We performed a comparison between Rapid7 InsightIDR and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product detects and blocks threats and is more proactive than firewalls."
"The setup is pretty simple."
"The most valuable feature is the analysis, because of the beta structure."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers."
"The stability is very good."
"Simple configuration and automatically syncs to the cloud platform."
"I rate Rapid7 nine out of 10 for affordability"
"InsightIDR helps us investigate an environment to discover information about incidents."
"The ability to ingest Office 365 log files, then process them into events and display them on a map."
"The solution's initial setup is easy."
"InsightIDR’s ability to process millions of transactions per day, and to notify me of the most critical ones, is priceless. InsightIDR has the alerts tuned, and has the ability to quickly drill down to determine the threat level."
"Very intuitive and easy to set up."
"Scalability-wise, I rate the solution a ten out of ten. As a cloud tool, the product is highly scalable."
"I can easily check (in one place) all the logs and data in relation to attacks. It also gives me an overview if a server is not configured properly."
"The setup is very easy and straightforward."
"The USM is a work horse, no matter what devices or the number of logs we throw at it, the system processes them in real time, correlates the events, and alerts on only events that need human review."
"The other big selling feature for us was its integration capabilities with all the other security-based products."
"What I find the most valuable about USM Anywhere is its compliance. It shows a list of all the administrators logged on and does it quite well. There are no whistles and bells, it's reliable and simple to use."
"This is a USM, so being able to get all the features under one roof makes it a good product with good new features."
"The best thing about AlienVault USM is it being a “Jack-of-All Trades” solution. It provides SIEM, HIDS/NIDS, FIM, NetFlow, Asset Management, Vulnerability Management, etc., under one USM platform. None of the commercial SIEM vendors like ArcSight, McAfee, etc., can boast of such a diverse feature set."
"In terms of monitoring, my best feature would be the monitoring of components across the network. It monitors the respective nodes and any new node that comes onto the network and provides reports. The reporting dashboards are really helpful for management in terms of making decisions around patch management."
"The support needs improvement."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team."
"The only minor concern is occasional interference with desired programs."
"We'd like to see more one-to-one product presentations for the distribution channels."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"ZTNA can improve latency."
"Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."
"The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user and a separate table or group by destination. But I'd be more interested in where a person was logging into instead of who was logging in or where he was logging in."
"InsightIDR's integration with other solutions could be improved. Also, I'd like more control from the portal over what's happening on the endpoint side. For example, when I see an attack on an endpoint, I want to be able to stop it from the portal."
"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses."
"Cloud risk assessment is one area where I think they need a lot of improvement."
"They should add more configuration and security features to it."
"Needs a better ability to customize the check within the console."
"The solution needs improvement in threat intelligence. Increasing the depth of intelligence to help users understand more about threats is a possibility. My suggestion is to expand access to other websites or resources."
"The UI and overall processes need a little bit more love. This shows in the error banners that come up when you select certain things. There isn't a day that goes by that the UI doesn't error out and I can't view events for an alarm."
"We would like more plugins. This being the main point of improvement which would benefit the users."
"It would be nice to see some machine learning and monitoring of the configuration in network devices."
"The lack of mature functionality and expertise in any of those areas is a strong negative."
"Sometimes the log is unclear, and the report is a bit ambiguous."
"AT&T AlienVault USM can improve searchable data. It should be available for more than 90 days. If you need more than 90 days of data, you have to put a request and they give you raw data, which is not easy to search. A good addition would be to allow users to search data older than 90 days."
"There are many reports included but would be nice to have better access to the data."
"Reporting is convoluted and difficult at times, although they claim to have hundreds of pre-built reports, very few of them are actually useful for anything but what the USM is doing."
Rapid7 InsightIDR is ranked 21st in Endpoint Detection and Response (EDR) with 29 reviews while USM Anywhere is ranked 24th in Endpoint Detection and Response (EDR) with 113 reviews. Rapid7 InsightIDR is rated 8.4, while USM Anywhere is rated 8.4. The top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and Tanium, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and LogRhythm SIEM. See our Rapid7 InsightIDR vs. USM Anywhere report.
See our list of best Endpoint Detection and Response (EDR) vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
