We just raised a $30M Series A: Read our story

Rapid7 InsightIDR OverviewUNIXBusinessApplication

Rapid7 InsightIDR is #4 ranked solution in top User Behavior Analytics - UEBA tools and #10 ranked solution in top Security Information and Event Management (SIEM) tools. IT Central Station users give Rapid7 InsightIDR an average rating of 8 out of 10. Rapid7 InsightIDR is most commonly compared to Darktrace: Rapid7 InsightIDR vs Darktrace. The top industry researching this solution is Computer Software Company, accounting for 28% of all views.
What is Rapid7 InsightIDR?

Parsing hundreds of trivial alerts. Managing a mountain of data. Manually forwarding info from your endpoints. Forget that. InsightIDR instantly arms you with the insight you need to make better decisions across the incident detection and response lifecycle, faster.

Rapid7 InsightIDR is also known as InsightIDR.

Buyer's Guide

Download the Security Information and Event Management (SIEM) Buyer's Guide including reviews and more. Updated: October 2021

Rapid7 InsightIDR Customers

Liberty Wines, Pioneer Telephone, Visier

Rapid7 InsightIDR Video

Pricing Advice

What users are saying about Rapid7 InsightIDR pricing:
  • "It is a reasonably priced solution."

Rapid7 InsightIDR Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
AS
Director at a tech vendor with 11-50 employees
Real User
Top 20
Easy to use with a simple setup and good scalability

Pros and Cons

  • "If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities."
  • "Cloud risk assessment is one area where I think they need a lot of improvement."

What is our primary use case?

We primarily use the solution for a combination of log management as well as threat detection.

What is most valuable?

The ease of use of the solution is excellent.

The individual setup is great. You can set it up and get it going in a short amount of time.

They have one agent for Insight where, basically, we can also install agents on Linux and Windows Servers as well as the endpoints. This agent provides for more capabilities in terms of threat detection. Normally, SIEM is more centered around log management and data mining. It's nice to have this extra layer. 

If you look at the agent part, the Insight agent, which is an optional component of InsightIDR, that agent also helps us to detect more threats, due to the fact that the endpoints are also vulnerable to a lot of security breaches. 

If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities.

What needs improvement?

Earlier they didn't have a network flow capture product, so they were not able to capture the network flows. We were able to capture the logs but not the network flows. Now, they have acquired a company called NetFort, and now they are also using the capture network flows. This was one of the shortcomings of the product which they have now rectified after acquisition of the company.

Cloud risk assessment is one area where I think they need a lot of improvement.

The solution should have a CIS Benchmark in terms of, I would say, config change detection.

For how long have I used the solution?

I've been using the solution for about one year.

What do I think about the scalability of the solution?

Since it is on cloud, so we need to just provision the collectors, which is like a sensor that captures logs on-premise and sends it to their cloud, the metadata. We are able to scale more. The scalability is high. There is no issue related to redundancy or high availability. Since it is on cloud, it is taken care of from their data center.

The solution is more suited towards larger enterprises, and not really ideal for smaller companies.

How are customer service and technical support?

The technical support is good. They follow and adhere to their SLA terms. Based on the customer's needs, they can go with a higher level of support. Based on their standard support, they adhere to whatever is their SLA terms are and they are typically good enough. There's no complaints of any lag in service. They do a good job.

Which solution did I use previously and why did I switch?

I've used other products such as QRadar and other SIEM solutions and I find this solution is much more simplified and user-friendly. Their DNA is also really in security, which they can feed quite effectively into their SIEM. They understand security far better than other OEMs.

How was the initial setup?

The initial setup is not complex. It's straightforward. Deployment takes less than two weeks. It is based on the customer's environment, however, on average, you can assume it will take one to two weeks. You only need about two to three people to handle the deployment.

What about the implementation team?

We're an integrator for Rapid7. We handle deployments for our customers.

What's my experience with pricing, setup cost, and licensing?

If you look at any other SIEM solution, the license is based on events per second or EPS based licensing. Here, the licensing is the number of assets, and the number of days the log would be retained on their cloud. That is one of the huge differences between this solution and the competition.

What other advice do I have?

We are solution partners.

The solution has a console with everything on the cloud, however, only the centers, the log collectors, are on-premise. This solution is actually cloud-based.

People who want a solution, a very simplified and easy to start, and then they want to start immediately on a solution with fewer complications, so those would be the right customers. You can say SME, mid and large actually, but I think mid and large enterprises would be the right fitment.

I would recommend the solution. Rapid7's professional services, including their planning, architecture, deployment, et cetera is up to the mark. I would recommend having a few workdays, in the initial planning stage, maybe for assessment of the solution and to take some time to understand everything before beginning. New users should reach out to their Rapid7 professional services for the planning portion of the implementation process.

