Rapid7 InsightIDR vs Vectra AI comparison

Read 42 Vectra AI reviews

7,149 Views
3,331 Comparison Views

97% willing to recommend

Rapid7 InsightIDR

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Rapid7 InsightIDR and Vectra AI based on real PeerSpot user reviews.

Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM).

To learn more, read our detailed Security Information and Event Management (SIEM) Report (Updated: June 2024).

Security Information and Event Management (SIEM)

June 2024

Download the complete report

Helped 787,779 peers since 2012

Categories and Ranking

Rapid7 InsightIDR

Average Rating

8.4

Number of Reviews

Ranking in other categories

Security Information and Event Management (SIEM) (9th), User Entity Behavior Analytics (UEBA) (3rd), Endpoint Detection and Response (EDR) (21st), Threat Deception Platforms (5th), Extended Detection and Response (XDR) (12th)

Vectra AI

Average Rating

8.6

Number of Reviews

Ranking in other categories

Intrusion Detection and Prevention Software (IDPS) (2nd), Network Traffic Analysis (NTA) (2nd), Network Detection and Response (NDR) (2nd), Identity Threat Detection and Response (ITDR) (6th)

Mindshare comparison

As of June 2024, in the Security Information and Event Management (SIEM) category, the mindshare of Rapid7 InsightIDR is 4.0%, up from 3.2% compared to the previous year. The mindshare of Vectra AI is 0.5%, down from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Information and Event Management (SIEM)

Unique Categories:

User Entity Behavior Analytics (UEBA)

13.1%

Endpoint Detection and Response (EDR)

0.8%

Intrusion Detection and Prevention Software (IDPS)

13.3%

Network Traffic Analysis (NTA)

22.0%

Featured Reviews

reviewer1938444

Security Solution Engineer II at a security firm with 501-1,000 employees

Aug 12, 2022

Quick to deploy and helpful in detecting and responding to security incidents before there is a big outage

I used it in my previous company. We were the integrator of the solution, and also a partner of Rapid7 at the time. We used it for security monitoring and also for analytics. We used it for our own company, and like an MSSP, we sold this to our customers. So, we did security monitoring for our…

Read full review

reviewer2125176

System Engineer at a computer software company with 1,001-5,000 employees

Mar 12, 2023

Well designed, easy to implement, and easy to manage

I'm managing the solution. I work in the infrastructure, so I install, reinstall brains and collectors It's very easy to manage. We don't have any issues with the Vectra service. It's completely painless. It's a good product. It's easy to manage, and I love the UX. It's very well designed. When…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"It improved my organization by building a security alerting program."

"The biggest reason why we chose Rapid7 was to gain value in a really quick time. Its deployment doesn't take months. It just takes a few days."

"The technical support is a solid 10 out of 10 as they take the time to answer any questions or problems which may arise in a reasonable time frame."

"Log search allows us to dive deep into aggregated logs and query all event types at once."

"I rate Rapid7 nine out of 10 for affordability"

"Features for user behavior analytics and the rules for attack review are good."

"Rapid7 is easy to use and deploy. It is a simple solution and has easy data pulling."

"Dashboards, including the main screen, provide much-needed information at a glance, without hours of coding and sifting through logs to find it. In case of an actual security incident, I have faith that insightIDR has retained all logs in a secure manner that prevents log tampering as well."

More Rapid7 InsightIDR pros

"The solution provide visibility into behaviors across the full lifecycle of an attack in our network, beyond just the Internet gateway. It makes our security operations much more effective because we are now looking not just at traffic on the border, but we're looking at east-west internal traffic. Now, not only will we see if an exploit kit is being downloaded, but we would be able to see then if that exploit kit was then laterally distributed into our environment."

"What I like best about Vectra AI is that it alerts you about suspicious activities."

"One of the most valuable features of the platform is its ability to provide you with aggregated risk scores based on impact and certainty of threats being detected. This is both applied to individual and host detections. This is important because it enables us to use this platform to prioritize the most likely imminent threats. So, it reduces alert fatigue follow ups for security operation center analysts. It also provides us with an ability to prioritize limited resources."

"The packet-capturing feature is very useful."

"The dashboard gives me a scoring system that allows me to prioritize things that I should look at. I may not necessarily care so much about one event, whereas if I have a single botnet detection or a brute force attack, I really want to get on top of those."

"It provides various dashboards that facilitate the identification of connections and can detect data exfiltration, meaning data sent from your environment to another."

"It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low. So, the labor hour overhead is probably our largest benefit from it. We spend 99% of our time in Vectra investigating cases, responding to incidents, or hunting, and only around 1% of our time is spent patching, troubleshooting, or doing anything else. That's our largest benefit from Vectra."

"Vectra produces actionable data using automation. That has helped us. It's less manpower now to look at incidents, which has definitely increased efficiency. Right now, in a lot of cases, our mean time to detection is within zero days. This tells me by the time something happened, and we were able to detect it, it was within the same day."

More Vectra AI pros

Cons

"The searching feature in Rapid7 InsightIDR needs to evolve"

"Currently, it lacks the functionalities provided by Rapid7's User Behavior Analytics (UBA)."

