Rapid7 InsightIDR vs Trellix Endpoint Detection and Response (EDR) comparison

"The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort through all the logs, network and endpoint data, etc., and add it to an incident case as part of the investigation, is nice. Having it automatically timeline that additional data into the original incident timeline, and correlate it to other notable events and activities on the network, results in a huge improvement in our overall confidence that we've quickly traced down the right source of an issue."

"InsightIDR has allowed us to find potential security issues that we did not know existed, and get remediation quickly."

"It improves because several sensors are deployed within the on-premise environment. It can be very efficient if the customer implements and operates it effectively."

"Dashboards, including the main screen, provide much-needed information at a glance, without hours of coding and sifting through logs to find it. In case of an actual security incident, I have faith that insightIDR has retained all logs in a secure manner that prevents log tampering as well."

"The solution is very scalable in terms of the licensing model."

"Enables the use of honey pots, honey users, and honey files to monitor for suspicious patterns."

"Integration with threat modeling from the Metasploit and InsightIDR repositories."

"Another very important part of insightIDR is the ability to collect data from endpoint devices via agent software. With a large remote workforce, this allows visibility into the endpoints that are connected to the internet, but not to the corporate network."

"If there is any malicious behavior in the workstation or server, the tool stops or isolates it automatically and generates alerts."

"Trellix has done a good job reducing threats."

"The most valuable feature of the solution is its area for threat detection."

"Trellix Endpoint Detection and Response (EDR) offers endpoint protection and helps collect information while also allowing users to investigate malicious files in an IT environment...It is a stable solution...It is a scalable solution."

"The product's initial setup phase was very straightforward since you just need to install it, and it works."

"The most valuable features of the solution are the ability to isolate or quarantine devices and block or detect Ransomware and other well-known tools that are used to exploit vulnerabilities on devices."

"This is a stable product."

"The dashboard makes it easier and more effective to analyze data."

"Lacks a mobile application."

"They should add more configuration and security features to it."

"The product allows us to make only 30 custom rules."

"Currently, it lacks the functionalities provided by Rapid7's User Behavior Analytics (UBA)."

"Tenable Nessus is easier to deal with. It's more efficient and accurate. InsightIDR is heavier than Tenable in terms of performance and scanning. Rapid7 would be much easier to use if it had a network connector like Tenable. Tenable's connector allows continuous monitoring over the B caps."

"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."

"The solution's XDR agents cannot compete with the XDR solutions out there yet."

"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."

"The endpoints and utilization are too high, which impacts the production activity."

"Some modules that are doing machine learning and artificial intelligence are blocking our processes."

"When it comes to some unknown fileless attacks, the tool is not able to detect them properly, making it an area where improvements are required."

"An area for improvement in McAfee MVISION Endpoint Detection and Response is the historical search. For example: when you have information on the artifact and a precedent, you want to do a search, and that is a bit lacking in the tool."

"The CPU utilization of the product is quite high compared to its competitors."

"I need some protection, possibly multi-factor authentication improvements."

"The searching capabilities for the IOCs can be further improved"

"The alert feature of McAfee MVISION Endpoint Detection and Response needs improvement because for you to get the alerts, you have to log on to the portal. What my company needs is a tool that sends you alerts. For example, if it detects a threat on your machine, it should send you an alert. My company gets the alerts instead from the antivirus software rather than the EDR. If you want to see the alerts on McAfee MVISION Endpoint Detection and Response, you have to connect to the system manually. Another area for improvement in the tool is the reporting. My company needs weekly and monthly reports about the alerts, but you can't extract reports from McAfee MVISION Endpoint Detection and Response, so a decision was made to move to another EDR solution, particularly Microsoft Defender for Endpoint, next month. My company tested Microsoft Defender for Endpoint via a POC for one to three months. The resource usage of McAfee MVISION Endpoint Detection and Response is also an area for improvement because it consumes a lot of memory. For example, during the on-demand scan, you can't work because of the high CPU usage. You need to schedule the scans. McAfee MVISION Endpoint Detection and Response has a lot of modules, but my company doesn't use all modules."

"It is on a yearly basis. For our own company, for about 250 users, it was 16,000 euros a year."

"Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's also a provide-your-own-S3 option for longer retention if you don't want to pay for the additional retention years in your Rapid7 agreement."

"It is more reasonably priced than other vendors."

"The team is very willing to work with companies. My suggestion is to call the Rapid7 sales department and see how they can help.​"

"The pricing and licensing are competitive."

"The solution has a mid-range price point in the market"

"Rapid7 InsightIDR charges us based on the endpoints we connect to."

"The pricing is good, and it is not very expensive."

"The licensing costs attached to the solution are very easy to manage. There is a need to make yearly payments towards the licensing costs."

"Speaking about the price, you must use the product to find the product's cost for you."

"On a scale of one to ten, where one is low and ten is high, I rate the solution's pricing an eight out of ten."

"Pricing is a problem in South Africa. It could be cheaper here. The rand-to-dollar exchange rate makes it expensive for us. A 25 dollar endpoint cost becomes quite significant when converted to rand."

"Pricing for McAfee MVISION Endpoint Detection and Response is not that expensive, but it's not something that a startup could buy. Pricing for it is for midsized businesses. There's an additional payment if you want data retention for more than thirty days. They gave us data retention for thirty days. Then if you want longer data retention, they have the paid option for a three-month data retention period and for a one-year data retention period."

"McAfee MVISION Endpoint Detection and Response is reasonable in terms of cost. It's a tool my company has been using for a few years now. It costs $25,000 to $30,000 for six hundred users."

"The price is reasonable."

"The cost is okay, compared to other products."