• Home
  • ExtraHop Reveal(x) vs. Rapid7 InsightIDR

ExtraHop Reveal(x) vs Rapid7 InsightIDR comparison

Cancel
You must select at least 2 products to compare!
ExtraHop Networks Logo
ExtraHop Reveal(x)
Read 12 ExtraHop Reveal(x) reviews
3,622 views|2,664 comparisons
100% willing to recommend
Rapid7 Logo
Rapid7 InsightIDR
Read 29 Rapid7 InsightIDR reviews
6,640 views|3,524 comparisons
95% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Network Traffic Analysis (NTA)
April 2024
Executive Summary

We performed a comparison between ExtraHop Reveal(x) and Rapid7 InsightIDR based on real PeerSpot user reviews.

Find out what your peers are saying about Darktrace, Vectra AI, Auvik and others in Network Traffic Analysis (NTA).
To learn more, read our detailed Network Traffic Analysis (NTA) Report (Updated: April 2024).
Download the complete report
770,292 professionals have used our research since 2012.
Featured Review
Serena Bryson
Useful detection, effective external IP risk mitigation, but longer activity look back needed
ExtraHop Reveal(x) has allowed us to triage the alerts as they're coming in. For example, as detections are noticed, being able to spot any issues... Read more →
Agustinus DWIJOKO
A tool to detect malicious activities and provide security to networks and endpoints
I have seen that Rapid7 InsightIDR provides security to the networks and endpoints in the company.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The solution works well for sending sensors.""It's a wire analytics tool. We use it for isolating and determining issues on our network or applications. It does a lot for crediting the network as opposed to discrediting the network. A lot of people come along and say that it's a network issue. It's always considered to be a network issue, but by using ExtraHop, we can quickly tell them that it's not a networking issue. It's something to do with your application or something at the other end. It could be a database issue. This tool gives us the ability to pinpoint with great accuracy the comings and goings on our network.""The security features of this solution are the most valuable.""The solution's ability to decrypt SSL traffic is its most valuable feature.""The solution's initial setup process is easy.""Setting up the solution is relatively easy.""Reveal X integrates seamlessly with CrowdStrike. If you see something sketchy on the network, you can quarantine devices through ExtraHop and it'll push to the CrowdStrike server.""ExtraHop Reveal(x) is one of the tools that works out of the box when it comes to threat hunting."

More ExtraHop Reveal(x) Pros →

"I like that it's a cloud-based solution.""Scalability-wise, I rate the solution a ten out of ten. As a cloud tool, the product is highly scalable.""The log aggregation and storage provided by InsightIDR has shown no issues with scalability; aggregating over one hundred millions events daily.""I like the tool's user analysis feature.""I rate Rapid7 nine out of 10 for affordability""Rapid7 is easy to use and deploy. It is a simple solution and has easy data pulling.""The solution's initial setup is easy.""​​User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day."

More Rapid7 InsightIDR Pros →

Cons
"They used to have the ability to decode Citrix sign-on, setup, and tear down. Unfortunately, Citrix has stopped sharing that knowledge. Citrix has continued to change its model of processing, making it harder and harder to troubleshoot.""The solution should include more support protocols.""The solution's reporting part and GUI are areas with certain shortcomings where improvements are required.""Netflow - Processing Netflow can be cumbersome as it requires triggers to truly gain value and insight. This in turn can add a bit of load to the hardware. The focus of ExtraHop Reveal (x) is live packet data.""It needs integration with more security vendors.""I think the tuning capabilities could be improved. We're working on minimizing false positives. Apart from that, everything seems fine to me.""I would like to see more cloud capability.""The solution’s pricing could be improved."

More ExtraHop Reveal(x) Cons →

"The APIs can be further improved in Rapid7.""It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required.""The ability to tune the collector for custom logs would greatly help.""Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries.""I would like to see more development in InsightIDR towards building their SIEM solution and converting it to XDR.""Currently, it lacks the functionalities provided by Rapid7's User Behavior Analytics (UBA).""The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user and a separate table or group by destination. But I'd be more interested in where a person was logging into instead of who was logging in or where he was logging in.""The product allows us to make only 30 custom rules."

