We performed a comparison between Rapid7 InsightIDR and Sophos UTM based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"The automation feature is valuable."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"Log aggregation and data connectors are the most valuable features."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"Features for user behavior analytics and the rules for attack review are good."
"Log search allows us to dive deep into aggregated logs and query all event types at once."
"The biggest reason why we chose Rapid7 was to gain value in a really quick time. Its deployment doesn't take months. It just takes a few days."
"User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day."
"InsightIDR’s ability to process millions of transactions per day, and to notify me of the most critical ones, is priceless. InsightIDR has the alerts tuned, and has the ability to quickly drill down to determine the threat level."
"If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities."
"Rapid7's reporting is more robust than Tenable's."
"I rate Rapid7 nine out of 10 for affordability"
"They are all good, but most-used are Network Protection and Web Filtering."
"I would recommend UTM over XG because it's easier to manage."
"It's a stable solution."
"Sophos UTM's best feature is SIM in the cloud, which combines the gateway solution and endpoint solution to send telemetry data to the cloud and provides full contact visibility regarding security."
"The initial setup has been fine."
"Sophos SG UTM had all the basic functionality that you needed. It is user-friendly and easy to manage for any integrator."
"It allows our developers to be able to securely log into servers to deploy and manage software."
"It gives us the ability to manage our firewalls from the cloud and deploy a unified configuration onto them. Other competitors like Meraki have that ability, but they fail to optimize it in the way that Sophos has."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"Inability to get access to compliance reports within the solution."
"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses."
"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."
"InsightIDR's integration with other solutions could be improved. Also, I'd like more control from the portal over what's happening on the endpoint side. For example, when I see an attack on an endpoint, I want to be able to stop it from the portal."
"The ability to tune the collector for custom logs would greatly help."
"Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."
"One thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not."
"Rapid7 InsightIDR is not intuitive to search for logs. It should be more user-friendly and improve the dashboards. We should be able to use ready-made templates instead of having to build one."
"Doesn't provide antivirus for individual computers."
"The interface configuration could be improved."
"Monitoring and reporting are areas that need improvement."
"When we call support, we get put on hold for a long time."
"The logs are not clear, which means that you need an additional piece of software in order to read them clearly."
"The initial setup was straightforward. The full deployment takes approximately two days which could be simplified to reduce the time. The major part of the process is the configuration and the policy setup."
"The application control is really bad. It needs a lot of enhancements. The traffic shaping and bandwidth control, and application control need a lot of work."
"It is a pretty straightforward setup, but it should be some sort of documentation that takes you step-by-step to help set it up for your VPC."
Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 29 reviews while Sophos UTM is ranked 1st in Unified Threat Management (UTM) with 110 reviews. Rapid7 InsightIDR is rated 8.4, while Sophos UTM is rated 8.4. The top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". On the other hand, the top reviewer of Sophos UTM writes "It's a highly stable platform with very few hardware issues". Rapid7 InsightIDR is most compared with Darktrace, Splunk Enterprise Security, Rapid7 InsightVM, IBM Security QRadar and Microsoft Defender for Identity, whereas Sophos UTM is most compared with Netgate pfSense, Fortinet FortiGate, Sophos XG, OPNsense and Palo Alto Networks NG Firewalls.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.