We performed a comparison between Microsoft Defender XDR and Rapid7 InsightIDR based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Forensics is a valuable feature of Fortinet FortiEDR."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"The stability is very good."
"This is stable and scalable."
"NGAV and EDR features are outstanding."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"Setting up Microsoft 365 Defender is easy. It's a user-friendly solution that provides threat protection. It has good stability and scalability."
"Microsoft Defender's most critical component is its CASB solution. It has many built-in policies that can improve your organization's cloud security posture. It's effective regardless of where your users are, which is critical because most users are working from home. It's cloud-based, so nothing is on-premise."
"Microsoft 365 Defender is a good solution and easy to use."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing."
"The integration with other Microsoft solutions is the most valuable feature."
"The most valuable feature is the network security."
"InsightIDR has allowed us to find potential security issues that we did not know existed, and get remediation quickly."
"We were able to identify criminals attempting to login from China and put a stop on their IP locations."
"I rate Rapid7 nine out of 10 for affordability"
"User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day."
"The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort through all the logs, network and endpoint data, etc., and add it to an incident case as part of the investigation, is nice. Having it automatically timeline that additional data into the original incident timeline, and correlate it to other notable events and activities on the network, results in a huge improvement in our overall confidence that we've quickly traced down the right source of an issue."
"Enables the use of honey pots, honey users, and honey files to monitor for suspicious patterns."
"The web interface is great — very useful and user-friendly."
"The biggest reason why we chose Rapid7 was to gain value in a really quick time. Its deployment doesn't take months. It just takes a few days."
"The solution is not stable."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"Everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"FortiEDR can be improved by providing more detailed reporting."
"We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team."
"I personally have not seen much evidence of how Defender can enhance the story of zero trust for enterprises."
"A simple dashboard without having to use MS Sentinel would be a welcome improvement."
"The management and automation of the cloud apps have room for improvement."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"One of the biggest downsides of Microsoft products, in general, is that the menus are often difficult to find, as they tend to move from place to place between versions."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"The tool gives inconsistent answers and crashes a lot."
"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."
"I would like the ability to adjust the threshold of certain existing alerts. Currently the only option is to change the notifications or create my own alert."
"One thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not."
"The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."
"I feel it would greatly benefit from more supported log sources."
"Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries."
"One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level."
"Lacks a mobile application."
Microsoft Defender XDR is ranked 8th in Endpoint Detection and Response (EDR) with 76 reviews while Rapid7 InsightIDR is ranked 21st in Endpoint Detection and Response (EDR) with 29 reviews. Microsoft Defender XDR is rated 8.4, while Rapid7 InsightIDR is rated 8.4. The top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". On the other hand, the top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Secureworks Taegis XDR, whereas Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and IBM Security QRadar. See our Microsoft Defender XDR vs. Rapid7 InsightIDR report.
See our list of best Endpoint Detection and Response (EDR) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.