"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses."

"The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user and a separate table or group by destination. But I'd be more interested in where a person was logging into instead of who was logging in or where he was logging in."

"Cloud risk assessment is one area where I think they need a lot of improvement."

"The integration capabilities of the solution have certain shortcomings where improvements are required."

"Tenable Nessus is easier to deal with. It's more efficient and accurate. InsightIDR is heavier than Tenable in terms of performance and scanning. Rapid7 would be much easier to use if it had a network connector like Tenable. Tenable's connector allows continuous monitoring over the B caps."

"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."

More Rapid7 InsightIDR cons

"In comparison with a lot of systems I used in the past, the false positives are really a burden because they are taking a lot of time at this moment."

"The solution has not reduced the security analyst workload in our organization because we still need to SIEM. Unfortunately, while Vectra, for us, is a brilliant tool for network investigations, giving wonderful visibility, it doesn't go the whole way to replace our SIEM that is needed for compliance. So, I still have the same amount of alerting and logging that I did before. It gives us more defined ability to see incidents, but it doesn't give us enough information to satisfy a PCI or 27001 audit."

"An area for improvement in Vectra AI is reporting because it currently needs some details. For example, when you download a report from Vectra AI, you won't see complete information about the alerts or triggers. Another area for improvement in the tool is that sometimes, an alert has high severity, yet it's marked as low severity. Vectra AI should have a mechanism to change the severity level from low to high or critical."

"There is room for improvement in the documentation. We would like to have more details on how it detects what we see."

"Other alternatives, like Darktrace, have a fancier UI."

"What is most important for us is to have one place where we can manage a few brains because we are based on a zero-trust network. As a result, each customer needs to have a separate brain. For the SOC team, we need to have one place where the SOC analyst can go to visit the website and from that site manage all of the customers. Right now, Vectra AI doesn't have this capability, and I would really like to have this feature."

"Vectra is still limited to packet management. It's only monitoring packet exchanges. While it can see a lot of things, it can't see everything, depending on where it's deployed. It has its limits and that's why I still have my SIEM."

"We would like to see more information with the syslogs. The syslogs that they send to our SIEM are a bit short compared to what you can see. It would be helpful if they send us more data that we can incorporate into our SIEM, then can correlate with other events."

More Vectra AI cons

Pricing and Cost Advice

"It is more reasonably priced than other vendors."

"I am sure that there are cheaper products out there, but none that meet so many of our needs whilst maintaining stability and usability."

"Rapid7 InsightIDR is a cheaply priced product. On a scale of one to ten, where one is very expensive, and ten is very cheap, I rate the product's price at seven or eight."

"Rapid7 InsightIDR's pricing is reasonable but we have challenges with the Minimum Order Quantity. It is not reasonable for customers who have less than one hundred devices. If they can reduce Minimum Order Quantity, it is good. You have to pay around 5000-6000 dollars per year for the product. The pricing includes maintenance and support costs."

"Licensing is straightforward. If, for some reason, you don’t meet the minimum licensing requirements, there is a third-party managed service that can help."

"The pricing is good, and it is not very expensive."

"I rate Rapid7 InsightIDR's price a four on a scale of one to ten, where one is cheap, and ten is expensive."

"The pricing of the solution depends on the user. But there is a yearly licensing cost."

More Rapid7 InsightIDR pricing and cost advice

"The upfront pricing model that we have would have been more beneficial if it had been a recurring license fee, but that wasn't a massive issue for us. It's fairly priced."

"Cost is a big factor, as always. However, I think we have a very good price–performance ratio."

"We are running at about 90,000 pounds per year. The solution is a licensed cost. The hardware that they gave us was pretty much next to nothing. It is the license that we're paying for."

"The solution's pricing was 50 percent lower than the other vendors shortlisted."

"From a licensing perspective, the Vectra detect platform is pretty doable. Also, the hardware prices are nothing that we're not used to. The stream part is a little overpriced compared to the detect part. The reason is that you need to stream data to detect events anyway, so the data is in there. The only thing that's not available is the UI to be able to look at the stream data, which is also on the appliances but is just not activated. That's mainly the thing that we want to improve on."

"From a pricing perspective, they are very commercially competitive. From a licensing perspective, just be conscious that some of their future cloud solutions come with additional subscriptions. Also, if you're outside of the US, you will get charged freight for the device back to your country."

"Vectra AI's pricing is cheaper than that of Darktrace."

"Vectra's licensing model could scale to our research network, which has multiple, 100-gigabit links."

More Vectra AI pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

787,779 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

16%

Manufacturing Company

Financial Services Firm

Government

Computer Software Company

16%

Financial Services Firm

12%

Government

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What SOC product do you recommend?

For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...

What do you like most about Rapid7 InsightIDR?

During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an applicati...

What is your experience regarding pricing and costs for Rapid7 InsightIDR?

We chose Rapid7 because of its price. IBM QRadar charges us based on data storage. Rapid7 InsightIDR charges us based on the endpoints we connect to. We are satisfied with the product’s price.

