We performed a comparison between CRITICALSTART and Rapid7 InsightConnect based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"The machine learning and artificial intelligence on offer are great."
"The way that the user interface presents data enables our team to be able to make decisions significantly quicker, rather than have to dig into the details or go back to the original tools."
"My impression of the transparency of the data is that it has good detail. It allows you to see how many events have come in, how many of those events have made it down to their analysts to review, and then however many from their analysts to be able to close out, have been able to been escalated to us. It's a good metric that we can share with my management. They see the value of what the SOC is bringing on top of what my team is already doing."
"The most valuable feature of their service is their tuning... If we were getting 1,000 alerts a day without them, they tune it until they know what to do for 999 of them, and one will make it through to us per day. That tuning is the most valuable part of their solution."
"The main difference between the other options and this one is the quality of the personnel within the SOC. It's their knowledge and depth and the way they handle customers."
"I also use their mobile app. It's very easy to use and very convenient to be able to respond to alerts wherever you are. I love the app. You can respond and communicate, per ticket, with their SOC in near real-time. The response is very quick."
"The new mobile app is awesome. It is one of the best I've ever seen. It's much better than its predecessor. It's more intuitive, a whole lot easier to navigate and get where you need to go. It's less repetitive and just generally easier to use. It allows me to not have to be sitting at my computer all the time. I can be on my phone or tablet or wherever I'm at. It makes it a lot easier to answer tickets and do that kind of thing."
"Outside of using the platform to manage alerts, the feature of the service that we get the most value from is being able to reach out to them and say, "Hey, we might go buy a SIEM," for example. They give us their overview of what's out there, what they've dealt with, what they integrate with, and what that looks like. That's been pretty powerful over the years for us."
"There are two parts of CRITICALSTART's services that are most valuable to us. The MDR solution where they monitor our computers, laptops, and users across the board; and their knowledge of Palo Alto firewalls."
"The tool is stable. The initial setup is straightforward. The product is user-friendly."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"The AI capabilities must be improved."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"They could dig a little bit deeper into the Splunk alerts when they feel like they need to be escalated to us. For example, if a locked account shows up, they could do a little extra digging to verify that the locked account was due to a bad password on the local system. They could just do a little extra digging within the Splunk environment instead of pushing it onto us to go do that extra little digging."
"They just did a user interface overhaul to the website portal that you use for troubleshooting tickets. The old one was fine. The new one is not intuitive..."
"The updated UI is actually pretty bad. Regarding the intuitiveness, it is fairly easy to use, but the responsiveness, on a scale of one to 10, is a one. It's really poor performance."
"The UI has become slower but it's not something I would call them out on."
"In terms of responsiveness, when I open up an alert, sometimes it takes a bit of time to load. However, it only happened once or twice."
"During the six-month integration and rollout, there were some bumpy roads along the way. There were communication breakdowns between the project manager, CRITICALSTART leadership, and us (as the customer). I expressed my displeasure during the integration in their inability to effectively communicate when there were holdups or issues. They were going through some growing pains at that time, but they have been right there for us ever since."
"It has frustrated us that they don't have a native Slack integration, because most things do now. That's something we've asked for, for years, and it just doesn't really seem like it's a priority."
"There is room for improvement with the new UI, and that's about it. I would like to see a more intuitive design."
"The technical support should be improved."
Earn 20 points
CRITICALSTART is ranked 29th in Security Orchestration Automation and Response (SOAR) while Rapid7 InsightConnect is ranked 22nd in Security Orchestration Automation and Response (SOAR) with 2 reviews. CRITICALSTART is rated 9.4, while Rapid7 InsightConnect is rated 8.0. The top reviewer of CRITICALSTART writes "Offers the ability to close review tickets or alerts through a mobile phone and to interact with engineers on their side via the app". On the other hand, the top reviewer of Rapid7 InsightConnect writes "Excellent security orchestration and automation AI features". CRITICALSTART is most compared with Arctic Wolf Managed Detection and Response, BlueVoyant CORE, ReliaQuest GreyMatter, CrowdStrike Falcon Complete and Red Canary, whereas Rapid7 InsightConnect is most compared with Palo Alto Networks Cortex XSOAR, ThreatConnect Threat Intelligence Platform (TIP), CrowdStrike Falcon and Splunk SOAR.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
