Netsurion vs Rapid7 InsightIDR comparison

Netsurion and Rapid7 are both solutions in the Security Information and Event Management (SIEM) category. Netsurion is ranked #54, while Rapid7 is ranked #14 with an average rating of 7.8. Netsurion holds a 0.7% mindshare in SIEM, compared to Rapid7’s 2.1% mindshare. Additionally, 92% of Netsurion users are willing to recommend the solution, compared to 96% of Rapid7 users who would recommend it.

Netsurion

Read 24 Netsurion reviews

2,006 Views
1,063 Comparison Views

92% willing to recommend

Rapid7 InsightIDR

Read 32 Rapid7 InsightIDR reviews

6,954 Views
3,407 Comparison Views

96% willing to recommend

Netsurion

Rapid7 InsightIDR

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 18, 2024

Rapid7 InsightIDR and Netsurion are both major players in the cybersecurity market. Rapid7 InsightIDR seems to have the upper hand for its ease of deployment and an intuitive interface, while Netsurion stands out for its feature-rich capabilities and robust customer service.

Features: Rapid7 InsightIDR includes comprehensive incident detection, automated response features, and an intuitive interface. Netsurion offers extensive threat intelligence, real-time log monitoring, and detailed analytics.

Room for Improvement: Rapid7 InsightIDR could improve its customizability, reporting functionality, and integration with other tools. Netsurion could refine its integration process with other tools, improve user customization options, and enhance its reporting features.

Ease of Deployment and Customer Service: Rapid7 InsightIDR is commended for smooth deployment models and responsive customer service. Netsurion benefits from positive feedback on its deployment process and exceptional customer service.

Pricing and ROI: Rapid7 InsightIDR's pricing is considered reasonable given its ROI, but some users find initial setup costs high. Netsurion receives favorable reviews for pricing, with users highlighting strong ROI.

To learn more, read our detailed Netsurion vs. Rapid7 InsightIDR Report (Updated: January 2026).

Buyer's Guide

Netsurion vs. Rapid7 InsightIDR

January 2026

Download the complete report

Helped 882,103 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Netsurion

Ranking in Security Information and Event Management (SIEM)

54th

Ranking in Extended Detection and Response (XDR)

47th

Average Rating

8.4

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

Managed Security Services Providers (MSSP) (33rd), SOC as a Service (14th), Managed Detection and Response (MDR) (39th)

Rapid7 InsightIDR

Ranking in Security Information and Event Management (SIEM)

14th

Ranking in Extended Detection and Response (XDR)

18th

Average Rating

8.4

Reviews Sentiment

7.0

Number of Reviews

Ranking in other categories

User Entity Behavior Analytics (UEBA) (8th), Endpoint Detection and Response (EDR) (23rd), Threat Deception Platforms (4th)

Mindshare comparison

As of February 2026, in the Security Information and Event Management (SIEM) category, the mindshare of Netsurion is 0.7%, up from 0.3% compared to the previous year. The mindshare of Rapid7 InsightIDR is 2.1%, down from 2.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Information and Event Management (SIEM) Market Share Distribution
Product	Market Share (%)
Rapid7 InsightIDR	2.1%
Netsurion	0.7%
Other	97.2%

Security Information and Event Management (SIEM)

Featured Reviews

John-Berry

Information Technology Manager at ProfitSolv

The SOC center monitors, hunts, and notifies us of threats around the clock

I know they are working to resolve this issue, but Netsurion is currently unable to retrieve logs from S3 buckets. We use WP Engine for a lot of web hosting as well as AWS, and both of these platforms use S3 buckets. I would like Netsurion to be able to pull logs from Linux devices. We have some of that capability, and I believe they can do it. However, the way it works with Amazon is strange and glitchy. Therefore, working something out with Amazon would be great. Netsurion's SOC can be a bit too aggressive at times. We have asked them to adjust their playbook because I am tired of being notified about the same issue multiple times a day. I am aware of the issue, and it is not a cause for concern. Let's only take action on this issue if we see an actual problem.

