We performed a comparison between Rapid7 InsightIDR and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The product can integrate with any device."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"The machine learning and artificial intelligence on offer are great."
"The solution is very scalable in terms of the licensing model."
"During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an application belongs to a known ransomware group. The system rates the threat, offering a clear detection ratio, such as 97 out of 100. It not only identifies threats but also illustrates the associated behaviors, helping us understand the potential risk to a particular endpoint."
"Features for user behavior analytics and the rules for attack review are good."
"I am able to run automated actions based on the output of reports, leaving me extra time to focus on more pressing matters."
"I rate Rapid7 nine out of 10 for affordability"
"InsightIDR helps us investigate an environment to discover information about incidents."
"Very intuitive and easy to set up."
"Rapid7 is easy to use and deploy. It is a simple solution and has easy data pulling."
"The ability to rapidly diagnose problems in production and non-production, across hundreds of log files, is the most valuable feature."
"We can easily configure things as required in relation to our use cases."
"The most valuable feature of Splunk Enterprise Security is the comprehensive logging capabilities it provides."
"One of the most valuable features is threat hunting. We can do threat hunting and identify if there is any malicious activity happening within our environment, which is a key feature for us."
"We used it to create a custom anomaly detection data model to monitor the activity of our back-end services on an hourly basis relative to the past three months of activity."
"I have also been able to take advantage of some of the more complex statistical capabilities when analyzing logs."
"Without Splunk Enterprise Security, it would be difficult for us to manage and prioritize alerts. There's a potential to lose track of important notifications, and it's essential to our security that we do not miss anything. Splunk has improved our investigations because the reporting and dashboarding make things so much easier. We can provide weekly or monthly reports. I also like Splunk's ability to integrate."
"Splunk has significantly helped with aggregation and correlation of critical logs. Not having to grep on each individual server has made everyone more efficient."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"One key area that can be improved is by building a strong integration with our XDR platform."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"The only thing is sometimes you can have a false positive."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."
"Cloud risk assessment is one area where I think they need a lot of improvement."
"Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."
"I feel it would greatly benefit from more supported log sources."
"They should add more configuration and security features to it."
"The solution needs improvement in threat intelligence. Increasing the depth of intelligence to help users understand more about threats is a possibility. My suggestion is to expand access to other websites or resources."
"Lacks a mobile application."
"The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user and a separate table or group by destination. But I'd be more interested in where a person was logging into instead of who was logging in or where he was logging in."
"Its pricing is extremely high. There are other tools out in the market that are competitive. They do not necessarily have all the functionality, but they are competitive. The professional services we have used have been high as well in comparison to the market."
"The implementation and the scanning of the logs can be difficult."
"Splunk can be an expensive solution. Technical support could be improved as well."
"The presence of multiple layers creates a significant challenge for monitoring across cloud environments."
"It could be more user friendly, in terms of the end-user experience."
"Some of the terminology can be confusing, even for seasoned vets. Renaming components at this point would be a serious undertaking. However, it might be beneficial in the long run."
"The support that is included with the standard licensing fee is very bad."
"It is a challenge to manage the environment in such a way, that one’s log, even with the bandwidth license, isn’t exceeded."
Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 29 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 228 reviews. Rapid7 InsightIDR is rated 8.4, while Splunk Enterprise Security is rated 8.4. The top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Rapid7 InsightIDR is most compared with Darktrace, Rapid7 InsightVM, IBM Security QRadar, Microsoft Defender for Identity and CrowdStrike Falcon, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our Rapid7 InsightIDR vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
For tools I’d recommend:
-SIEM- LogRhythm
-SOAR- Palo Alto XSOAR
Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic.
Also, remember that any EDR/XDR should integrate to the SIEM/SOAR and a strong threat intel source.
If you consider SOC outsourcing take your time and find one you can integrate like a virtual team member. They are only as good as their depth of knowledge in your business and your on-prem SOC.
Apache Metron, ELK, OSSIM, Splunk and Qradar (in cost/benefit order for starters).
I have no experience with Rapid 7 or InsightIDR.
IBM Qradar works great but is not easy to install. If it is running it is a great tool. Also depending on the budget, Riverbed security is a tool to consider. Costs are lower than QRadar and easier to implement.
Or you can use our SaaS solution with QRadar and a lot more built-in. One holistic solution for your complete IT environment.
@Evgeny Belenky, I found Stellar to be quite intriguing.
I would also recommend McAFee’s new console for centralizing and coordinating a well-deployed enterprise solution.
COMODO MDR
Disclaimer: ICE Consulting offers SOC as a Service to our Clients.
For SOC Tools we use Securonix and other in-house developed solutions. Securonix provides an all in one package (SIEM, UEBS, & NTA) that we believe is competitively priced for the Small to Mid Market. Their Customer Service seems better than most and they are always highly rated in the Gartner MQ reports. Set-up is not difficult, but is time consuming for the first time, afterwards each client deployment we have added has seemed to get easier and quicker.
Please contact several vendors and ask for demos, talk with the vendor engineers to ensure the solution will workfor your needs... We evaluated Rapid7, AlienVault (ATT Cybersecurity), QRadar, LogRythm, and Securonix before deciding on Securonix.
Also take your time in evaluating and re-evaluating the products, I took us about about 18 months and over $30K of working with what was utimately the wrong product for us, before moving to Securonix.
Make sure training for the use of the service is included. We have been able to provide entensive training to out team through the vendor and would not have been able to get out SOC offering off the ground without it.
Good Luck!
COMODO SOC covers your entire network and also your email. It is very easy to deploy and is very effective for reports.
I prefer the COMODO SOC solution because it is a very good and easy to deploy product.