Rapid7 InsightIDR Review

It improved my organization by building a security alerting program


What is our primary use case?

The following are our main use cases for InsightIDR:

  • Log correlation and searching, as well as alerting;
  • IDR Vulnerability management;
  • IVM;
  • Incident response;
  • Breach detection.

How has it helped my organization?

The tool has improved my organization by:

  • Building a security alerting program;
  • IDR-driven improved patching;
  • Implementing IVM.

What is most valuable?

The alerting to drive investigations and remediation has been its most valuable feature. Plus the ability to quickly search multiple logs makes investigations easier. Log correlation and alerting are also helpful.

It gives us one place to have everything easily accessible and the ability to alert (including customisation of alerts).

What needs improvement?

Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

While we have encountered stability issues, these are resource intensive systems so additional hardware solved this problem.

What do I think about the scalability of the solution?

There have been no scalability issues. It's easy to add servers.

How is customer service and technical support?

The technical support can be considered competent. However, they can be slow to discover solutions to tricky problems.

Which solutions did we use previously?

We did not previously use a different solution.

How was the initial setup?

Very simple. Spin up a couple of servers, create all the log connectors and you are up and running. The setup was complete within days and we had alerts being generated straight away.

What about the implementation team?

We did the installation without any technical help. The configuration was performed by non-technical staff.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing are competitive. Licensing is simple and straightforward.

Which other solutions did I evaluate?

We did not evaluate any other solution in the market.

What other advice do I have?

You should use it to drive change within your IT from a security point of view. Run a PoC and see exactly what it can do for you. The simple setup means it will be running in no time and you will get meaningful alerts straight away.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email