Rapid7 InsightIDR Review

User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day

What is our primary use case?

  • Security incident
  • Event management

How has it helped my organization?

InsightIDR has allowed us to find potential security issues that we did not know existed, and get remediation quickly.

What is most valuable?

  • User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day. 
  • Log search allows us to dive deep into aggregated logs and query all event types at once.

What needs improvement?

Threat Intelligence: It would be useful to import threat intelligence in YARA format along with known incorrect email addresses.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

During the entire duration of use, there have been no issues noted with stability.

What do I think about the scalability of the solution?

The log aggregation and storage provided by InsightIDR has shown no issues with scalability; aggregating over one hundred millions events daily. The only constriction point in deployment is the collectors as they are required for agentless logging. However, keeping with the documentation provided for deployment, it handles the load appropriately if the documentation is adhered to.

How are customer service and technical support?

Among the best! Their support responds promptly. They fully resolve issues before closing tickets.

Which solution did I use previously and why did I switch?

We did not use a previous solution.

How was the initial setup?

The initial setup is quite straightforward and can be accomplished from their Quick Start Guide. As the platform is quite adaptable, it can continue to be expanded to add many different log types, which you may find to be a continuous process.

What's my experience with pricing, setup cost, and licensing?

Accurately predict your licensing counts as this is a subscription based product.

Which other solutions did I evaluate?

We evaluated FireEye Helix, LogRhythm, Splunk, and IBM QRadar.

What other advice do I have?

The product is a shift in paradigm being cloud-based with cloud storage. Be prepared to set up several virtual collector servers within your network, if you have a large network.

**Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
More Rapid7 InsightIDR reviews from users
Find out what your peers are saying about Rapid7, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: January 2021.
454,950 professionals have used our research since 2012.
Add a Comment