No more typing reviews! Try our Samantha, our new voice AI agent.

Kaspersky Next EDR Expert vs Rapid7 InsightIDR comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 9, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Kaspersky Next EDR Expert
Ranking in Endpoint Detection and Response (EDR)
20th
Average Rating
8.2
Reviews Sentiment
6.5
Number of Reviews
51
Ranking in other categories
No ranking in other categories
Rapid7 InsightIDR
Ranking in Endpoint Detection and Response (EDR)
47th
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
32
Ranking in other categories
Security Information and Event Management (SIEM) (25th), User Entity Behavior Analytics (UEBA) (11th), Threat Deception Platforms (6th), Extended Detection and Response (XDR) (28th)
 

Mindshare comparison

As of July 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of Kaspersky Next EDR Expert is 1.2%, down from 1.4% compared to the previous year. The mindshare of Rapid7 InsightIDR is 1.2%, up from 1.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.6%
Kaspersky Next EDR Expert1.2%
Rapid7 InsightIDR1.2%
Other94.0%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Ravi-Upadhyay - PeerSpot reviewer
Founder at Inspira Enterprise
Provides strong threat detection and response through behavior analytics and network isolation
I have found the most valuable features of Kaspersky Endpoint Detection and Response Expert to be its ability to tackle the biggest challenges customers face when they have to mitigate any kind of a malware, ransomware attack, or online theft scenarios. The solution utilizes its HIPS, which is the host intrusion prevention system, behavior analytics system, and device control mechanism, making the antivirus capabilities of EDR quite strong. It is able to detect zero-day threats as well as historical or legacy malware, providing protection against current threats in the market and legacy malware. My opinion on the advanced threat detection algorithms in Kaspersky Endpoint Detection and Response Expert is that the ATP functionality is quite strong because it utilizes the behavioral analytics engine in the backend, which employs machine learning mechanisms to identify any kind of vulnerability or exploit running on the operating system level and the network level. If an attack is about to happen on the endpoint, it is able to protect over the network as well and checks for any illegitimate encryption activities. The machine learning capability within Kaspersky Endpoint Detection and Response Expert has contributed to improving detection accuracy and reducing false positives in my environment by helping me identify malicious activity and differentiate between any malicious activity on the operating system level and on the network level. I have seen customers with in-house developed applications that have no public signatures available. Once I whitelist a particular application, it intelligently whitelists not only the executable but also all the dependent services required to run that application. Furthermore, Kaspersky Endpoint Detection and Response Expert has successfully blocked network-level attacks on the endpoint. For example, during a recent DoS attack aimed at choking the entire network, Kaspersky detected the attack, isolated the device in a sandbox network, and alerted my SOC team via email for corrective action, thereby proactively helping me detect and protect devices from malicious attacks.
SohailHyder - PeerSpot reviewer
Head Of Cyber Security at Super Secure
Has supported compliance needs for mid-sized organizations but lacks customization and advanced integration
If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as a SIEM solution is. This is where it can improve if we keep in front the feature sets of a complete SIEM solution. Most common in the market is QRadar, but it is depleting now. It has been taken over by some other products such as Splunk and LogRhythm. If we compare these things with Rapid7 InsightIDR, then there are definitely some gaps that need to be filled. Data retention is also one concern because Rapid7 InsightIDR is cloud-based and operates on a subscription model. Whatever data you want to retain, it has to be paid for separately or it has a cost. Other solutions that are on-premises can have their own infrastructure or they provide some data retention for a month or in some capacity-wise, they provide that solution to them which makes them more attractive.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Stability is one of the features we like the most."
"We switched because there were a lot of added features with Palo Alto that Check Point didn't have, and it was an upgrade for us."
"The information the dashboard provides is very clear."
"Cortex XDR is a simple platform that's easy for administrators and users. You have a lot of flexibility to change or customize the features."
"I like the centralized console and the predictive analysis it does of malware. It is very stable and also scalable."
"The main benefit of using Cortex XDR by Palo Alto Networks while employing Palo Alto Firewall at the internet edge is that it improves security on our endpoint devices, integrating seamlessly with Palo Alto Firewalls to deliver comprehensive network, analyst, and security details all in a single dashboard, which allows us to manage everything from our network devices."
"Cortex XDR by Palo Alto Networks saves time in various ways, although the user interface is fairly standard."
"The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly. The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that."
"The most valuable feature of Kaspersky EDR is its simplicity. The console is easy to use and not very complex."
"The solution provides high-end security that is critical for financial institutions and bankers."
"Kaspersky is one of the best, and we are working with it today."
"The most valuable features are the reports."
"The features I appreciate most about this solution are its good response time, speed, and reliability; it detects most antiviruses and identifies viruses that other antivirus solutions don't detect."
"It is a scalable solution...It is a stable solution."
"The product is very easy to use."
"Kaspersky Endpoint Detection and Response Expert has successfully blocked network-level attacks on the endpoint, detecting a recent DoS attack, isolating the device in a sandbox network, and alerting my SOC team via email for corrective action, thereby proactively helping me detect and protect devices from malicious attacks."
"The biggest reason why we chose Rapid7 was to gain value in a really quick time. Its deployment doesn't take months. It just takes a few days."
"The UI is very good."
"Scalability-wise, I rate the solution a ten out of ten. As a cloud tool, the product is highly scalable."
"InsightIDR’s ability to process millions of transactions per day, and to notify me of the most critical ones, is priceless. InsightIDR has the alerts tuned, and has the ability to quickly drill down to determine the threat level."
"The solution is easy to use, and the interface is intuitive."
"I definitely recommend Rapid7 InsightIDR."
"The alerting to drive investigations and remediation has been its most valuable feature, plus the ability to quickly search multiple logs makes investigations easier."
"It improves because several sensors are deployed within the on-premise environment. It can be very efficient if the customer implements and operates it effectively."
 

