Rapid7 InsightIDR vs Trellix ESM comparison

"Rapid7 InsightIDR is budget-friendly and has a good market position because not everybody can afford to go for LogRhythm or Splunk or QRadar."

"Enables the use of honey pots, honey users, and honey files to monitor for suspicious patterns."

"It improves because several sensors are deployed within the on-premise environment. It can be very efficient if the customer implements and operates it effectively."

"We were able to identify criminals attempting to login from China and put a stop on their IP locations."

"Very intuitive and easy to set up."

"The product works well. Stability-wise, I rate the solution a ten out of ten."

"It improved my organization by building a security alerting program."

"The platform offers unlimited storage and agent-based solutions."

"The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."

"Trellix ESM utilizes fewer human resources and improves security and visibility."

"The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use."

"The most valuable feature is the correlation rules."

"McAfee as a whole is a good solution."

"It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints."

"The product’s most valuable feature is log monitoring."

"The support I have received from the vendor has been great."

"They should add more configuration and security features to it."

"There are certain limitations with Rapid7 that I am working on."

"The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."

"I would like the ability to adjust the threshold of certain existing alerts. Currently the only option is to change the notifications or create my own alert."

"One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level."

"The main problem lies in the processes within the client's operating systems."

"Inability to get access to compliance reports within the solution."

"InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment."

"The product is mature and needs little improvement, but we could enhance the customized dashboarding based on use cases."

"The only drawback is that they don't have any packet capturing or network behavior analysis."

"Product currently requires Flash."

"Product-wise, adding accounts on a single data source by batch would be a really great help."

"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."

"The product’s alert response feature needs improvement. It could be more flexible and secure."

"I would like to see good analytics in future releases."

"We cannot add new data sources to the most recent version."

"I rate Rapid7 InsightIDR's price a four on a scale of one to ten, where one is cheap, and ten is expensive."

"It is on a yearly basis. For our own company, for about 250 users, it was 16,000 euros a year."

"The pricing is good, and it is not very expensive."

"Rapid7 InsightIDR's pricing is reasonable but we have challenges with the Minimum Order Quantity. It is not reasonable for customers who have less than one hundred devices. If they can reduce Minimum Order Quantity, it is good. You have to pay around 5000-6000 dollars per year for the product. The pricing includes maintenance and support costs."

"The pricing and licensing are competitive."

"Rapid7 InsightIDR is a cheaply priced product. On a scale of one to ten, where one is very expensive, and ten is very cheap, I rate the product's price at seven or eight."

"​Accurately predict your licensing counts as this is a subscription based product.​"

"Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's also a provide-your-own-S3 option for longer retention if you don't want to pay for the additional retention years in your Rapid7 agreement."

"When compared to IBM Security QRadar and other similar platforms, the pricing of McAfee ESM is reasonable and comparatively less expensive."

"The price is good. It's moderate. We follow a pay-as-you-go model. There are different models available, and they can also be monthly. You can choose monthly or yearly. It's very flexible. If our existing customers exceed the current plan, you can just call McAfee and get it extended."

"The cost is all included. The finance department handles the financial part, and we mostly don't get involved in it."

"We pay for our licensing fees on a yearly basis, and there are no costs in addition to the standard licensing fees."

"McAfee is the right choice for a low-budget solution."

"You should buy the distributed option instead of the all-in-one for environments with more than 1000 end points."

"The product is slightly expensive."

"The price of McAfee ESM is higher than some of the other solutions. There are additional features that can be added at an additional fee."