Rapid7 InsightIDR vs Trellix ESM comparison

"InsightIDR’s ability to process millions of transactions per day, and to notify me of the most critical ones, is priceless. InsightIDR has the alerts tuned, and has the ability to quickly drill down to determine the threat level."

"InsightIDR helps us investigate an environment to discover information about incidents."

"Integration with threat modeling from the Metasploit and InsightIDR repositories."

"During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an application belongs to a known ransomware group. The system rates the threat, offering a clear detection ratio, such as 97 out of 100. It not only identifies threats but also illustrates the associated behaviors, helping us understand the potential risk to a particular endpoint."

"Rapid7's reporting is more robust than Tenable's."

"It improves because several sensors are deployed within the on-premise environment. It can be very efficient if the customer implements and operates it effectively."

"Features for user behavior analytics and the rules for attack review are good."

"The UI is very good."

"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."

"The tool's effectiveness depends on how you define your log sources. To build visibility of incoming and outgoing traffic, you need logs from perimeter defense, firewalls, web application firewalls, and endpoint protection. With good traffic visibility, incident response time is really quick."

"Trellix ESM is very user-friendly."

"The most valuable feature is the capability to correlate different events from different platforms that we feed into it."

"The most valuable feature is that if the scanning does find something, it quarantines it. Then you can decide what you are going to do with it."

"The solution's technical support is great."

"It enables us to detect malicious threats, issues, or vulnerabilities in our network."

"I like the ease of deployment."

"The searching feature in Rapid7 InsightIDR needs to evolve"

"There are certain limitations with Rapid7 that I am working on."

"The integration capabilities of the solution have certain shortcomings where improvements are required."

"Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries."

"I would like to see more development in InsightIDR towards building their SIEM solution and converting it to XDR."

"Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."

"The main problem lies in the processes within the client's operating systems."

"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."

"I would like to see improvements to the user interface."

"Areas of Trellix ESM that could be improved or enhanced include checking on the clients who are still on-prem, especially banks, as most are not moving everything to the cloud due to confidentiality and accessibility during network outages."

"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."

"It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI."

"There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee."

"The solution needs to improve case management. The UI is confusing."

"The support from McAfee ESM could improve. They could improve the speed."

"Product-wise, adding accounts on a single data source by batch would be a really great help."

"The pricing and licensing are competitive."

"The solution has a mid-range price point in the market"

"Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's also a provide-your-own-S3 option for longer retention if you don't want to pay for the additional retention years in your Rapid7 agreement."

"Rapid7 InsightIDR charges us based on the endpoints we connect to."

"Rapid7 InsightIDR is a cheaply priced product. On a scale of one to ten, where one is very expensive, and ten is very cheap, I rate the product's price at seven or eight."

"Rapid7 InsightIDR is priced very well and is cost-effective."

"It is on a yearly basis. For our own company, for about 250 users, it was 16,000 euros a year."

"It is a reasonably priced solution."

"Regarding pricing, Trellix ESM is not that expensive. It's less than half the cost of IBM QRadar."

"It is an inexpensive product. We purchase its yearly license."

"We pay for our licensing fees on a yearly basis, and there are no costs in addition to the standard licensing fees."

"The pricing is fair."

"The licensing cost is based on EPS."

"McAfee is the right choice for a low-budget solution."

"When compared to IBM Security QRadar and other similar platforms, the pricing of McAfee ESM is reasonable and comparatively less expensive."

"The price of McAfee ESM is higher than some of the other solutions. There are additional features that can be added at an additional fee."