What is our primary use case?
We primarily use the solution for a combination of log management as well as threat detection.
What is most valuable?
The ease of use of the solution is excellent.
The individual setup is great. You can set it up and get it going in a short amount of time.
They have one agent for Insight where, basically, we can also install agents on Linux and Windows Servers as well as the endpoints. This agent provides for more capabilities in terms of threat detection. Normally, SIEM is more centered around log management and data mining. It's nice to have this extra layer.
If you look at the agent part, the Insight agent, which is an optional component of InsightIDR, that agent also helps us to detect more threats, due to the fact that the endpoints are also vulnerable to a lot of security breaches.
If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities.
What needs improvement?
Earlier they didn't have a network flow capture product, so they were not able to capture the network flows. We were able to capture the logs but not the network flows. Now, they have acquired a company called NetFort, and now they are also using the capture network flows. This was one of the shortcomings of the product which they have now rectified after acquisition of the company.
Cloud risk assessment is one area where I think they need a lot of improvement.
The solution should have a CIS Benchmark in terms of, I would say, config change detection.
For how long have I used the solution?
I've been using the solution for about one year.
What do I think about the scalability of the solution?
Since it is on cloud, so we need to just provision the collectors, which is like a sensor that captures logs on-premise and sends it to their cloud, the metadata. We are able to scale more. The scalability is high. There is no issue related to redundancy or high availability. Since it is on cloud, it is taken care of from their data center.
The solution is more suited towards larger enterprises, and not really ideal for smaller companies.
How are customer service and technical support?
The technical support is good. They follow and adhere to their SLA terms. Based on the customer's needs, they can go with a higher level of support. Based on their standard support, they adhere to whatever is their SLA terms are and they are typically good enough. There's no complaints of any lag in service. They do a good job.
Which solution did I use previously and why did I switch?
I've used other products such as QRadar and other SIEM solutions and I find this solution is much more simplified and user-friendly. Their DNA is also really in security, which they can feed quite effectively into their SIEM. They understand security far better than other OEMs.
How was the initial setup?
The initial setup is not complex. It's straightforward. Deployment takes less than two weeks. It is based on the customer's environment, however, on average, you can assume it will take one to two weeks. You only need about two to three people to handle the deployment.
What about the implementation team?
We're an integrator for Rapid7. We handle deployments for our customers.
What's my experience with pricing, setup cost, and licensing?
If you look at any other SIEM solution, the license is based on events per second or EPS based licensing. Here, the licensing is the number of assets, and the number of days the log would be retained on their cloud. That is one of the huge differences between this solution and the competition.
What other advice do I have?
We are solution partners.
The solution has a console with everything on the cloud, however, only the centers, the log collectors, are on-premise. This solution is actually cloud-based.
People who want a solution, a very simplified and easy to start, and then they want to start immediately on a solution with fewer complications, so those would be the right customers. You can say SME, mid and large actually, but I think mid and large enterprises would be the right fitment.
I would recommend the solution. Rapid7's professional services, including their planning, architecture, deployment, et cetera is up to the mark. I would recommend having a few workdays, in the initial planning stage, maybe for assessment of the solution and to take some time to understand everything before beginning. New users should reach out to their Rapid7 professional services for the planning portion of the implementation process.
I would rate the solution eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner