We performed a comparison between IBM Security QRadar and Rapid7 InsightIDR based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."
"The EDR and the way it automatically responds to ransomware and other attacks are valuable features."
"It has been great for us. Previously, we didn't have a solution to protect us, especially from malware, whereas now, we are getting protection up front, especially from the malware attacks coming through emails or endpoints."
"Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"The most valuable feature depends on the scenario. For compliance, I like Microsoft Purview Information Protection and Data Loss Prevention. Sentinel is the most helpful feature for security. 365 Defender helps us prioritize threats across an enterprise. It's a crucial feature for the managed services team."
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"IBM QRadar User Behavior Analytics's most important feature is its ease of use."
"I really like the feature we have with the logs, that if there are any credit card numbers being used, like a PII, you can just use rejects and you can mask it. This is a really good feature in QRadar."
"Provided that the report is prebuilt and I can find what I am looking for, the reporting is the most valuable feature in this solution."
"The scalability is good."
"The feature that I have found most valuable is its artificial intelligence component, Watson. Its contribution is pretty good from a machine-learning artificial intelligence perspective. This compliments the orchestration automation component, as well."
"Flexible and valuable product that is modular, so you can easily set up a roadmap for your clients."
"QRadar UBA's most valuable feature is the risk rating of users depending on their behavior."
"It's quite scalable. We have upgraded some solutions from 1000 APS up to 3500 APS to 5000 APS. It's a good solution, they have no scalability issues."
"Log search allows us to dive deep into aggregated logs and query all event types at once."
"InsightIDR helps us investigate an environment to discover information about incidents."
"Simple configuration and automatically syncs to the cloud platform."
"Great coverage of all systems within our network from endpoint to firewall."
"Intelligent alerting to avoid the common problem of alert fatigue associated with traditional SIEMs."
"User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day."
"During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an application belongs to a known ransomware group. The system rates the threat, offering a clear detection ratio, such as 97 out of 100. It not only identifies threats but also illustrates the associated behaviors, helping us understand the potential risk to a particular endpoint."
"Rapid7 InsightIDR integrates well with other solutions. It's also easy to configure because Rapid7 InsightIDR has a lot of instructions posted on their website that customers can follow if they need to get the source log."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"It would be helpful if the solution could scan faster when it comes to scanning attachments to emails."
"Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."
"The support could be more knowledgable to improve their offering."
"While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience."
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"The pricing of the solution is a bit high. If they could lower it, that would be ideal."
"QRadar needs to be more specialized, along the lines of what other SIEM solutions are."
"Dashboards and reports could provide better visualization of SIEM activity."
"There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place."
"IBM technical support is always terrible."
"It is very difficult to activate all of the network equipment, and it would help if it were made easier."
"The reporting system could use some upgrading."
"There should be more opportunity for community kind of distribution where, for example, if there was a zero-day threat targeting companies."
"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."
"InsightIDR's integration with other solutions could be improved. Also, I'd like more control from the portal over what's happening on the endpoint side. For example, when I see an attack on an endpoint, I want to be able to stop it from the portal."
"The APIs can be further improved in Rapid7."
"I would like to see more development in InsightIDR towards building their SIEM solution and converting it to XDR."
"I feel it would greatly benefit from more supported log sources."
"The integration capabilities of the solution have certain shortcomings where improvements are required."
"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."
"The dashboard is an area that could be simplified."
IBM Security QRadar is ranked 4th in Security Information and Event Management (SIEM) with 198 reviews while Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 29 reviews. IBM Security QRadar is rated 8.0, while Rapid7 InsightIDR is rated 8.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Datadog, whereas Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and Microsoft Defender for Identity. See our IBM Security QRadar vs. Rapid7 InsightIDR report.
See our list of best Security Information and Event Management (SIEM) vendors, best User Entity Behavior Analytics (UEBA) vendors, and best Endpoint Detection and Response (EDR) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
For tools I’d recommend:
-SIEM- LogRhythm
-SOAR- Palo Alto XSOAR
Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic.
Also, remember that any EDR/XDR should integrate to the SIEM/SOAR and a strong threat intel source.
If you consider SOC outsourcing take your time and find one you can integrate like a virtual team member. They are only as good as their depth of knowledge in your business and your on-prem SOC.
Apache Metron, ELK, OSSIM, Splunk and Qradar (in cost/benefit order for starters).
I have no experience with Rapid 7 or InsightIDR.
IBM Qradar works great but is not easy to install. If it is running it is a great tool. Also depending on the budget, Riverbed security is a tool to consider. Costs are lower than QRadar and easier to implement.
Or you can use our SaaS solution with QRadar and a lot more built-in. One holistic solution for your complete IT environment.
@Evgeny Belenky, I found Stellar to be quite intriguing.
I would also recommend McAFee’s new console for centralizing and coordinating a well-deployed enterprise solution.
COMODO MDR
Disclaimer: ICE Consulting offers SOC as a Service to our Clients.
For SOC Tools we use Securonix and other in-house developed solutions. Securonix provides an all in one package (SIEM, UEBS, & NTA) that we believe is competitively priced for the Small to Mid Market. Their Customer Service seems better than most and they are always highly rated in the Gartner MQ reports. Set-up is not difficult, but is time consuming for the first time, afterwards each client deployment we have added has seemed to get easier and quicker.
Please contact several vendors and ask for demos, talk with the vendor engineers to ensure the solution will workfor your needs... We evaluated Rapid7, AlienVault (ATT Cybersecurity), QRadar, LogRythm, and Securonix before deciding on Securonix.
Also take your time in evaluating and re-evaluating the products, I took us about about 18 months and over $30K of working with what was utimately the wrong product for us, before moving to Securonix.
Make sure training for the use of the service is included. We have been able to provide entensive training to out team through the vendor and would not have been able to get out SOC offering off the ground without it.
Good Luck!
COMODO SOC covers your entire network and also your email. It is very easy to deploy and is very effective for reports.
I prefer the COMODO SOC solution because it is a very good and easy to deploy product.