We performed a comparison between ArcSight Intelligence and Rapid7 InsightVM based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The product has a valuable interface."
"The platform helps us improve threat detection capabilities."
"The ability to tailor an environment to suit our specific use cases is a major advantage of ArcSight compared to other logging servers such as Splunk."
"The most valuable feature of ArcSight Intelligence is a single console where the entire dashboard gives all the connected details in a single place."
"We found the correlation engine to be very good. It takes logs from different types of devices and does the correlation in a good way."
"Using Rapid7, we can install a scan engine, we can do our VPN connections, and we can conduct internal scans of remote sites. We prefer the web application. It's smarter and more accurate from an application perspective."
"I rate InsightVM eight out of 10 for ease of setup. It takes two or three engineers to deploy. The solution requires some maintenance. It's mainly cleaning up data."
"You can bring in and get online to do reports fairly quickly,"
"Rapid7 have a good distribution network with good support and market presence."
"The most valuable features of Rapid7 InsightVM are the accurate level of scanning and the workflows are good."
"The discovery and prioritization of vulnerabilities."
"The risk score that they provide makes it easier to find out the biggest risks. It helped the security officers to understand where the biggest risks are so that they can act on them. They can instruct their IT teams to give them a higher priority and mitigate them."
"InsightVM offers a robust platform for identifying, prioritizing, and addressing vulnerabilities across an organization's IT infrastructure."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"The AI capabilities must be improved."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"There is room for improvement in entity behavior and the integration site."
"The troubleshooting has room for improvement."
"One key area that can be improved is by building a strong integration with our XDR platform."
"The solution could be more user-friendly; some query languages are required to operate it."
"We haven't found the product fully scalable."
"ArcSight Intelligence is a bit slower, and its speed should be improved."
"The dashboard is not user-friendly and is in black and white."
"ArcSight Intelligence's pricing needs improvement."
"The frequency of the updates that we are getting can be improved because the number and types of incidents that are happening at the global level are far more than what we are receiving. The frequency of updates feeds related to our rules should be increased. There should be more frequent information about the new rules that are coming and the global threats that are happening. There should be better options for dashboard creation. At present, the dashboards are good, but there is scope to make them better."
"Their customer support should be improved, and the effectiveness of scans also needs to be improved."
"I would like to see more integration."
"We have some issues with how it scans patches."
"We are a registered reseller and a trusted partner. However, for us to get any support from them I can't log a call directly with Rapid7 InsightVM. I have to work with the distributor to log the call for me."
"Rapid7 could be easier to manage."
"Rapid7 InsightVM, has impressive capabilities, especially when it comes to managing video equipment. However, we've noticed that Rapid7 also offers a cloud solution called CloudSec, and we don't have that. We think it would be better if InsightVM had all the features for both on-premise and cloud management."
"A definite improvement would be to make it easier to run ad-hoc scans without needing to assign the asset to a site or group."
"The solution could improve by being more secure."
ArcSight Intelligence is ranked 33rd in Security Information and Event Management (SIEM) with 5 reviews while Rapid7 InsightVM is ranked 4th in Risk-Based Vulnerability Management with 55 reviews. ArcSight Intelligence is rated 8.0, while Rapid7 InsightVM is rated 8.0. The top reviewer of ArcSight Intelligence writes "A user-friendly solution that can be used to integrate the logs properly with different connectors". On the other hand, the top reviewer of Rapid7 InsightVM writes "You can scan a network, and receive recommendations to address vulnerabilities with the click of a button". ArcSight Intelligence is most compared with ArcSight Enterprise Security Manager (ESM) and Exabeam Fusion SIEM, whereas Rapid7 InsightVM is most compared with Tenable Nessus, Qualys VMDR, Tenable Security Center, Microsoft Defender Vulnerability Management and Rapid7 InsightIDR.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.