We performed a comparison between ArcSight Analytics and Rapid7 InsightIDR based on real PeerSpot user reviews.
Find out in this report how the two User Entity Behavior Analytics (UEBA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."One of the most valuable features is the alerts."
"The correlation engine is good."
"The most valuable feature is the log monitoring."
"The ability to correlate different logs is the solution's most valuable feature."
"The solution is easy to implement."
"ArcSight Analytics has improved our system and network policy monitoring."
"The two most valuable features of this solution are its stability and scalability."
"This solution makes it easy to create use cases, and it is easy to move queries from use cases to the report to the dashboard."
"The product works well. Stability-wise, I rate the solution a ten out of ten."
"Integration with threat modeling from the Metasploit and InsightIDR repositories."
"User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day."
"InsightIDR helps us investigate an environment to discover information about incidents."
"I rate Rapid7 nine out of 10 for affordability"
"The solution is easy to use, and the interface is intuitive."
"The log aggregation and storage provided by InsightIDR has shown no issues with scalability; aggregating over one hundred millions events daily."
"Rapid7 is easy to use and deploy. It is a simple solution and has easy data pulling."
"Their support team could be better."
"The customer service could be improved, and additional integrations with other APIs could be added."
"I would like to see integration with automation products, such as Phantom Automation."
"It needs more user analytics and aggregation user queries. And it's slow. When you query over ArcSight, it is very slow."
"[There is] complexity in maintaining it and managing it. It's not easy to use. It requires a lot of training."
"Network integration is very crucial, and you need to have the knowledge to get it done."
"ArcSight's features that can be improved include anything related to its visualization capabilities and user friendliness."
"It's a difficult product to navigate, it's complex."
"One thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not."
"The solution's XDR agents cannot compete with the XDR solutions out there yet."
"The APIs can be further improved in Rapid7."
"They should add more configuration and security features to it."
"I feel it would greatly benefit from more supported log sources."
"One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level."
"The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user and a separate table or group by destination. But I'd be more interested in where a person was logging into instead of who was logging in or where he was logging in."
"Cloud risk assessment is one area where I think they need a lot of improvement."
ArcSight Analytics is ranked 16th in User Entity Behavior Analytics (UEBA) with 15 reviews while Rapid7 InsightIDR is ranked 3rd in User Entity Behavior Analytics (UEBA) with 29 reviews. ArcSight Analytics is rated 7.0, while Rapid7 InsightIDR is rated 8.4. The top reviewer of ArcSight Analytics writes "It has improved our system and network policy monitoring". On the other hand, the top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". ArcSight Analytics is most compared with Securonix UEBA, whereas Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and IBM Security QRadar. See our ArcSight Analytics vs. Rapid7 InsightIDR report.
See our list of best User Entity Behavior Analytics (UEBA) vendors.
We monitor all User Entity Behavior Analytics (UEBA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
For tools I’d recommend:
-SIEM- LogRhythm
-SOAR- Palo Alto XSOAR
Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic.
Also, remember that any EDR/XDR should integrate to the SIEM/SOAR and a strong threat intel source.
If you consider SOC outsourcing take your time and find one you can integrate like a virtual team member. They are only as good as their depth of knowledge in your business and your on-prem SOC.
Apache Metron, ELK, OSSIM, Splunk and Qradar (in cost/benefit order for starters).
I have no experience with Rapid 7 or InsightIDR.
IBM Qradar works great but is not easy to install. If it is running it is a great tool. Also depending on the budget, Riverbed security is a tool to consider. Costs are lower than QRadar and easier to implement.
Or you can use our SaaS solution with QRadar and a lot more built-in. One holistic solution for your complete IT environment.
@Evgeny Belenky, I found Stellar to be quite intriguing.
I would also recommend McAFee’s new console for centralizing and coordinating a well-deployed enterprise solution.
COMODO MDR
Disclaimer: ICE Consulting offers SOC as a Service to our Clients.
For SOC Tools we use Securonix and other in-house developed solutions. Securonix provides an all in one package (SIEM, UEBS, & NTA) that we believe is competitively priced for the Small to Mid Market. Their Customer Service seems better than most and they are always highly rated in the Gartner MQ reports. Set-up is not difficult, but is time consuming for the first time, afterwards each client deployment we have added has seemed to get easier and quicker.
Please contact several vendors and ask for demos, talk with the vendor engineers to ensure the solution will workfor your needs... We evaluated Rapid7, AlienVault (ATT Cybersecurity), QRadar, LogRythm, and Securonix before deciding on Securonix.
Also take your time in evaluating and re-evaluating the products, I took us about about 18 months and over $30K of working with what was utimately the wrong product for us, before moving to Securonix.
Make sure training for the use of the service is included. We have been able to provide entensive training to out team through the vendor and would not have been able to get out SOC offering off the ground without it.
Good Luck!
COMODO SOC covers your entire network and also your email. It is very easy to deploy and is very effective for reports.
I prefer the COMODO SOC solution because it is a very good and easy to deploy product.