Cons

"I have faced some issues with Cortex XDR by Palo Alto Networks; there is room for improvement in the sense that certain options prevent us from seeing and segregating data."
"If they had pulse rate detection, it would be better."
"The server sometimes stops continuously to check things so it would be helpful to receive access updates or technical reasons."
"There are some false positives."
"Traps doesn't work with McAfee. You need to remove McAfee to install Traps. This is very common, and its nothing that should be an issue. Some antivirus engines recognize Traps as an threat component, so maybe they need to shake hands somewhere."
"Whenever the tool releases a new version when deploying the product across the organization, I feel like there are some disturbances in the CPU usage after upgrading the tool to the latest version."
"Currently, we are monitoring all USB drives and ports but we would like to improve our device control capabilities."
"A potential area of improvement for Cortex XDR by Palo Alto Networks is the cost."
"There are some cases that take three days to deal with. It's too long."
"The installation process could be more streamlined."
"There is a problem with the solution, it came from Russia and we are looking for a replacement."
"Kaspersky Endpoint Detection and Response Expert needs to include a traffic interface."
"It consumes many system resources, and there should be more EDR details."
"If a customer wants to use Kaspersky on-prem, they'll need to spend a lot on the hardware. Their server must be strong because EDR is a heavy product. You need excellent hardware to run it. It might make sense to deploy the solution in the cloud. If they add features, it will only make the product heavier and increase the hardware costs."
"The solution could always be more secure."
"The system can be heavy, slowing down performance."
"The solution needs improvement in threat intelligence. Increasing the depth of intelligence to help users understand more about threats is a possibility. My suggestion is to expand access to other websites or resources."
"I'd like to be able to get the compliance report within the solution which is currently not possible."
"Tenable Nessus is easier to deal with. It's more efficient and accurate. InsightIDR is heavier than Tenable in terms of performance and scanning. Rapid7 would be much easier to use if it had a network connector like Tenable. Tenable's connector allows continuous monitoring over the B caps."
"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."
"Cloud risk assessment is one area where I think they need a lot of improvement."
"I would like the ability to adjust the threshold of certain existing alerts. Currently the only option is to change the notifications or create my own alert."
"The main problem lies in the processes within the client's operating systems."
"The product allows us to make only 30 custom rules."
 

