Rapid7 InsightIDR vs Trellix Endpoint Detection and Response (EDR) comparison

"During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an application belongs to a known ransomware group. The system rates the threat, offering a clear detection ratio, such as 97 out of 100. It not only identifies threats but also illustrates the associated behaviors, helping us understand the potential risk to a particular endpoint."

"The technical support is a solid 10 out of 10 as they take the time to answer any questions or problems which may arise in a reasonable time frame."

"The ability to ingest Office 365 log files, then process them into events and display them on a map."

"Great coverage of all systems within our network from endpoint to firewall."

"Rapid7's reporting is more robust than Tenable's."

"It is a very stable solution."

"Log search allows us to dive deep into aggregated logs and query all event types at once.​"

"It improves because several sensors are deployed within the on-premise environment. It can be very efficient if the customer implements and operates it effectively."

"If there is any malicious behavior in the workstation or server, the tool stops or isolates it automatically and generates alerts."

"It relies on external systems for detection and then asks the endpoint to handle blocking. However, the most crucial feature is its investigative capabilities. With real-time search and other functionalities, it enables comprehensive detection and response."

"Trellix has a user-friendly interface."

"The most valuable feature I found in McAfee MVISION Endpoint Detection and Response is the guided analytics or guided EDR investigation."

"The product and the services we have are quite good."

"It is a scalable solution and very easy to use."

"The product provides a one-click recovery of encrypted files."

"The dashboard makes it easier and more effective to analyze data."

"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses.​"

"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."

"I would like to see more development in InsightIDR towards building their SIEM solution and converting it to XDR."

"There is a future in AI with Rapid7, however, it is not fully operated. There are certain limitations with Rapid7 that I am working on."

"The solution's XDR agents cannot compete with the XDR solutions out there yet."

"InsightIDR's integration with other solutions could be improved. Also, I'd like more control from the portal over what's happening on the endpoint side. For example, when I see an attack on an endpoint, I want to be able to stop it from the portal."

"Tenable Nessus is easier to deal with. It's more efficient and accurate. InsightIDR is heavier than Tenable in terms of performance and scanning. Rapid7 would be much easier to use if it had a network connector like Tenable. Tenable's connector allows continuous monitoring over the B caps."

"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."

"Some modules that are doing machine learning and artificial intelligence are blocking our processes."

"I'd like the tool to become more like an XDR, with one management system and endpoint activation."

"I remember doing many tickets for Trellix support, and my EDR was not properly functioning. I didn't feel the detection or the real protection."

"When it comes to some unknown fileless attacks, the tool is not able to detect them properly, making it an area where improvements are required."

"The CPU utilization of the product is quite high compared to its competitors."

"The alert feature of McAfee MVISION Endpoint Detection and Response needs improvement because for you to get the alerts, you have to log on to the portal. What my company needs is a tool that sends you alerts. For example, if it detects a threat on your machine, it should send you an alert. My company gets the alerts instead from the antivirus software rather than the EDR. If you want to see the alerts on McAfee MVISION Endpoint Detection and Response, you have to connect to the system manually. Another area for improvement in the tool is the reporting. My company needs weekly and monthly reports about the alerts, but you can't extract reports from McAfee MVISION Endpoint Detection and Response, so a decision was made to move to another EDR solution, particularly Microsoft Defender for Endpoint, next month. My company tested Microsoft Defender for Endpoint via a POC for one to three months. The resource usage of McAfee MVISION Endpoint Detection and Response is also an area for improvement because it consumes a lot of memory. For example, during the on-demand scan, you can't work because of the high CPU usage. You need to schedule the scans. McAfee MVISION Endpoint Detection and Response has a lot of modules, but my company doesn't use all modules."

"For Spanish users, it is necessary to have a knowledge base specifically designed for them, which is currently not available."

"The main drawbacks are resources and processing time, as it consumes a lot of CPU and RAM."

"The pricing of the solution depends on the user. But there is a yearly licensing cost."

"​Accurately predict your licensing counts as this is a subscription based product.​"

"Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's also a provide-your-own-S3 option for longer retention if you don't want to pay for the additional retention years in your Rapid7 agreement."

"Licensing is straightforward. If, for some reason, you don’t meet the minimum licensing requirements, there is a third-party managed service that can help."

"​I am sure that there are cheaper products out there, but none that meet so many of our needs whilst maintaining stability and usability.​"

"The solution has a mid-range price point in the market"

"Rapid7 InsightIDR is a cheaply priced product. On a scale of one to ten, where one is very expensive, and ten is very cheap, I rate the product's price at seven or eight."

"Rapid7 InsightIDR's pricing is reasonable."

"Pricing for McAfee MVISION Endpoint Detection and Response is not that expensive, but it's not something that a startup could buy. Pricing for it is for midsized businesses. There's an additional payment if you want data retention for more than thirty days. They gave us data retention for thirty days. Then if you want longer data retention, they have the paid option for a three-month data retention period and for a one-year data retention period."

"McAfee MVISION Endpoint Detection and Response is reasonable in terms of cost. It's a tool my company has been using for a few years now. It costs $25,000 to $30,000 for six hundred users."

"Pricing is a problem in South Africa. It could be cheaper here. The rand-to-dollar exchange rate makes it expensive for us. A 25 dollar endpoint cost becomes quite significant when converted to rand."

"The price is reasonable."

"Speaking about the price, you must use the product to find the product's cost for you."

"On a scale of one to ten, where one is low and ten is high, I rate the solution's pricing an eight out of ten."

"The licensing costs attached to the solution are very easy to manage. There is a need to make yearly payments towards the licensing costs."

"The pricing is always high."