I would rate the solution eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
KS
Technical Consultant at a computer software company with 501-1,000 employees
Reseller
Initial setup is quick, there is no need to pay for hardware, and it's easy to scale

Pros and Cons

  • "Rapid7 InsightIDR integrates well with other solutions. It's also easy to configure because Rapid7 InsightIDR has a lot of instructions posted on their website that customers can follow if they need to get the source log."
  • "InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment."

What is our primary use case?

The main use case for InsightIDR is to investigate threat activity that can compromise the internal customer environment. We can track a threat from the first attempt or breach. Then we can investigate the threat from start to finish. 

What is most valuable?

InsightIDR's dashboard shows you live activity from the threat. 

What needs improvement?

InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment. So it's a challenge to get the customer to see the benefits of a cloud-based product in terms of ROI. If they switch to a cloud application, they won't have to pay for hardware maintenance or inventory. So with the next update, the customers want to see how it applies to their environment and its advantages over on-premise solutions. 

For how long have I used the solution?

We've been using InsightIDR for two years.

What do I think about the stability of the solution?

InsightIDR runs on the cloud and communicates with the log collector on a local computer, so performance depends on the internet connection. It's just sending packets and TCP encryption, so it's not spending much bandwidth. If the internet connection is smooth, the performance will be fine.

What do I think about the scalability of the solution?

InsightIDR can work with any size of business. It's easy to scale because it is on the cloud platform. It depends on the customer and the number of endpoints that they need to manage. 

How are customer service and support?

I have contacted Rapid7 support but not for InsightIDR. It is with for another product of theirs. I think their support is good. The support team helped us run diagnostic tests and walked us through everything until the case was resolved.

Which solution did I use previously and why did I switch?

I have experience with other SIEM tools as well. Last time, I used LogRhythm company for security intelligence. LogRhythm has two options for the deployment — on-prem and cloud— so customers have a choice when they are looking to invest with SIEM solution. Rapid7 does not have the same option. But with LogRhythm, we would have to pay hardware maintenance as it is an on-prem product.

How was the initial setup?

The initial setup it's straightforward, and it's not complex to deploy or configure. Because it is a cloud product and cloud platform, we just have to start it up and integrate with the local collector. After that, we do the customization. Currently, we provide installation and support for customers who subscribe to Rapid7 InsightIDR.

What's my experience with pricing, setup cost, and licensing?

InsightIDR is quite expensive. But with on-prem solutions, you need to wait for delivery then spend more money on maintenance and hardware. So any customer who understands cloud applications knows they just need to buy the license for the year. Then they can use it, and it's not hard to manage.

What other advice do I have?

I rate InsightIDR eight out of a 10.  I would recommend it for a customer who isn't dead-set on an on-prem deployment. They can subscribe to Rapid7 because it is more valuable and delivers a greater return on investment. The initial setup is quick. There's no need to pay for hardware and it's easy to scale. Rapid7 InsightIDR integrates well with other solutions. It's also easy to configure because Rapid7 InsightIDR has a lot of instructions posted on their website that customers can follow if they need to get the source log. With other products, you might need to contact a consultant certified by the vendor to do the integration. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
Find out what your peers are saying about Rapid7, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: October 2021.
543,424 professionals have used our research since 2012.
JS
IT Engineer Security Operation Team at a tech services company with 201-500 employees
Real User
An effective tool for identifying threats to a network infrastructure

Pros and Cons

  • "The web interface is great — very useful and user-friendly."
  • "The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."

What is our primary use case?

I use it to track events on our infrastructure to help with secure access and detection. We have many firewalls and antivirus DHCP (The Dynamic Host Configuration Protocol) DNS (Domain Name System), logs of Office 365, et cetera. We use this software to monitor and track our traffic and usage by creating logs.  

What is most valuable?

The most valuable features have to do with ease-of-use. It is easy to check the events, investigate suspicious activities, and do forensic analysis. The web interface is great — very useful and user-friendly.  

What needs improvement?

The only thing I can think of to improve the product is that the interface for doing investigation needs to be enhanced. For example, we can add notes through the interface, but we can not attach files to the investigation. It would be a useful addition. It would give us more flexibility to resolve more complicated situations. 

For how long have I used the solution?

I have been using this solution for about six months.  

What do I think about the stability of the solution?

This solution is stable. Because it is a software as a service product, when any bugs appear, the manufacturer can correct the problems quickly and deploy the solutions immediately. This is better than other solutions on-premises that we would need to install an upgrade to resolve any bugs or other issues.  

What do I think about the scalability of the solution?

Because this is a software as a service solution, the provider manages the scalability. It has never been an issue from our end.  

How was the initial setup?

The setup for the product was straightforward.  

What about the implementation team?

Although we did do the deployments by ourselves, we did it with some support from the provider, but it was easy to deploy.  

What other advice do I have?

On a scale from one to ten where one is the worst and ten is the best, I would rate this product as a nine-out-of-ten. It is very good but it could be better with a few details that would improve the utility of the investigations interface.  

