We performed a comparison between Rapid7 InsightIDR and Trend Micro Deep Discovery based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The product can integrate with any device."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"I like that it's a cloud-based solution."
"The UI is very good."
"It is a very stable solution."
"The technical support is a solid 10 out of 10 as they take the time to answer any questions or problems which may arise in a reasonable time frame."
"It improved my organization by building a security alerting program."
"The alerting to drive investigations and remediation has been its most valuable feature."
"The log aggregation and storage provided by InsightIDR has shown no issues with scalability; aggregating over one hundred millions events daily."
"Another very important part of insightIDR is the ability to collect data from endpoint devices via agent software. With a large remote workforce, this allows visibility into the endpoints that are connected to the internet, but not to the corporate network."
"The HTML file sandboxing is very good."
"One of the most valuable features is the performance, since, so far, we have not faced any issues with Deep Discovery."
"The most valuable features are monitoring for advanced persistent threats, the system runs in a sandbox allowing for effective zero-day exploits management, and the Inspector has a built-in sandbox."
"Deep Discovery is scalable and compatible with other products. It's crucial to have that compatibility because it's an integral part of our security solution. It integrates smoothly. The interface is user-friendly, so administration is simple."
"The product's initial setup phase was not difficult."
"The performance and stability are great."
"It is a very good solution. It is very light, and it is quite quick to figure out the problem in your network."
"The most valuable features are the protection and that it is fast."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"The playbook is a bit difficult and could be improved."
"The APIs can be further improved in Rapid7."
"I feel it would greatly benefit from more supported log sources."
"The integration capabilities of the solution have certain shortcomings where improvements are required."
"Cloud risk assessment is one area where I think they need a lot of improvement."
"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses."
"The dashboard is an area that could be simplified."
"Rapid7 InsightIDR is not intuitive to search for logs. It should be more user-friendly and improve the dashboards. We should be able to use ready-made templates instead of having to build one."
"Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries."
"Scalability becomes an issue when managing a higher number of customers."
"The solution needs improvement in terms of pricing."
"The solution needs to be able to integrate better with third-party infrastructure."
"Trend Micro Deep Discovery's technical support could be improved, and it could be made more active."
"This solution could be improved with faster technical support and cheaper licensing prices."
"The solution could be more secure."
"I would like to see them create a rule where It could integrate with the network and start mitigating with auto-detection."
"I would like the ability to analyze all files in our internal network, at the same time on different operating systems. Not just three of them, but as many as possible."
Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 29 reviews while Trend Micro Deep Discovery is ranked 8th in Intrusion Detection and Prevention Software (IDPS) with 22 reviews. Rapid7 InsightIDR is rated 8.4, while Trend Micro Deep Discovery is rated 8.4. The top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". On the other hand, the top reviewer of Trend Micro Deep Discovery writes "Good threat detection capabilities and offers flexibility for hosting options". Rapid7 InsightIDR is most compared with Darktrace, Splunk Enterprise Security, Rapid7 InsightVM, IBM Security QRadar and Microsoft Defender for Identity, whereas Trend Micro Deep Discovery is most compared with Darktrace, Trend Micro TippingPoint Threat Protection System, Arista NDR, Vectra AI and Trellix Intrusion Prevention System.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
