We performed a comparison between ExtraHop Reveal(x) and Rapid7 InsightIDR based on real PeerSpot user reviews.
Find out what your peers are saying about Darktrace, Vectra AI, Auvik and others in Network Traffic Analysis (NTA)."When there are performance issues with an HTTP app, ExtraHop enables us to identify the causes within a few minutes. We can see what transactions are being impacted by something that may be happening within the server environment."
"Setting up the solution is relatively easy."
"ExtraHop Reveal(x) is one of the tools that works out of the box when it comes to threat hunting."
"The security features of this solution are the most valuable."
"We had useful information within the hour of deployment. The ability to trace back for historical analysis, as well as the behavioral analysis done with the security information, puts the user in a position to make an informed decision to mitigate the performance or security incidents. Regarding the security incidents, Reveal (x) is able to create incident cards that guide your teams through the incidents and gives you the option to delve into the transaction detail to potentially view payloads as well."
"The solution works well for sending sensors."
"The solution's initial setup process is easy."
"Reveal X integrates seamlessly with CrowdStrike. If you see something sketchy on the network, you can quarantine devices through ExtraHop and it'll push to the CrowdStrike server."
"The solution is very stable and works very well for what I need it to do."
"InsightIDR’s ability to process millions of transactions per day, and to notify me of the most critical ones, is priceless. InsightIDR has the alerts tuned, and has the ability to quickly drill down to determine the threat level."
"The solution's initial setup is easy."
"Dashboards, including the main screen, provide much-needed information at a glance, without hours of coding and sifting through logs to find it. In case of an actual security incident, I have faith that insightIDR has retained all logs in a secure manner that prevents log tampering as well."
"The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort through all the logs, network and endpoint data, etc., and add it to an incident case as part of the investigation, is nice. Having it automatically timeline that additional data into the original incident timeline, and correlate it to other notable events and activities on the network, results in a huge improvement in our overall confidence that we've quickly traced down the right source of an issue."
"If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities."
"The solution is very scalable in terms of the licensing model."
"It improved my organization by building a security alerting program."
"The solution's reporting part and GUI are areas with certain shortcomings where improvements are required."
"The solution should include more support protocols."
"Agent management could certainly use some focus. It should also be a little bit easier to work with collections. We should be able to nest collections within collections. There should be better nesting."
"I think the tuning capabilities could be improved. We're working on minimizing false positives. Apart from that, everything seems fine to me."
"It needs integration with more security vendors."
"I would like to see more cloud capability."
"The solution’s pricing could be improved."
"ExtraHop Reveal(x) could improve by allowing a longer look back in the feature. Right now you have a limit of 30 days to look back on your activity. I've used Darktrace before, and they allow you the ability to play back events. This would be a good feature to have in ExtraHop Reveal(x)."
"The dashboard is an area that could be simplified."
"Inability to get access to compliance reports within the solution."
"InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment."
"The product allows us to make only 30 custom rules."
"One thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not."
"The solution's XDR agents cannot compete with the XDR solutions out there yet."
"InsightIDR's integration with other solutions could be improved. Also, I'd like more control from the portal over what's happening on the endpoint side. For example, when I see an attack on an endpoint, I want to be able to stop it from the portal."
"I would like to see more development in InsightIDR towards building their SIEM solution and converting it to XDR."
ExtraHop Reveal(x) is ranked 5th in Network Traffic Analysis (NTA) with 12 reviews while Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 29 reviews. ExtraHop Reveal(x) is rated 8.6, while Rapid7 InsightIDR is rated 8.4. The top reviewer of ExtraHop Reveal(x) writes "It helps you visualize how data moves across your network". On the other hand, the top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". ExtraHop Reveal(x) is most compared with Darktrace, Vectra AI, Corelight, Cisco Secure Network Analytics and SolarWinds NetFlow Traffic Analyzer, whereas Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and IBM Security QRadar.
We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.