More Rapid7 InsightIDR Cons →

Pricing and Cost Advice
  • "I would rate the price a three out of five. It could be less expensive."
  • "I rate ExtraHop Reveal(x) six out of 10 for affordability. We pay for an annual license. It's always one of those trade-offs. You get a lot of value, but ExtraHop isn't exorbitantly priced. You can pay extra for additional features like the ability to decode HL7 traffic, which is crucial for EMR environments."
  • "The solution is based on an annual subscription model and is expensive."
  • "I rate the price of ExtraHop Reveal(x) a seven on a scale of one to ten, where one is a high price, and ten is a low price."

    • More ExtraHop Reveal(x) Pricing and Cost Advice →

  • "​I am sure that there are cheaper products out there, but none that meet so many of our needs whilst maintaining stability and usability.​"
  • "The team is very willing to work with companies. My suggestion is to call the Rapid7 sales department and see how they can help.​"
  • "Licensing is straightforward. If, for some reason, you don’t meet the minimum licensing requirements, there is a third-party managed service that can help."
  • "​Accurately predict your licensing counts as this is a subscription based product.​"
  • "The pricing and licensing are competitive."
  • "Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's also a provide-your-own-S3 option for longer retention if you don't want to pay for the additional retention years in your Rapid7 agreement."
  • "It is a reasonably priced solution."
  • "It is on a yearly basis. For our own company, for about 250 users, it was 16,000 euros a year."

    • More Rapid7 InsightIDR Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Network Traffic Analysis (NTA) solutions are best for your needs.
    See Recommendations
    770,292 professionals have used our research since 2012.
    Questions from the Community
    What is the best network monitoring software for large enterprises?
    Top Answer:We just did an assessment for our 47 datacenters around North America. The top two enterprise-level network monitoring solutions were ExtraHop first, Riverbed SteelCenter second. Their negotiated cost… more »
    Read all 18 answers   →
    What open source tool can one use to measure bandwidth from one's upstrea...
    Top Answer:One I am looking closely at is AppNeta. They have an appliance that can digest the flow and do a better job than Netflow The other one we are using is ExtraHop.  This has both a Datacenter… more »
    Read all 5 answers   →
    What do you like most about ExtraHop Reveal(x)?
    Top Answer:With ExtraHop Reveal(x), it gives me more visibility into the packets. It doesn't provide the entire packet capture, but it offers more information on how connections are made at the network layer… more »
    Read all 10 answers   →
    What SOC product do you recommend?
    Top Answer:For tools I’d recommend:  -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also,… more »
    Read all 12 answers   →
    What do you like most about Rapid7 InsightIDR?
    Top Answer:During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an application… more »
    Read all 20 answers   →
    What is your experience regarding pricing and costs for Rapid7 InsightIDR?
    Top Answer:We chose Rapid7 because of its price. IBM QRadar charges us based on data storage. Rapid7 InsightIDR charges us based on the endpoints we connect to. We are satisfied with the product’s price.
    Read all 17 answers   →
    Ranking
    5th
    out of 24 in Network Traffic Analysis (NTA)
    Views
    3,622
    Comparisons
    2,664
    Reviews
    9
    Average Words per Review
    543
    Rating
    8.6
    10th
    out of 80 in Security Information and Event Management (SIEM)
    Views
    6,640
    Comparisons
    3,524
    Reviews
    10
    Average Words per Review
    415
    Rating
    8.2
    Comparisons
    Also Known As
    Reveal(x), Revealx
    InsightIDR
    Learn More
    ExtraHop Networks
    Rapid7
    Overview

    ExtraHop Reveal(x) is a highly effective network traffic analysis (NTA) solution that leverages a cloud-native architecture to empower organizations to overcome a world filled with increasingly sophisticated threats. It identifies 25% more threats than its competitors. Additionally, organizations that employ Reveal(x) say they resolve issues 77% percent faster than they would if they were using other similar solutions.

    ExtraHop Reveal(x) Benefits

    Some of the ways that organizations can benefit by choosing to deploy ExtraHop Reveal(x) include:

    • Total network visibility. Reveal(x) gives users the ability to view every component of their network and devices connected to it in real time. It can automatically recognize and classify the devices that are communicating across an organization’s network. These devices are scanned by powerful decryption software that reveals hidden threats and the details of critical transactions without compromising privacy or compliance rules. Organizations are given full East-West visibility across both physical data centers and cloud environments. Threats that are on the periphery are brought to the attention of the administrators tasked with watching out for them.
    • Identify threats in real time. Reveal(x) extracts more than 5,000 features from the L2-L7 security layers at any given time, feeds them into its machine learning engine, and presents them to its rule-based detection feature. These features make it possible for the solution to identify the most severe threats. Users can conduct a threat triage and address the threats that their system detects in the order of severity that these threats represent.
    • Ease of use. Users of Reveal(x) can easily make full use of its event remediation features without expending long periods of time learning them. Its workflows are designed so that administrators can go from a security event to the cause of the event in only a couple of clicks. What would normally take hours can be completed in moments.