Read full review

SohailHyder

Head Of Cyber Security at Super Secure

Has supported compliance needs for mid-sized organizations but lacks customization and advanced integration

If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as a SIEM solution is. This is where it can improve if we keep in front the feature sets of a complete SIEM solution. Most common in the market is QRadar, but it is depleting now. It has been taken over by some other products such as Splunk and LogRhythm. If we compare these things with Rapid7 InsightIDR, then there are definitely some gaps that need to be filled. Data retention is also one concern because Rapid7 InsightIDR is cloud-based and operates on a subscription model. Whatever data you want to retain, it has to be paid for separately or it has a cost. Other solutions that are on-premises can have their own infrastructure or they provide some data retention for a month or in some capacity-wise, they provide that solution to them which makes them more attractive.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"I like the UI, overall. I like the main page and there are aspects of the search page that I like. When you bring it up on the left-hand side of the page, as you look at the events, the ability to simply hit and click the plus/minus to pull events in and out of the overall view is well done and is very effective from a threat-hunting and an analysis perspective. I like the detail it shows."

"I think Netsurion scales well. We've gone from a small number of agents up to thousands. So I would imagine that it would continue to scale. I don't see any issue with that."

"When I looked last week, we probably averaged about 20 million log entries a day. So, we certainly can't individually manage that. Just looking at the reports, then trying to go back and find anything that was questionable, was a challenge. Therefore, the managed service has been invaluable to us in terms of being able to narrow the scope of what really needs to be looked at and bringing those things to our attention to be dealt with."

"They have a number of integrations with different products. Google Workspace is one of them, and Microsoft Azure is another one. They integrate with a number of other things, such as Duo for multi-factor authentication. They can pull the logs from Duo to see if users are coming from bad repeatable IPs or if there are malicious known IPs that may be popping up in the logs. They are able to see that, and they can identify that. Some of the other integrations they do are from inside your network. For firewalls, they can integrate with SonicWall, Cisco, Fortinet, etc. They have a pretty wide variety of things to integrate with and be able to pull the logins from those devices."

"Netsurion has its own security operations center, where it tracks information that comes across our telemetry."

"Netsurion was easy to deploy. I have worked with other systems that were a little less complex, but they weren't quite as easy to deploy."

"The SIEMs and managed service are its most valuable features. We get a weekly report from them which provides a culmination of them combing through millions of events which are triggered across our network every day and minute. Their information security experts basically boil that down to a report which I get emailed once a week. It identifies potential threats and the remediation that I should take to be able to quell those threats."

"Netsurion's 24/7 monitoring has enhanced the overall security of the company. They have someone looking at the data 24/7 who will call us as needed. If their team spots a malicious process after hours, they notify the appropriate person by phone. We get a lot of actionable threat intelligence from Netsurion. For example, if a user clicks on a malicious link in a web page and starts an unusual process that isn't on the white-list, Netsurion's team can detect it and prevent it from executing. Afterward, they'll notify us by telephone, so we can respond and clean up whatever damage has occurred."

More Netsurion pros

"InsightIDR helps us investigate an environment to discover information about incidents."

"Very intuitive and easy to set up."

"Features for user behavior analytics and the rules for attack review are good."

"The solution's initial setup is easy."

"Enables the use of honey pots, honey users, and honey files to monitor for suspicious patterns."

"The biggest reason why we chose Rapid7 was to gain value in a really quick time. Its deployment doesn't take months. It just takes a few days."

"Integration with threat modeling from the Metasploit and InsightIDR repositories."

"I like that it's a cloud-based solution."

More Rapid7 InsightIDR pros

Cons

"I would like to see a faster response when we see things like 15,000 lockouts. I really wished that I had known that on Friday afternoon rather than waiting until I got the weekly report today. By the same token, they are looking at it from the point of view that this is a system or software malfunction. This is not a bad actor repeating the exact same password three times a second. Therefore, they can tell that this is not a bad thing. However, it's not a security event but it is an operational event for me. Knowing this sort of thing would help my team and me out more because then we would be able to clear out a lot of network traffic that we didn't know was going on. So, we would like quicker updates on non-high security events."

"I'd like to see improvement in the ease of generating reports. It seems fairly cumbersome whenever you decide to start tracking new categories of events. It seems a little kludgy when trying to generate those reports."

"It would be great if they had a client for phones by which they could push a notification to us, as opposed to via email."

"The deployment of the agents could be a bit easier. We always seem to have a bit of a challenge with that. A lot of times the agents either don't deploy or they quit responding, then we have to go and redeploy them."