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Midhun Kumar
Head of Infrastructure at Pearl Data Direct
Real User
Top 5Leaderboard
Great UEB feature, simple configuration that automatically syncs to the cloud platform

Pros and Cons

  • "Simple configuration and automatically syncs to the cloud platform."
  • "Inability to get access to compliance reports within the solution."

What is our primary use case?

We're using Rapid7 as our SIEM. I'm the head of infrastructure and we are customers of Rapid7.

What is most valuable?

There are numerous valuable features in this solution. Since it's cloud-based, the configuration is very simple, the collector will automatically sync to the cloud platform. The UEB, the User, Entity, and Behavioral Analytics, has helped us a lot. If there's a slight change in user behavior such as login patterns, my SOX is now able to detect it immediately.

What needs improvement?

I'd like to be able to get the compliance report within the solution which is currently not possible. For example, the P-Series was around 77001 compliance report of your SIEM solution. That option is unfortunately not available. 

For how long have I used the solution?

I've been using this solution for about 10 months. 

What do I think about the stability of the solution?

The solution is stable. 

What do I think about the scalability of the solution?

Given that this is a cloud solution there are no limits to scalability. The company is constantly evaluating and evolving and that's reflected in the product.

How are customer service and technical support?

We have two levels of support. They have a local presence and help us a lot although response times could be improved. The community is also very powerful, and the documentation is commendable.

How was the initial setup?

The initial setup was very easy, it took us only 24 hours to set up around 1000 assets. Implementation was carried out in-house.

What's my experience with pricing, setup cost, and licensing?

Licensing costs are based on a subscription model. The solution is very cost-effective because they are not charging based on the EPS but on the number of assets.

What other advice do I have?

The solution suits any size company, whether small, medium, or enterprise, it's a very good fit for all devices. The only drawback, for now, is the intel feeds which don't support any TAXII or STIX feeds so they need to be done manually. 

I rate the solution eight out of 10. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
OS
Linux admin at a wholesaler/distributor with 51-200 employees
Real User
Top 5
Suitably priced, stable, and easy to set up, but the dashboard needs improvement

Pros and Cons

  • "It is a very stable solution."
  • "The dashboard is an area that could be simplified."

What is our primary use case?

We use this solution for monitoring intrusion detection and prevention.

What is most valuable?

The most valuable feature is monitoring.

What needs improvement?

The dashboard is an area that could be simplified.  For management, it should be clear and the files should be there.

For how long have I used the solution?

I have only recently started using this solution. It's been a couple of months.

I believe that we are using th latest version.

What do I think about the stability of the solution?

It is very stable.

What do I think about the scalability of the solution?

It's a scalable solution. We have more than 1,000 users and we plan to continue using it.

How are customer service and technical support?

We have not had the need to contact technical support.

Which solution did I use previously and why did I switch?

Previously, we were using another solution. We changed because the price was completely suitable.

How was the initial setup?

The initial setup was straightforward. It was simple.

We have a team of four to deploy and maintain this solution.

What's my experience with pricing, setup cost, and licensing?

It is a reasonably priced solution.

What other advice do I have?

I am not able to recommend this solution at this time. I don't know it well enough yet. Similarly, it is difficult to say at this time what needs to be improved. We need more time to explore.

I would rate this solution a seven out of ten, only because I have recently started using it.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Davide Baudanza
CoFounder & Head of Technology at intuity
Real User
Top 5
Very intuitive, stable and integrates easily with other security products

What is our primary use case?

We use this solution to develop our business and we also provide it to some of our customers. The primary use case is for security information and event management, monitoring and acting on any event. 

What is most valuable?

The solution is very intuitive, it's easy to set up, is absolutely stable, and has a lot of integration with other security products.

What needs improvement?

I'd like to see a mobile application included and some feature related to the generality of segregation for internal users that access the application.

What do I think about the stability of the solution?

This solution is absolutely stable. 

What do I think about the scalability of the solution?

This solution is scalable. 

How are customer service and technical

What is our primary use case?

We use this solution to develop our business and we also provide it to some of our customers. The primary use case is for security information and event management, monitoring and acting on any event. 

What is most valuable?

The solution is very intuitive, it's easy to set up, is absolutely stable, and has a lot of integration with other security products.

What needs improvement?

I'd like to see a mobile application included and some feature related to the generality of segregation for internal users that access the application.

What do I think about the stability of the solution?

This solution is absolutely stable. 

What do I think about the scalability of the solution?

This solution is scalable. 

How are customer service and technical support?

The technical support is very good and respond quickly when there is a problem.

How was the initial setup?

The initial setup is reasonably straightforward, it takes a few hours. We've deployed it for 10 different clients and we have several engineers and eight certified technical staff that carry out implementation. 

What's my experience with pricing, setup cost, and licensing?

You can scale the license as needed. It's really easy to update and upgrade.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Buyer's Guide
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about Rapid7, Splunk, IBM, and more!