    ExtraHop Reveal(x) Features

    • Integration suite. Reveal(x) enables users to utilize a robust suite of integrations. If users feel they are missing important capabilities, they can bolster their security feature toolbox with those offered by third-party solutions. Phantom, Splunk, and Palo Alto are three examples of solutions that Reveal(x) enables users to connect to in order to fill in a gap in their security capabilities.
    • Automated inventory. Reveal(x) automatically creates a detailed inventory of all of the devices that it discovers and classifies. This keeps an always up-to-date record of all of the devices that are communicating in a given network.

    • Machine learning. Reveal(x)’s real-time application analytics is driven by a machine learning engine. It detects anomalies in an organization’s network traffic, thus enabling users to keep ahead of any and all threats while reducing the number of false positives that administrators have to sort through.

    Reviews from Real Users

    ExtraHop Reveal(x) is a solution that stands out when compared to many other similar solutions. Two major advantages that it offers are its versatility and its ability to quickly identify the root cause of an application’s issues.

    John B., the senior monitoring engineer at a financial services firm, says, “It's useful for different teams in our organization. The cybersecurity team uses it because it has got great analytics for anomaly detection, malware detection, and ransomware. It's used by the networking people because it's great to be able to get the three-way handshake between systems to see how your network is doing. The microservices for DNS use it because they like to be able to see how their DNS services are operating and how many DNS requests are being rejected, denied, or dropped. Application people love it because it fully decrypts their traffic.

    Henry S., a systems engineer at LifePoint Health, writes, "When there are performance issues with an HTTP app, ExtraHop enables us to identify the causes within a few minutes. We can see what transactions are being impacted by something that may be happening within the server environment."

    Parsing hundreds of trivial alerts. Managing a mountain of data. Manually forwarding info from your endpoints. Forget that. InsightIDR instantly arms you with the insight you need to make better decisions across the incident detection and response lifecycle, faster.

    Sample Customers
    Wood County Hospital
    Liberty Wines, Pioneer Telephone, Visier
    Top Industries
    REVIEWERS
    Security Firm22%
    Computer Software Company22%
    Financial Services Firm22%
    Educational Organization11%
    VISITORS READING REVIEWS
    Computer Software Company15%
    Financial Services Firm14%
    Government7%
    Manufacturing Company6%
    REVIEWERS
    Comms Service Provider21%
    Computer Software Company21%
    Non Tech Company14%
    Security Firm14%
    VISITORS READING REVIEWS
    Computer Software Company15%
    Manufacturing Company8%
    Financial Services Firm8%
    Government6%
    Company Size
    REVIEWERS
    Small Business23%
    Midsize Enterprise23%
    Large Enterprise54%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise14%
    Large Enterprise65%
    REVIEWERS
    Small Business61%
    Midsize Enterprise21%
    Large Enterprise18%
    VISITORS READING REVIEWS
    Small Business26%
    Midsize Enterprise20%
    Large Enterprise54%
    Buyer's Guide
    Network Traffic Analysis (NTA)
    April 2024
    Download Free Report
    Find out what your peers are saying about Darktrace, Vectra AI, Auvik and others in Network Traffic Analysis (NTA). Updated: April 2024.
    DOWNLOAD NOW
    770,292 professionals have used our research since 2012.

    ExtraHop Reveal(x) is ranked 5th in Network Traffic Analysis (NTA) with 12 reviews while Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 29 reviews. ExtraHop Reveal(x) is rated 8.6, while Rapid7 InsightIDR is rated 8.4. The top reviewer of ExtraHop Reveal(x) writes "It helps you visualize how data moves across your network". On the other hand, the top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". ExtraHop Reveal(x) is most compared with Darktrace, Vectra AI, Corelight, Cisco Secure Network Analytics and SolarWinds NetFlow Traffic Analyzer, whereas Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and IBM Security QRadar.

    We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.