No more typing reviews! Try our Samantha, our new voice AI agent.

Rapid7 InsightIDR vs Vectra AI comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Extended Detection and Response (XDR)
5th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
110
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Endpoint Detection and Response (EDR) (6th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Rapid7 InsightIDR
Ranking in Extended Detection and Response (XDR)
23rd
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
32
Ranking in other categories
Security Information and Event Management (SIEM) (23rd), User Entity Behavior Analytics (UEBA) (10th), Endpoint Detection and Response (EDR) (39th), Threat Deception Platforms (6th)
Vectra AI
Ranking in Extended Detection and Response (XDR)
16th
Average Rating
8.6
Reviews Sentiment
7.0
Number of Reviews
48
Ranking in other categories
Intrusion Detection and Prevention Software (IDPS) (4th), Network Detection and Response (NDR) (2nd), Identity Threat Detection and Response (ITDR) (11th), AI-Powered Cybersecurity Platforms (8th)
 

Mindshare comparison

As of May 2026, in the Extended Detection and Response (XDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 4.7%, down from 5.1% compared to the previous year. The mindshare of Rapid7 InsightIDR is 2.1%, down from 2.3% compared to the previous year. The mindshare of Vectra AI is 2.4%, down from 2.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks4.7%
Vectra AI2.4%
Rapid7 InsightIDR2.1%
Other90.8%
Extended Detection and Response (XDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
SohailHyder - PeerSpot reviewer
Head Of Cyber Security at Super Secure
Has supported compliance needs for mid-sized organizations but lacks customization and advanced integration
If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as a SIEM solution is. This is where it can improve if we keep in front the feature sets of a complete SIEM solution. Most common in the market is QRadar, but it is depleting now. It has been taken over by some other products such as Splunk and LogRhythm. If we compare these things with Rapid7 InsightIDR, then there are definitely some gaps that need to be filled. Data retention is also one concern because Rapid7 InsightIDR is cloud-based and operates on a subscription model. Whatever data you want to retain, it has to be paid for separately or it has a cost. Other solutions that are on-premises can have their own infrastructure or they provide some data retention for a month or in some capacity-wise, they provide that solution to them which makes them more attractive.
RR
Consultant at a retailer with 5,001-10,000 employees
Threat detection has improved and malicious emails are now identified quickly
Vectra AI offers artificial intelligence capabilities with visibility that can be integrated into our day-to-day operations and other tools, including malware detection tools and cyber threat tools. Vectra AI has positively impacted my organization. Last year while using it, we received many malicious email threats and virus incidents, including a trojan virus that had reportedly been deployed by someone. Our company used Vectra AI to detect the malicious threats and viruses before they could cause more damage, and we successfully stopped the threats. Using Vectra AI, I notice that server downtime has decreased significantly. We now experience only two to three hours of downtime, whereas without Vectra AI and other tools, our downtime would exceed 48 to 72 hours.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We use it for malicious connections from malicious websites, to identify payloads that might be inside the traffic, to identify malicious processes or bugs that are running on the network, and any activities that tend to lead to data infiltration."
"Palo Alto is one of the tech vendors that always provides top-of-the-line products."
"The stability of the solution is very good, we have about 100 users on it right now, and we use it twice a week."
"The stability is pretty good except for one or two cases, and based on the performance, it's been okay with pretty high performance, no bugs or glitches, and it doesn't crash or freeze."
"Palo Alto Networks Traps improves our security posture and lowers risk by providing next-gen methods to combat against modern threats on all the major platforms."
"Automation and playbooks have helped me significantly, as Cortex Xnor's playbooks predefine the workflow of the automation, such as response processes, alert triggering, and enriching the context, efficiently detecting and blocking malicious attacks with firewalls while eliminating workload and speeding responses for next-generation operations."
"Traps is quite a stable product. Once it was properly deployed and configured, you have nothing to be worried about."
"I've found the solution to be highly scalable for enterprises."
"I rate Rapid7 nine out of 10 for affordability"
"The alerting to drive investigations and remediation has been its most valuable feature.​"
"It is a very stable solution."
"The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort through all the logs, network and endpoint data, etc., and add it to an incident case as part of the investigation, is nice. Having it automatically timeline that additional data into the original incident timeline, and correlate it to other notable events and activities on the network, results in a huge improvement in our overall confidence that we've quickly traced down the right source of an issue."
"I have seen that Rapid7 InsightIDR provides security to the networks and endpoints in the company."
"I've used other products such as QRadar and other SIEM solutions and I find this solution is much more simplified and user-friendly."
"The product works well. Stability-wise, I rate the solution a ten out of ten."
"The UI is very good."
"It has helped us to organize our security. We get a better overview on what is happening on the network, which has helped us get quicker responses to users. If we see malicious activity, then we can quickly take action on it. Previously, we weren't getting an overview as fast as we are now, so we can now provide a quicker response."
"The initial setup was pretty straightforward."
"We can sleep better."
"It has given us an increased level of confidence in our information security that we have a tool like Vectra to back up some of the incidents that could take place, knowing we are going to get them detected as quickly as possible and identified to us."
"The solution provide visibility into behaviors across the full lifecycle of an attack in our network, beyond just the Internet gateway. It makes our security operations much more effective because we are now looking not just at traffic on the border, but we're looking at east-west internal traffic. Now, not only will we see if an exploit kit is being downloaded, but we would be able to see then if that exploit kit was then laterally distributed into our environment."
"We particularly like the user experience around the dashboard, which we find to be much more straightforward than the dashboard of some of the competitive products... Vectra is a really easy system to understand and use to prioritize where we need to focus our security resources."
"It has reduced the time it takes to respond to attacks. That comes back to the proactive point. It makes us able to lower down in the kill chain, we can react now, rather than reacting to incidents that happened, we can see an instant, in some cases, as it's being implemented, or as it's being launched."
"With Vectra, we become more proactive than reactive, more often than not we pick things up before the actual damage can start, and it picks up things that none of our other tools pick up because it's designed to detect things before harm is done, at the initial stages."
 