Pricing and Cost Advice

"The price of the product is not very economical."
"It is "expensive" and flexible."
"The cost of Cortex XDR by Palo Alto Networks is $55 to $90 USD per endpoint per month."
"Cortex XDR's pricing is ok."
"The pricing is a little bit on the expensive side."
"It has a higher cost than other solutions, like CrowdStrike or Microsoft’s EDR tools, but it reduces the cost of our operations because it’s a new generation antivirus tool."
"I don't like that they have different types of licenses."
"The solution is expensive. It's pricing is on a yearly-basis."
"If one is cheap, ten is expensive, I rate the product’s price as a seven out of ten, especially if I compare it with CrowdStrike."
"Pricing for Kaspersky Endpoint Detection and Response is so-so when you compare it with its competitors. Its pricing isn't cheap nor expensive."
"The solution is worth its cost so I rate pricing a ten out of ten."
"The price of Kaspersky Endpoint Detection and Response is in the middle range compared to competitors. The pricing model is based on the users using the solutions. The cost for us is approximately 2200 Algerian dinars. The price of the solution could be reduced."
"EDR is priced on the cheaper side. Licensing for EDR is available on a yearly basis for around 80 SAR a year."
"Endpoint's pricing is good, especially compared to expensive solutions like Sophos."
"There is an annual license to use Kaspersky Endpoint Detection and Response. The price overall is a bit expensive when compared to other solutions. There are not any additional fees other than the license."
"The price of the solution could be reduced."
"Rapid7 InsightIDR's pricing is reasonable but we have challenges with the Minimum Order Quantity. It is not reasonable for customers who have less than one hundred devices. If they can reduce Minimum Order Quantity, it is good. You have to pay around 5000-6000 dollars per year for the product. The pricing includes maintenance and support costs."
"The pricing is good, and it is not very expensive."
"I rate Rapid7 InsightIDR's price a four on a scale of one to ten, where one is cheap, and ten is expensive."
"The pricing of the solution depends on the user. But there is a yearly licensing cost."
"It is on a yearly basis. For our own company, for about 250 users, it was 16,000 euros a year."
"Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's also a provide-your-own-S3 option for longer retention if you don't want to pay for the additional retention years in your Rapid7 agreement."
"​Accurately predict your licensing counts as this is a subscription based product.​"
"The team is very willing to work with companies. My suggestion is to call the Rapid7 sales department and see how they can help.​"
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Financial Services Firm
10%
Construction Company
9%
Computer Software Company
9%
Comms Service Provider
9%
Manufacturing Company
9%
Financial Services Firm
9%
Computer Software Company
8%
Comms Service Provider
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business30
Midsize Enterprise4
Large Enterprise18
By reviewers
Company SizeCount
Small Business21
Midsize Enterprise5
Large Enterprise6
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What needs improvement with Kaspersky Endpoint Detection and Response Expert?
The user interface of Kaspersky Endpoint Detection and Response Expert could be more intuitive, and I would appreciat...
What is your primary use case for Kaspersky Endpoint Detection and Response Expert?
My usual use cases for Kaspersky Endpoint Detection and Response Expert involve detecting ransomware earlier and proa...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is a...
What needs improvement with Rapid7 InsightIDR?
If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as ...
What is your primary use case for Rapid7 InsightIDR?
I am working with Rapid7 InsightOps and Rapid7 InsightIDR because the requirement is as such from the customer side, ...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Kaspersky EDR
InsightIDR
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Ferrari, Insolar, Tael, Republic of Serbia
Liberty Wines, Pioneer Telephone, Visier
Find out what your peers are saying about Kaspersky Next EDR Expert vs. Rapid7 InsightIDR and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.