We performed a comparison between Rapid7 InsightIDR and Trend Micro Deep Discovery based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."The features that stand out are the detection engine and its integration with multiple data sources."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The pricing of the product is excellent."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"Free ingestion for Azure logs (with E5 licence)"
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The ability to ingest Office 365 log files, then process them into events and display them on a map."
"The technical support is a solid 10 out of 10 as they take the time to answer any questions or problems which may arise in a reasonable time frame."
"Integration with threat modeling from the Metasploit and InsightIDR repositories."
"I like the tool's user analysis feature."
"The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort through all the logs, network and endpoint data, etc., and add it to an incident case as part of the investigation, is nice. Having it automatically timeline that additional data into the original incident timeline, and correlate it to other notable events and activities on the network, results in a huge improvement in our overall confidence that we've quickly traced down the right source of an issue."
"The alerting to drive investigations and remediation has been its most valuable feature."
"Intelligent alerting to avoid the common problem of alert fatigue associated with traditional SIEMs."
"I rate Rapid7 nine out of 10 for affordability"
"Generally speaking, it just gives us a broad understanding of exactly what kind of threats occur. The submission point, analyzing point, and virtualization are within the environment that it supports. It helped us to improve our security levels and protect our internal network from any threats outside."
"I like the sales operations testing. and support."
"There is no downtime or server vulnerability with this solution."
"One of the most valuable features is the performance, since, so far, we have not faced any issues with Deep Discovery."
"The most valuable features are monitoring for advanced persistent threats, the system runs in a sandbox allowing for effective zero-day exploits management, and the Inspector has a built-in sandbox."
"Initial setup is easy. It can be done by yourself."
"The most valuable features are the protection and that it is fast."
"The solution has extension-based features that help it to analyze the environment. The environment can have different platforms like Windows, Linux, and Mac. The tool will give a report which can confirm the analysis of the issues. You can also get clear information on threats or suspicious files."
"The solution could be more user-friendly; some query languages are required to operate it."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"The solution could improve the playbooks."
"We are invoiced according to the amount of data generated within each log."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"The product allows us to make only 30 custom rules."
"The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user and a separate table or group by destination. But I'd be more interested in where a person was logging into instead of who was logging in or where he was logging in."
"Rapid7 InsightIDR is not intuitive to search for logs. It should be more user-friendly and improve the dashboards. We should be able to use ready-made templates instead of having to build one."
"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."
"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses."
"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."
"InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment."
"They should add more configuration and security features to it."
"This solution could be improved with faster technical support and cheaper licensing prices."
"I would like to see integration with third-party tools to improve the visibility of the dashboards."
"The solution needs to be able to integrate better with third-party infrastructure."
"The solution should support multiple platforms in Windows, Linux, and Mac. Customers can have different software types. The virtual environment should be able to install and analyze them. The tool also gives only a minimum level of extension support. It may not be able to extract files and give details about them. I would also like to see third-party product integration in the tool. The solution's current integration is only with Trend Micro products only."
"The solution could be more stable and offer more security."
"The scalability is sometimes limited."
"The product's scalability feature needs to be improved, as it is an area in the product with certain shortcomings."
"The stability of the solution could be improved. It should be 100% stable, but it's not there right now."
Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 29 reviews while Trend Micro Deep Discovery is ranked 8th in Intrusion Detection and Prevention Software (IDPS) with 22 reviews. Rapid7 InsightIDR is rated 8.4, while Trend Micro Deep Discovery is rated 8.4. The top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". On the other hand, the top reviewer of Trend Micro Deep Discovery writes "Good threat detection capabilities and offers flexibility for hosting options". Rapid7 InsightIDR is most compared with Darktrace, Splunk Enterprise Security, Rapid7 InsightVM, IBM Security QRadar and Microsoft Defender for Identity, whereas Trend Micro Deep Discovery is most compared with Darktrace, Trend Micro TippingPoint Threat Protection System, Arista NDR, Vectra AI and Trellix Intrusion Prevention System.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.