Cons

"I would like to see them include NDR (Network Detection Response)."
"There's room for improvement with Mac device installations, which can be challenging."
"We had a problem with getting our older endpoints up to date, but their newest updates have been really good."
"Cortex does not offer an on-premises solution. However, some customers would prefer not to be on the cloud. It would be ideal if it could offer something on-prem as well."
"It's not an ideal choice for smaller businesses, as you need a minimum of 200 endpoints to even use the solution at all."
"There's an overall lack of features."
"Based on our experience so far, its implementation is quite complex."
"If he is using a smaller company, he can depend on some other tools because Cortex XDR by Palo Alto Networks is a bit expensive."
"One of the things that could be better is digital forensics. It is there, but it can be better."
"The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination)."
"InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment."
"One thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not."
"Tenable Nessus is easier to deal with. It's more efficient and accurate. InsightIDR is heavier than Tenable in terms of performance and scanning. Rapid7 would be much easier to use if it had a network connector like Tenable. Tenable's connector allows continuous monitoring over the B caps."
"The product allows us to make only 30 custom rules."
"The ability to tune the collector for custom logs would greatly help."
"Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries."
"The reporting from Cognito Detect is very limited and doesn't give you too many options. If I want to prepare a customized report on a particular host, even though I see the data, I have to manually prepare the report. The reporting features that are built into the tool are not very helpful."
"I would like more integrations with IOCs and threats currently on the Internet. I would also like to know which threats are based on zero-day attacks, current botnets, etc."
"Integration with other security components needs improvement. It should have true integration as opposed to just being a separate pane of glass."
"One thing which I have found where there could be improvement is with regard to the architecture, a little bit: how the brains and sensors function."
"We are using SMB 3.0, which is an encrypted protocol. When we get some alerts or something, we cannot go deep into the protocol to see what's wrong because it's encrypted. We need to decrypt the protocol in another way, which is quite difficult. We might go back to SMB 2.0 just for this reason, but that's not a good solution."
"In comparison with a lot of systems I used in the past, the false positives are really a burden because they are taking a lot of time at this moment."
"One of the things I am not so happy about when it comes to Vectra is the scoring board."
"Vectra AI could be improved by focusing on all threat types, not only malicious threats or virus threats."
 

