We performed a comparison between Rapid7 InsightIDR and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The Log analytics are useful."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"We were able to identify criminals attempting to login from China and put a stop on their IP locations."
"Intelligent alerting to avoid the common problem of alert fatigue associated with traditional SIEMs."
"The solution is very stable and works very well for what I need it to do."
"Integration with threat modeling from the Metasploit and InsightIDR repositories."
"Rapid7 is easy to use and deploy. It is a simple solution and has easy data pulling."
"I am able to run automated actions based on the output of reports, leaving me extra time to focus on more pressing matters."
"It improved my organization by building a security alerting program."
"The solution is very scalable in terms of the licensing model."
"It has performed well and delivered the results that I have been looking for."
"I like the ease of deployment."
"It enables us to detect malicious threats, issues, or vulnerabilities in our network."
"Compared to other solutions, the user interface is good."
"It can be easily deployed with the other solutions."
"The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."
"It has good technical support, which is available around the clock. You can call up anytime and get whatever you want. My queues are resolved."
"It is easy to use and deploy. It comes with user-friendly manuals."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"There is room for improvement in entity behavior and the integration site."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"Currently, it lacks the functionalities provided by Rapid7's User Behavior Analytics (UBA)."
"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."
"The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."
"The dashboard is an area that could be simplified."
"They should add more configuration and security features to it."
"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."
"The main problem lies in the processes within the client's operating systems."
"Needs a better ability to customize the check within the console."
"The only issue I have with McAfee is the amount of computer resources that it takes... it's definitely impacting some of the other applications that are running on a computer at the same time."
"The product's stability is an area of concern where improvements are required."
"It seems McAfee does test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs."
"I would like to see good analytics in future releases."
"The user interface could be more user-friendly."
"I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore."
"The support from McAfee ESM could improve. They could improve the speed."
"Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved."
Rapid7 InsightIDR is ranked 13th in Security Information and Event Management (SIEM) with 29 reviews while Trellix ESM is ranked 17th in Security Information and Event Management (SIEM) with 34 reviews. Rapid7 InsightIDR is rated 8.4, while Trellix ESM is rated 7.4. The top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Rapid7 InsightIDR is most compared with Darktrace, Splunk Enterprise Security, Rapid7 InsightVM, IBM Security QRadar and Microsoft Defender for Identity, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, LogRhythm SIEM, Splunk Enterprise Security and Fortinet FortiSIEM. See our Rapid7 InsightIDR vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.