We performed a comparison between CrowdStrike Falcon and Rapid7 InsightIDR based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave."
"The most valuable feature of the solution stems from the fact that Microsoft Defender XDR is easy to integrate with other Microsoft platforms or products."
"The EDR features are valuable. By getting the EDR features, we have more control over the device. We have information about events in real-time and more protection against zero-day threats and zero-day vulnerabilities. We can monitor every event or action that a device is going through. We can get an idea if it is something malicious or if we have to take any actions."
"Microsoft 365 Defender is simple to upgrade."
"Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"Microsoft 365 Defender's most valuable feature is the ability to control the shadow IP."
"It has been great for us. Previously, we didn't have a solution to protect us, especially from malware, whereas now, we are getting protection up front, especially from the malware attacks coming through emails or endpoints."
"The solution offers great stability."
"The 10 hours a week that we are freeing up from having to manage and monitor our AV solution has really allowed us to focus on other areas of the business. This has been a huge return on investment."
"Overall, what I found most valuable in CrowdStrike Falcon is its good mechanism. It also has a good reporting feature. CrowdStrike Falcon is an invaluable tool because, through it, you can take quick action, for example, when an OS is missing specific patches."
"The most valuable feature is the indicator of compromise, which show you what file was either quarantined or removed."
"The EDR is amazing and ease of integration with Splunk is a big plus. Integration with BigQuery is also a plus for me and workflow creation is easy. Overall, CrowdStrike Falcon is a great product."
"The initial setup was straightforward."
"I like the overall reports of this solution. They are crisp, and to the point."
"The managed services are distinguished, responsive, dynamic, flexible, and assertive when taking action."
"The ability to ingest Office 365 log files, then process them into events and display them on a map."
"The solution is easy to use, and the interface is intuitive."
"InsightIDR has allowed us to find potential security issues that we did not know existed, and get remediation quickly."
"Rapid7's reporting is more robust than Tenable's."
"I like that it's a cloud-based solution."
"InsightIDR helps us investigate an environment to discover information about incidents."
"I am able to run automated actions based on the output of reports, leaving me extra time to focus on more pressing matters."
"Simple configuration and automatically syncs to the cloud platform."
"At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times."
"The web filtering solution needs to be improved because currently, it is very simple."
"The licensing is a nightmare and has room for improvement."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."
"The only problem I find is that the use cases are built-in. There is no template available that you can modify according to your organization's standards. What they give is very generic, the market standard, but that might not be applicable to every organization."
"CrowdStrike Falcon sometimes wrongly flags things as malicious. Let's say a user is active on Chrome only. Sometimes, our cross-segmenting will fetch from the backend data and show that it is malicious because of memory or CPU utilization."
"The biggest issue with Falcon as a standalone product is it doesn't have very much reporting."
"Unfortunately, native applications are not supported."
"We have had to open a case with the technical support to get some issues and bugs resolved."
"CrowdStrike Falcon by itself does not supply in-depth reporting."
"The console is not user-friendly or visually appealing and has room for improvement."
"In terms of features, I would like them to add detailed logging functionality in CrowdStrike. Currently, CrowdStrike detects the threats immediately based on the IOCs and the signature-based policies or many threat behaviors, but in terms of logging those threats, it is not very good. The information that they provide in the logs is very little. They can build more analytics into it."
"The technical support team often just replies to an issue with a link to an article rather than actually calling back and talking to someone and making sure the problem is solved. To me, that's kind of weak."
"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."
"Currently, it lacks the functionalities provided by Rapid7's User Behavior Analytics (UBA)."
"They should add more configuration and security features to it."
"The searching feature in Rapid7 InsightIDR needs to evolve"
"The product allows us to make only 30 custom rules."
"The main problem lies in the processes within the client's operating systems."
"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."
"Cloud risk assessment is one area where I think they need a lot of improvement."
CrowdStrike Falcon is ranked 3rd in Endpoint Detection and Response (EDR) with 107 reviews while Rapid7 InsightIDR is ranked 21st in Endpoint Detection and Response (EDR) with 30 reviews. CrowdStrike Falcon is rated 8.8, while Rapid7 InsightIDR is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Rapid7 InsightIDR writes "Helps in the management of compliance, secret events and information". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and SentinelOne Singularity Complete, whereas Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and Vectra AI. See our CrowdStrike Falcon vs. Rapid7 InsightIDR report.
See our list of best Endpoint Detection and Response (EDR) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
