The solution provides better value than competitors with its modules. The deployment is simple and straightforward. However, Rapid7 InsightIDR is not good for log management. 

In the past, my company used Unomaly, a tool from Sweden. My company switched from Unomaly to Rapid7 InsightIDR after seeing that the former could only checked syslogs, while we wanted something that checked our overall systems.

We used to use QRadar in my previous company. The first difference is in the deployment architecture. QRadar comes with cloud and on-prem options. In countries like Pakistan, where I am from, there are very strict regulations for using cloud solutions, especially in the banking sector. Rapid7 only offers a SaaS-based SIEM.

The second difference between the two is in their licensing. Rapid7 InsightIDR license is applied based on the number of nodes and devices. QRadar, on the other hand, does licenses the events per second.

The third difference is in the threat intelligence QRadar provides, and there's a huge difference between the two in this domain. QRadar is an IBM product that is very old in the SIEM market and provides relatively better threat intelligence than players like Rapid7.

Previously, I used IBM.

I actually purchased the predecessor, InsightUBA, which quickly changed into the insightIDR that we have today. There was no other previous solution.

I have worked with Wazuh before, but only to try it. Wazuh is more or less the same as Rapid7 InsightIDR.

I have experience with other SIEM tools as well. Last time, I used LogRhythm company for security intelligence. LogRhythm has two options for the deployment — on-prem and cloud— so customers have a choice when they are looking to invest with SIEM solution. Rapid7 does not have the same option. But with LogRhythm, we would have to pay hardware maintenance as it is an on-prem product.

A private ELK stack was used originally. We moved off of it as we wanted to ensure that we were focusing on the security of the company, and not writing log parsing rules all day.

We did not use a previous solution.

We did not previously use a different solution.

This was our first look at a security as a single entity. After creating a threat register, we were able to mitigate over two-thirds of the threats with this one product.

Previously, we were using another solution. We changed because the price was completely suitable.

I've used other products such as QRadar and other SIEM solutions and I find this solution is much more simplified and user-friendly. Their DNA is also really in security, which they can feed quite effectively into their SIEM. They understand security far better than other OEMs.