We performed a comparison between Rapid7 InsightIDR and Sophos UTM based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."The automation feature is valuable."
"The UI of Sentinel is very good and easy to use, even for beginners."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The machine learning and artificial intelligence on offer are great."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"Free ingestion for Azure logs (with E5 licence)"
"I have seen that Rapid7 InsightIDR provides security to the networks and endpoints in the company."
"If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities."
"Rapid7 InsightIDR integrates well with other solutions. It's also easy to configure because Rapid7 InsightIDR has a lot of instructions posted on their website that customers can follow if they need to get the source log."
"I like the tool's user analysis feature."
"The ability to ingest Office 365 log files, then process them into events and display them on a map."
"The solution is very scalable in terms of the licensing model."
"Another very important part of insightIDR is the ability to collect data from endpoint devices via agent software. With a large remote workforce, this allows visibility into the endpoints that are connected to the internet, but not to the corporate network."
"Rapid7 is easy to use and deploy. It is a simple solution and has easy data pulling."
"Configuration could not be made any easier."
"They are all good, but most-used are Network Protection and Web Filtering."
"If a computer does get infected the Sophos appliance lets us know via it's Advanced Threat Protection so we can get a much faster response time."
"The solution is easy to handle and configure."
"The initial setup is easy."
"The cost of the solution is very reasonable."
"We've found the technical support to be helpful."
"The initial setup is pretty straightforward."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"We'd like also a better ticketing system, which is older."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"We are invoiced according to the amount of data generated within each log."
"Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."
"The dashboard is an area that could be simplified."
"Rapid7 InsightIDR is not intuitive to search for logs. It should be more user-friendly and improve the dashboards. We should be able to use ready-made templates instead of having to build one."
"The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user and a separate table or group by destination. But I'd be more interested in where a person was logging into instead of who was logging in or where he was logging in."
"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses."
"The integration capabilities of the solution have certain shortcomings where improvements are required."
"The solution needs improvement in threat intelligence. Increasing the depth of intelligence to help users understand more about threats is a possibility. My suggestion is to expand access to other websites or resources."
"Needs a better ability to customize the check within the console."
"Last year, Sophos had some major internal management changes that negatively impacted their support."
"The scalability of the product is an area with certain shortcomings where improvements are required."
"Monitoring and reporting are areas that need improvement."
"Anti-phishing functionality should be improved."
"Sophos customer support could use some improvement."
"In Sophos UTM there is always a problem with the routing tables. If you want to see the routing table, you have to use the UI. You can't do it via a web browser. The routing table is better in Fortinet."
"Support for IKEv2 is needed in this solution."
"I would like to see the SD-WAN feature improved."
Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 29 reviews while Sophos UTM is ranked 1st in Unified Threat Management (UTM) with 110 reviews. Rapid7 InsightIDR is rated 8.4, while Sophos UTM is rated 8.4. The top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". On the other hand, the top reviewer of Sophos UTM writes "It's a highly stable platform with very few hardware issues". Rapid7 InsightIDR is most compared with Darktrace, Splunk Enterprise Security, Rapid7 InsightVM, IBM Security QRadar and Microsoft Defender for Identity, whereas Sophos UTM is most compared with Netgate pfSense, Fortinet FortiGate, Sophos XG, OPNsense and Palo Alto Networks NG Firewalls.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.