We just raised a $30M Series A: Read our story

Rapid7 MDR Competitors and Alternatives

Get our free report covering Arctic Wolf Networks, CrowdStrike, Trend Micro, and other competitors of Rapid7 MDR. Updated: October 2021.
543,089 professionals have used our research since 2012.

Read reviews of Rapid7 MDR competitors and alternatives

AY
Lead Security Analyst at a leisure / travel company with 1,001-5,000 employees
Real User
Top 20Leaderboard
Provides us with detailed search responses and concise alerts that are not overwhelming

Pros and Cons

  • "We have also integrated our endpoint security into the Netsurion SIEM. That's important because we have all the events in one place; we don't have to manage them in multiple places. In addition, the embedded MITRE ATT&CK Framework was paramount in our decision to choose Managed Threat Protection because the MITRE Framework is the industry standard for threats."
  • "The weekly reporting could use some improvement. For example, when we handed them our landscape document, it took longer than I would have liked for those details to become noticeable within the reports."

What is our primary use case?

We use it for security incident and event management, and we use Netsurion's hosted SOC service, meaning their SOC team also assesses our events.

The solution is on-premises. We have the agent running on our Windows systems, and we have the Linux systems pumping the syslog data to the Netsurion server.

How has it helped my organization?

The 24/7 monitoring and alerting have positively affected our security maturity because now we have people with eyes on our security events 24/7. They are monitoring our security incidents and alerting us to any incidents that need action on our end. Overall, the SOC component of the Netsurion solution is very important because without it we would need to hire more people internally to do that work. With the hosted SOC, we don't need to have a large team on our side. While their SOC doesn't know our company and what is unique about our environment entirely at this time, they are learning it now.

What is most valuable?

All the features are valuable, so far. Some examples are the detailed responses that you find within the searches. The alerts are also valuable because they're concise and not overwhelming. The dashboard layout is also a feature I like, because it's very clear. It's not cumbersome.

When it comes to threat detection and response, Netsurion is very good. They're good at incident detection and responses. For example, they found some tools that are used by hackers, tools that were running on a system, and they immediately alerted us to that fact. We investigated it and it turned out it was an administrator using that tool. But it was a good process.

Managed Threat Protection also provides actionable threat intelligence. For example, when there was a vulnerability in the Exchange platform, they alerted us that this new threat had become known, and we were able to take action by patching our Exchange servers to secure them.

We have also integrated our endpoint security into the Netsurion SIEM. That's important because we have all the events in one place; we don't have to manage them in multiple places.

In addition, the embedded MITRE ATT&CK Framework was paramount in our decision to choose Managed Threat Protection because the MITRE Framework is the industry standard for threats. While it hasn't yet helped to identify threats we might have missed without it, we're still early on in our deployment, but eventually, once we are more mature, it will. And I believe it has helped with the time it takes Netsurion's SOC to identify and understand sophisticated threats.

What needs improvement?

The weekly reporting could use some improvement. For example, when we handed them our landscape document, it took longer than I would have liked for those details to become noticeable within the reports.

For how long have I used the solution?

I have been using Netsurion Managed Threat Protection for about 10 months.

What do I think about the stability of the solution?

It is very stable.

What do I think about the scalability of the solution?

Scaling it would be slightly complex because you would need to consciously keep track of the ports where the logs are being ingested. Scalability is not as straightforward as it could have been.

We are using it to monitor about 2,500 endpoints and we have two analysts within our organization's security department who work with the solution.

How are customer service and support?

Some of the technical forethought for the deployment was not as good as I would have expected. Some of the technical blocks that can exist in an organization of our size, issues that needed to be thought about, were not taken into account at their end. That required more input on our side, so that is why I would rate their support at eight out of 10 overall. But regarding the product itself, their technical skills are a 10. It was more when it came to the difficulties in a more complex environment that they were slightly lacking.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did not have a previous solution.

How was the initial setup?

The initial setup was straightforward. They provided us concise instructions on how to deploy the agents. They provided us packages that we could then deploy within our package deployment mechanisms, and they supplied us with the necessary tools to be able to deploy the agents quickly and easily.

Netsurion's support during our deployment process was very good. They were very helpful and attentive to us as customers. Their assistance in the onboarding process certainly helped with the product's time-to-value because we were able to deploy the agents in a short period of time and to start getting actionable intelligence pretty quickly.

Within a couple of weeks of their providing us the packages, we started deploying agents and, within a couple of months, we already had enough logs being ingested to have at least some initial, actionable intelligence.

The implementation strategy was, first of all, to have enough collectors around our network to ingest the logs from the sources, and enough log source ports to be able to handle the quantity of log sources coming in. After that came the preparation of the agents and the mechanism through which the agents were to be deployed. This strategy helped to make the deployment faster and easier.

What about the implementation team?

It was handled internally by our IT operations.

What was our ROI?

We have seen ROI in the fact that we had actionable intelligence within six months of deployment.

What's my experience with pricing, setup cost, and licensing?

The amount we pay for the service that we get is good. If it were to be much more expensive, it would not have the same value for the money.

Which other solutions did I evaluate?

We evaluated McAfee Managed Detection and Response, Splunk, and Rapid7 against Netsurion Managed Threat Protection. The biggest difference was the cost.

What other advice do I have?

If you're concerned about Netsurion's SOC being located outside of the US, I would say that location of the SOC is irrelevant. Rather, you should evaluate the skills of the SOC and the SOC management.

And if someone at another company said they are not sure that they need managed services, I would say to them that they had better make sure they have enough money to have their own internal team.

My other advice would be to make sure that Netsurion gives you a good deal compared to the other vendors.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Get our free report covering Arctic Wolf Networks, CrowdStrike, Trend Micro, and other competitors of Rapid7 MDR. Updated: October 2021.
543,089 professionals have used our research since 2012.