We performed a comparison between NetWitness Platform and Rapid7 InsightIDR based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the security that it provides."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"Offers a good wireless feature."
"Incident management is its most valuable feature."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"It's quite economical compared to other solutions in the market."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"Simple configuration and automatically syncs to the cloud platform."
"If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities."
"During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an application belongs to a known ransomware group. The system rates the threat, offering a clear detection ratio, such as 97 out of 100. It not only identifies threats but also illustrates the associated behaviors, helping us understand the potential risk to a particular endpoint."
"The product works well. Stability-wise, I rate the solution a ten out of ten."
"Scalability-wise, I rate the solution a ten out of ten. As a cloud tool, the product is highly scalable."
"Intelligent alerting to avoid the common problem of alert fatigue associated with traditional SIEMs."
"Integration with threat modeling from the Metasploit and InsightIDR repositories."
"The log aggregation and storage provided by InsightIDR has shown no issues with scalability; aggregating over one hundred millions events daily."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"The tool's integration capability isn't so great."
"The product's licensing models are complex to understand. This particular area needs improvement."
"An area for improvement would be better automation and more inbuilt use cases."
"The user interface is a little bit difficult for new users and it needs to be improved."
"Security needs improvement."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment."
"The main problem lies in the processes within the client's operating systems."
"Inability to get access to compliance reports within the solution."
"The solution needs improvement in threat intelligence. Increasing the depth of intelligence to help users understand more about threats is a possibility. My suggestion is to expand access to other websites or resources."
"The searching feature in Rapid7 InsightIDR needs to evolve"
"Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries."
"The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."
"Cloud risk assessment is one area where I think they need a lot of improvement."
NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews while Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 30 reviews. NetWitness Platform is rated 7.4, while Rapid7 InsightIDR is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Rapid7 InsightIDR writes "Helps in the management of compliance, secret events and information". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Microsoft Sentinel, whereas Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and IBM Security QRadar. See our NetWitness Platform vs. Rapid7 InsightIDR report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.