"Communication is always something that can be improved, but I feel that any time we've had a communication issue, it's quickly addressed when we bring those up at the monthly meetings. Usually, it's an individual that wasn't clear in the communication, it's not the process per se. You always have to be able to segregate if the process didn't work or an individual either didn't say the right thing or my people didn't understand what they were being told."

"The system requirements are very, very high. So I need a pretty powerful server to run. If they could lighten that load so that the on-premise part of their product didn't impact my systems as much that would be ideal."

"They have their programs and tools that you have to put into your own environment. We basically ingest all the log data and then push it out to them. I wish it was a little bit different than that where we just push directly towards them. I do not know if that is a function that they thought would be better in terms of security, but I wish that instead of doing that, it should go from the device to them and not from the device to another system and then out to them. There seem to be some drawbacks to doing that."

"I would like to see the dashboard come up more quickly."

More Netsurion cons

"I would like the ability to adjust the threshold of certain existing alerts. Currently the only option is to change the notifications or create my own alert."

"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."

"The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user and a separate table or group by destination. But I'd be more interested in where a person was logging into instead of who was logging in or where he was logging in."

"I would like to see more development in InsightIDR towards building their SIEM solution and converting it to XDR."

"Tenable Nessus is easier to deal with. It's more efficient and accurate. InsightIDR is heavier than Tenable in terms of performance and scanning. Rapid7 would be much easier to use if it had a network connector like Tenable. Tenable's connector allows continuous monitoring over the B caps."

"The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."

"One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level."

"Rapid7 InsightIDR is not intuitive to search for logs. It should be more user-friendly and improve the dashboards. We should be able to use ready-made templates instead of having to build one."

More Rapid7 InsightIDR cons

Pricing and Cost Advice

"The pricing and licensing seem very reasonable. The managed service part of it feels like it gives me the equivalent of a full-time engineer for a lot less money. So, I feel it's a good value."

"EventTracker's subscription-based model is interesting as far as yearly license type stuff. It's nice because you know what it's going to be next year. We haven't really looked at any other solutions. The pricing at the time compared to the other solutions was a lot less. A couple of years ago, we actually looked at Splunk. The amount in Splunk's licensing model is based on 20 gigs a day, or something like that. Based on our number of logs and stuff that we were already generating, the costs would be substantially more for the amount of logs that we would be getting."

"We put together the package of what we needed. It was based pretty much on the number of agents that we were deploying. If we needed to manage logging from certain specific applications, like Active Directory and SQL Server, there has been no additional cost for that. We had agents deployed for those specific servers and the applications were included, then there was just an additional installation that they had to do for us."

"The solution is fairly expensive, but in my experience, all of the SIEM applications that I've evaluated or looked at cost about the same."

"I don't know if the pricing is by the seat but we're paying about $20,000 to 25,000 a year. On top of that, we pay for the managed support services. That runs us about another $35,000 or $40,000 a year."

"Netsurion's pricing is extremely fair and flexible. The price of their SIEM product is reasonable, and you can pay for those services you want on top of that. It wasn't cheap, but it's competitive, and we intend to renew our contract."

"Netsurion's pricing is competitive. At the same time, they're the only ones who do what we want to do the way we want it. I can't say we would've paid more, but we would've had to have come up with our own solution if they weren't providing that."

"We have seen time and cost savings. It prevents us from having to hire specialized people for this type of work. We would need to hire six staff members to accommodate the same service."

More Netsurion pricing and cost advice

"Rapid7 InsightIDR's pricing is reasonable but we have challenges with the Minimum Order Quantity. It is not reasonable for customers who have less than one hundred devices. If they can reduce Minimum Order Quantity, it is good. You have to pay around 5000-6000 dollars per year for the product. The pricing includes maintenance and support costs."

"The pricing of the solution depends on the user. But there is a yearly licensing cost."

"The solution has a mid-range price point in the market"

"It is a reasonably priced solution."

"The pricing and licensing are competitive."

"The pricing is good, and it is not very expensive."

"Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's also a provide-your-own-S3 option for longer retention if you don't want to pay for the additional retention years in your Rapid7 agreement."

"It is more reasonably priced than other vendors."

