 30 custom rules."
"Its pricing model and integration with third-party services can be improved. We had faced an issue with integration. The alerting feature is currently not available with Splunk, but it is definitely available with Datadog and PagerDuty. They should include this feature. A few dashboards in Splunk look quite old and are not that modern. They aren't bad, but improving these dashboards will definitely make Splunk more attractive and usable. I read in a few blog posts that there were a few security incidents related to Splunk agents. So, it can be made more secure."
"While Splunkbase (the app repository) has a lot of great content, some apps are terribly old and could stand to be updated or purged."
"The GUI can be improved to include some of the capabilities that other BI solutions have."
"Adding custom visualization in Splunk has been improved over the years but can still be made better by integrating more and more JavaScript visualization sources."
"The UI can be improved. Dashboards and reports can be better in terms of graphics."
"The configuration could be better."
"I would like the ability to view logs for specific instances and not have to pull the logs for the entire Cloud environment in Splunk."
"Writing queries is a bit complicated sometimes."
Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 29 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Rapid7 InsightIDR is rated 8.4, while Splunk Enterprise Security is rated 8.4. The top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Rapid7 InsightIDR is most compared with Darktrace, Rapid7 InsightVM, IBM Security QRadar, Microsoft Defender for Identity and Fortinet FortiSIEM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our Rapid7 InsightIDR vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
For tools I’d recommend:
-SIEM- LogRhythm
-SOAR- Palo Alto XSOAR
Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic.
Also, remember that any EDR/XDR should integrate to the SIEM/SOAR and a strong threat intel source.
If you consider SOC outsourcing take your time and find one you can integrate like a virtual team member. They are only as good as their depth of knowledge in your business and your on-prem SOC.
Apache Metron, ELK, OSSIM, Splunk and Qradar (in cost/benefit order for starters).
I have no experience with Rapid 7 or InsightIDR.
IBM Qradar works great but is not easy to install. If it is running it is a great tool. Also depending on the budget, Riverbed security is a tool to consider. Costs are lower than QRadar and easier to implement.
Or you can use our SaaS solution with QRadar and a lot more built-in. One holistic solution for your complete IT environment.
@Evgeny Belenky, I found Stellar to be quite intriguing.
I would also recommend McAFee’s new console for centralizing and coordinating a well-deployed enterprise solution.
COMODO MDR
Disclaimer: ICE Consulting offers SOC as a Service to our Clients.
For SOC Tools we use Securonix and other in-house developed solutions. Securonix provides an all in one package (SIEM, UEBS, & NTA) that we believe is competitively priced for the Small to Mid Market. Their Customer Service seems better than most and they are always highly rated in the Gartner MQ reports. Set-up is not difficult, but is time consuming for the first time, afterwards each client deployment we have added has seemed to get easier and quicker.
Please contact several vendors and ask for demos, talk with the vendor engineers to ensure the solution will workfor your needs... We evaluated Rapid7, AlienVault (ATT Cybersecurity), QRadar, LogRythm, and Securonix before deciding on Securonix.
Also take your time in evaluating and re-evaluating the products, I took us about about 18 months and over $30K of working with what was utimately the wrong product for us, before moving to Securonix.
Make sure training for the use of the service is included. We have been able to provide entensive training to out team through the vendor and would not have been able to get out SOC offering off the ground without it.
Good Luck!
COMODO SOC covers your entire network and also your email. It is very easy to deploy and is very effective for reports.
I prefer the COMODO SOC solution because it is a very good and easy to deploy product.