We performed a comparison between IBM Security QRadar and Rapid7 InsightIDR based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing."
"We also use Microsoft Sentinel, Defender for Cloud, Defender for Identity, and Microsoft Defender for Cloud Apps. They are all integrated and it was very easy to integrate them. In my experience with the integrations, it was just a click of a button and things were integrated. It's just a button."
"The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management."
"The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI."
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"The comprehensiveness of Microsoft's threat detection is good."
"Scanning, vulnerability reporting, and the dashboard are the most valuable features."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."
"Improved our organization's TCO."
"It is the core of our entire SOX."
"When it comes to QRadar, they can do the correlation and not only in networks but also endpoints. This is one of the good features that we have noticed."
"The solution is easy to use, manage, and review all incidents."
"We have worked with other solutions, such as LogRhythm and Splunk. Compared to others, IBM QRadar has the best price-performance ratio so that you are able to reserve minimum costs. It starts settling in fast and gets the first results very quickly. It is also very scalable."
"The scalability is very good. It's not a problem."
"It has a logical, user-friendly GUI."
"Dashboards, including the main screen, provide much-needed information at a glance, without hours of coding and sifting through logs to find it. In case of an actual security incident, I have faith that insightIDR has retained all logs in a secure manner that prevents log tampering as well."
"I like that it's a cloud-based solution."
"The web interface is great — very useful and user-friendly."
"InsightIDR’s ability to process millions of transactions per day, and to notify me of the most critical ones, is priceless. InsightIDR has the alerts tuned, and has the ability to quickly drill down to determine the threat level."
"I like the tool's user analysis feature."
"Very intuitive and easy to set up."
"The biggest reason why we chose Rapid7 was to gain value in a really quick time. Its deployment doesn't take months. It just takes a few days."
"Rapid7 is easy to use and deploy. It is a simple solution and has easy data pulling."
"The management features could be improved, particularly in terms of better integration with Intune, Microsoft's cloud-based management solution."
"Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."
"The interface could be improved. For example, if you want to do a phishing simulation for your employees, it can take a while to figure out what to do. The interface is a bit messy and could be updated. It isn't too bad, but doing some things can be a long process."
"Sometimes, configurations take much longer than expected."
"Generally, antivirus products provide a central control to manage every device in terms of who is installing it or who is trying to disable it, but Microsoft doesn't have such a control center for the antivirus product it provides."
"Automated playbooks and automated dashboards would be preferable to the way the data is currently being presented."
"The capability to not only thwart attacks but also to adapt to evolving threats is crucial."
"The logs could be better."
"There are reports that I would like to generate that are either not included, or I cannot find."
"IBM QRadar could improve the plugins and threat detection."
"The solution could improve by having more out-of-the-box use cases."
"The pricing of the solution is a bit high. If they could lower it, that would be ideal."
"The product needs to improve its GUI."
"It is very difficult to activate all of the network equipment, and it would help if it were made easier."
"The solution should include remote action capabilities."
"If you have too many events that occur, then the storage capacity becomes a problem. You need to have more storage."
"One thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not."
"I would like the ability to adjust the threshold of certain existing alerts. Currently the only option is to change the notifications or create my own alert."
"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."
"Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries."
"InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment."
"Rapid7 InsightIDR is not intuitive to search for logs. It should be more user-friendly and improve the dashboards. We should be able to use ready-made templates instead of having to build one."
"I would like to see more development in InsightIDR towards building their SIEM solution and converting it to XDR."
"Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."
IBM Security QRadar is ranked 11th in Extended Detection and Response (XDR) with 198 reviews while Rapid7 InsightIDR is ranked 13th in Extended Detection and Response (XDR) with 29 reviews. IBM Security QRadar is rated 8.0, while Rapid7 InsightIDR is rated 8.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Datadog, whereas Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and Microsoft Defender for Identity. See our IBM Security QRadar vs. Rapid7 InsightIDR report.
See our list of best User Entity Behavior Analytics (UEBA) vendors, best Endpoint Detection and Response (EDR) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
For tools I’d recommend:
-SIEM- LogRhythm
-SOAR- Palo Alto XSOAR
Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic.
Also, remember that any EDR/XDR should integrate to the SIEM/SOAR and a strong threat intel source.
If you consider SOC outsourcing take your time and find one you can integrate like a virtual team member. They are only as good as their depth of knowledge in your business and your on-prem SOC.
Apache Metron, ELK, OSSIM, Splunk and Qradar (in cost/benefit order for starters).
I have no experience with Rapid 7 or InsightIDR.
IBM Qradar works great but is not easy to install. If it is running it is a great tool. Also depending on the budget, Riverbed security is a tool to consider. Costs are lower than QRadar and easier to implement.
Or you can use our SaaS solution with QRadar and a lot more built-in. One holistic solution for your complete IT environment.
@Evgeny Belenky, I found Stellar to be quite intriguing.
I would also recommend McAFee’s new console for centralizing and coordinating a well-deployed enterprise solution.
COMODO MDR
Disclaimer: ICE Consulting offers SOC as a Service to our Clients.
For SOC Tools we use Securonix and other in-house developed solutions. Securonix provides an all in one package (SIEM, UEBS, & NTA) that we believe is competitively priced for the Small to Mid Market. Their Customer Service seems better than most and they are always highly rated in the Gartner MQ reports. Set-up is not difficult, but is time consuming for the first time, afterwards each client deployment we have added has seemed to get easier and quicker.
Please contact several vendors and ask for demos, talk with the vendor engineers to ensure the solution will workfor your needs... We evaluated Rapid7, AlienVault (ATT Cybersecurity), QRadar, LogRythm, and Securonix before deciding on Securonix.
Also take your time in evaluating and re-evaluating the products, I took us about about 18 months and over $30K of working with what was utimately the wrong product for us, before moving to Securonix.
Make sure training for the use of the service is included. We have been able to provide entensive training to out team through the vendor and would not have been able to get out SOC offering off the ground without it.
Good Luck!
COMODO SOC covers your entire network and also your email. It is very easy to deploy and is very effective for reports.
I prefer the COMODO SOC solution because it is a very good and easy to deploy product.