More Rapid7 InsightIDR pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

882,103 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Performing Arts

15%

Manufacturing Company

Outsourcing Company

Retailer

Computer Software Company

11%

Financial Services Firm

Manufacturing Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	10
Midsize Enterprise	7
Large Enterprise	7

By reviewers
Company Size	Count
Small Business	20
Midsize Enterprise	5
Large Enterprise	6

Questions from the Community

Ask a question

Earn 20 points

What SOC product do you recommend?

For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...

See all answers

What do you like most about Rapid7 InsightIDR?

During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an applicati...

See all answers

What is your experience regarding pricing and costs for Rapid7 InsightIDR?

The product pricing is very cheap.

See all answers

Comparisons

Legato Security vs Netsurion

Compared 7% of the time

IBM Security QRadar vs Netsurion

Compared 7% of the time

GoSecure Titan Platform vs Netsurion

Compared 6% of the time

Devo vs Netsurion

Compared 6% of the time

ManageEngine Log360 vs Netsurion

Compared 6% of the time

More Netsurion Competitors

Rapid7 InsightVM vs Rapid7 InsightIDR

Compared 5% of the time

Microsoft Sentinel vs Rapid7 InsightIDR

Compared 5% of the time

Splunk Enterprise Security vs Rapid7 InsightIDR

Compared 5% of the time

CrowdStrike Falcon vs Rapid7 InsightIDR

Compared 4% of the time

Darktrace vs Rapid7 InsightIDR

Compared 3% of the time

More Rapid7 InsightIDR Competitors

Product Reports

Buyer's Guide

Netsurion

January 2026

Download Netsurion product report

Buyer's Guide

Rapid7 InsightIDR

January 2026

Download Rapid7 InsightIDR product report

Also Known As

Netsurion Managed Threat Protection, Netsurion EventTracker

InsightIDR

Overview

Netsurion offers robust SIEM capabilities enhanced by managed services, facilitating efficient threat identification and response with real-time alerts and comprehensive reporting.

Netsurion stands out for its integration of SIEM, IDS, and vulnerability management. Its real-time threat alerts and dashboards enhance user response capabilities. With centralized logging from Windows, Linux, Cisco devices, firewalls, and Active Directory, Netsurion enables effective compliance support for HIPAA and PCI standards. Managed Threat Protection with the embedded MITRE ATT&CK Framework enhances threat intelligence, while its evolving interface aims to improve user interactions. However, some users find deployment and searching challenging, pointing to areas for improvement.

What are Netsurion's key features?

SIEM Capabilities: Efficient threat identification using real-time alerts and dashboards.
Managed Services: Provides remote monitoring and advisory support.
Comprehensive Reporting: Assists in compliance and actionable insights.
MITRE ATT&CK Framework: Enhances threat intelligence and management.
Seamless Integration: Works with existing systems for streamlined operations.

What benefits should users consider in reviews?

Threat Response Tool: Rapid identification and response to security incidents.
Usability: Efforts to evolve and simplify user interactions.
Operational Efficiency: Streamlined processes through integration and managed services.
Compliance Support: Assistance with industry standards like HIPAA and PCI.

Netsurion is frequently implemented in industries requiring comprehensive security monitoring and compliance, such as healthcare and finance. It aids businesses in consolidating security efforts, offering insights into user activities and system changes, an asset for companies lacking substantial internal resources.

Netsurion

Parsing hundreds of trivial alerts. Managing a mountain of data. Manually forwarding info from your endpoints. Forget that. InsightIDR instantly arms you with the insight you need to make better decisions across the incident detection and response lifecycle, faster.

Rapid7

Sample Customers

The Salvation Army, The FRESH Market, Pacific Western Bank, NASA, American Academy of Orthopaedic Surgeons (AAOS), and Talbot’s Stores

Liberty Wines, Pioneer Telephone, Visier

Buyer's Guide

Netsurion vs. Rapid7 InsightIDR

January 2026

Free Report: Netsurion vs. Rapid7 InsightIDR

Find out what your peers are saying about Netsurion vs. Rapid7 InsightIDR and other solutions. Updated: January 2026.

DOWNLOAD NOW

882,103 professionals have used our research since 2012.

See our Netsurion vs. Rapid7 InsightIDR report.

See our list of best Security Information and Event Management (SIEM) vendors and best Extended Detection and Response (XDR) vendors.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.