Rapid7 InsightIDR vs Trellix ESM comparison

"Another very important part of insightIDR is the ability to collect data from endpoint devices via agent software. With a large remote workforce, this allows visibility into the endpoints that are connected to the internet, but not to the corporate network."

"Rapid7's reporting is more robust than Tenable's."

"I am able to run automated actions based on the output of reports, leaving me extra time to focus on more pressing matters."

"During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an application belongs to a known ransomware group. The system rates the threat, offering a clear detection ratio, such as 97 out of 100. It not only identifies threats but also illustrates the associated behaviors, helping us understand the potential risk to a particular endpoint."

"It improves because several sensors are deployed within the on-premise environment. It can be very efficient if the customer implements and operates it effectively."

"The biggest reason why we chose Rapid7 was to gain value in a really quick time. Its deployment doesn't take months. It just takes a few days."

"The product works well. Stability-wise, I rate the solution a ten out of ten."

"We were able to identify criminals attempting to login from China and put a stop on their IP locations."

"Trellix ESM is very user-friendly."

"The strongest part of Trellix ESM is that we get quite good reports."

"McAfee as a whole is a good solution."

"The tool's effectiveness depends on how you define your log sources. To build visibility of incoming and outgoing traffic, you need logs from perimeter defense, firewalls, web application firewalls, and endpoint protection. With good traffic visibility, incident response time is really quick."

"The support I have received from the vendor has been great."

"The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it."

"It is easy to use and deploy. It comes with user-friendly manuals."

"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."

"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."

"One thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not."

"Tenable Nessus is easier to deal with. It's more efficient and accurate. InsightIDR is heavier than Tenable in terms of performance and scanning. Rapid7 would be much easier to use if it had a network connector like Tenable. Tenable's connector allows continuous monitoring over the B caps."

"Cloud risk assessment is one area where I think they need a lot of improvement."

"The APIs can be further improved in Rapid7."

"Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries."

"One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level."

"I would like to see more development in InsightIDR towards building their SIEM solution and converting it to XDR."

"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."

"It seems McAfee does test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs."

"It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI."

"We cannot add new data sources to the most recent version."

"Tech support is required each time there is a system update of the solution."

"I would like to see good analytics in future releases."

"The support from McAfee ESM could improve. They could improve the speed."

"We need to improve Trellix ESM by making sure that most of the logging devices available in the global market should be covered, and if there is any device which is not covered, there should not be any additional charges for writing the custom parsers on that."

"It is on a yearly basis. For our own company, for about 250 users, it was 16,000 euros a year."

"Rapid7 InsightIDR is priced very well and is cost-effective."

"Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's also a provide-your-own-S3 option for longer retention if you don't want to pay for the additional retention years in your Rapid7 agreement."

"The pricing and licensing are competitive."

"Rapid7 InsightIDR charges us based on the endpoints we connect to."

"Rapid7 InsightIDR's pricing is reasonable."

"The team is very willing to work with companies. My suggestion is to call the Rapid7 sales department and see how they can help.​"

"I rate Rapid7 InsightIDR's price a four on a scale of one to ten, where one is cheap, and ten is expensive."

"Regarding pricing, Trellix ESM is not that expensive. It's less than half the cost of IBM QRadar."

"The price of McAfee ESM is higher than some of the other solutions. There are additional features that can be added at an additional fee."

"The cost is dependent on the customer's environment and requirements."

"When compared to IBM Security QRadar and other similar platforms, the pricing of McAfee ESM is reasonable and comparatively less expensive."

"You should buy the distributed option instead of the all-in-one for environments with more than 1000 end points."

"McAfee is the right choice for a low-budget solution."

"The pricing is good, and they are competitive compared to providers such as RSA and IBM QRadar."

"The licensing cost is based on EPS."