What is the biggest difference between Corelight and Vectra AI?

The two platforms take a fundamentally different approach to NDR. Corelight is limited to use cases that require the eventual forwarding of events and parsed data logs to a security team’s SIEM or ...

What do you like most about Vectra AI?

The solution is currently used as a central threat detection and response system.

What is your experience regarding pricing and costs for Vectra AI?

The licensing is on annual basis.

Darktrace vs Rapid7 InsightIDR

Comparisons

Compared 15% of the time

Microsoft Sentinel vs Rapid7 InsightIDR

Compared 13% of the time

Splunk Enterprise Security vs Rapid7 InsightIDR

Compared 8% of the time

Rapid7 InsightVM vs Rapid7 InsightIDR

Compared 7% of the time

LogRhythm SIEM vs Rapid7 InsightIDR

Compared 3% of the time

More Rapid7 InsightIDR Competitors

Darktrace vs Vectra AI

Compared 36% of the time

ExtraHop Reveal(x) vs Vectra AI

Compared 11% of the time

Cisco Secure Network Analytics vs Vectra AI

Compared 7% of the time

Arista NDR vs Vectra AI

Compared 6% of the time

Palo Alto Networks Advanced Threat Prevention vs Vectra AI

Compared 2% of the time

More Vectra AI Competitors

Product Reports

Download Rapid7 InsightIDR product report

Rapid7 InsightIDR

June 2024

Download Vectra AI product report

May 2024

Also Known As

InsightIDR

Vectra Networks, Vectra AI NDR

Learn More

Rapid7

Overview

Parsing hundreds of trivial alerts. Managing a mountain of data. Manually forwarding info from your endpoints. Forget that. InsightIDR instantly arms you with the insight you need to make better decisions across the incident detection and response lifecycle, faster.

Vectra threat detection and response is a complete cybersecurity platform that collects, detects, and prioritizes security alerts. The Cognito platform for Network Detection and Response (NDR) detects and responds to attacks inside cloud, data center, Internet of Things, and enterprise networks. The platform also provides automated response capabilities for low-level threats and escalates more severe anomalies to security personnel.

Cognito captures data for multiple relevant sources and enriches it with context and security insights. It starts by deploying sensors across different networks in datacenters, IoT, or enterprise networks. The algorithm extracts relevant metadata from network and cloud traffic. The information can also be non-security information that can help investigation.

The data is enriched with security context to support critical use cases, such as threat detection, investigation, hunting and compliance. The platform is machine learning-based, which enables it to adapt to any new and current threat scenario. It detects, clusters, prioritizes, and anticipates attacks by using identity and host-level enforcement.

With the Vectra platform, a person can investigate 50 threats in just two hours. By prioritizing alerts and leveraging threat intelligence, it provides faster results.Vectra solves today’s security challenges for network detection and response.

One of Vectra’s best features is the emphasis they put in pairing research and data science for security insights. It offers behavior codification with unsupervised, supervised, and deep learning models.

The pricing is according to a subscription model with a free trial available.Vectra is available for Office 365, Azure AD and AWS Brain.

Features of Vectra AI

AI-based threat detection and response.
Detects attacks in real time with behavior-based threat detection.
Consolidates and correlates thousands of events, detecting threats.
Enriches threat investigation with a chain of evidence and data science security insights.
Machine learning techniques, including deep learning and neural networks.
Gives visibility into cyberattackers and analyzes all network traffic.
Continuous updates with new threat detection algorithms.
Provides encryption at rest and in transit. For the AWS version, it offers AES-256 encryption via AWS Key Management Service.
Guaranteed availability according to the SLA of the service selected.
Does not connect to public sector networks.

Benefits of Vectra AI

Behavioral models use AI to find unknown attackers.
Context increases the accuracy of threat hunting.
Allows for proactive action by prioritizing the most relevant information.
Provides a clear picture and extensive context for investigations.
Aids decision-making in the incident response process.
Helps working with large datasets by capturing metadata at scale.
Automates time-consuming analysis.
Reduces the security analysts’ workloads on threat investigations.

Other advantages of Vectra services include that they can be deployed in the public, private, or hybrid cloud. Support is available via email or online ticketing with an average of 4 hours of response. Phone support is available 24/7.

Vectra provides full on-site and online training and documentation. Regarding the user interface, it supports several types of web browsers, such as Internet Explorer, Microsoft Edge, Firefox, Chrome, Safari and Opera. However, it is not available for mobile devices.

Reviews from Real Users

Here’s what PeerSpot users of Vectra AI have to say about it:

"One of the core features is that Vectra AI triages threats and correlates them with compromised host devices. From a visibility perspective, we can better track the threat across the network. Instead of us potentially finding one device that has been impacted without Vectra AI, it will give us the visibility of everywhere that threat went. Therefore, visibility has increased for us." - Dave W., Operations Manager at a healthcare company

Sample Customers

Liberty Wines, Pioneer Telephone, Visier

Tribune Media Group, Barry University, Aruba Networks, Good Technology, Riverbed, Santa Clara University, Securities Exchange, Tri-State Generation and Transmission Association