Pricing and Cost Advice

"I don't recall what the cost was, but it wasn't really that expensive."
"Very costly product."
"Cortex XDR by Palo Alto Networks is quite an expensive solution."
"Licensing for Palo Alto Networks Cortex XDR can be costly, especially when it comes to a hundred users. A license is required for each user, and the subscription must be renewed on a yearly basis."
"It has reasonable pricing for the use cases it provides to the company."
"It's way too expensive, but security is expensive. You pay for your licensing, and then you pay for someone to monitor the stuff."
"The pricing seems fair, and I do like the licensing model. You use wherever they are, and it is elastic."
"Compared to CrowdStrike, Cortex XDR is an expensive solution."
"The pricing of the solution depends on the user. But there is a yearly licensing cost."
"I rate Rapid7 InsightIDR's price a four on a scale of one to ten, where one is cheap, and ten is expensive."
"Rapid7 InsightIDR is a cheaply priced product. On a scale of one to ten, where one is very expensive, and ten is very cheap, I rate the product's price at seven or eight."
"Rapid7 InsightIDR charges us based on the endpoints we connect to."
"The solution has a mid-range price point in the market"
"It is on a yearly basis. For our own company, for about 250 users, it was 16,000 euros a year."
"The pricing is good, and it is not very expensive."
"​I am sure that there are cheaper products out there, but none that meet so many of our needs whilst maintaining stability and usability.​"
"We have a desire to increase our use. However, it all comes down to budget. It's a very expensive tool that is very difficult to prove business support for. We would like to have two separate networks. We have our corporate network and PCI network, which is segregated due to payment processing. We don't have it for deployed in the PCI network. It would be good to have it fully deployed there to provide us with additional monitoring and control, but the cost associated with their licensing model makes it prohibitively expensive to deploy."
"Its cost is too much. It's an investment that we can afford. It's a lot, but it's worth it."
"The licensing is on an annual basis."
"It's relatively on the pricier side, but when compared to other solutions. It's not the most budget-friendly option, but it can be considered somewhat more cost-effective in comparison to other alternatives."
"The upfront pricing model that we have would have been more beneficial if it had been a recurring license fee, but that wasn't a massive issue for us. It's fairly priced."
"We are running at about 90,000 pounds per year. The solution is a licensed cost. The hardware that they gave us was pretty much next to nothing. It is the license that we're paying for."
"Their licensing model is antiquated. I'm not a fan of their licensing model. We have to pay for licensing based on four different things. You have to pay based on the number of unique IPs, the number of logs that we send through Recall and Stream, and the size of our environment. They need to simplify their licensing down to just one thing. It should be based on the amount of data, the number of devices, or something else, but there should be just one thing for everything. That's what they need to base their licensing on. Cost-wise, they're not cheap. They were definitely the most expensive option, but you get what you pay for. They're not the cheapest option."
"From a pricing perspective, they are very commercially competitive. From a licensing perspective, just be conscious that some of their future cloud solutions come with additional subscriptions. Also, if you're outside of the US, you will get charged freight for the device back to your country."
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
893,438 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
12%
Construction Company
12%
Comms Service Provider
9%
Manufacturing Company
8%
Financial Services Firm
9%
Manufacturing Company
9%
Computer Software Company
9%
Comms Service Provider
7%
Financial Services Firm
10%
Computer Software Company
8%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise20
Large Enterprise49
By reviewers
Company SizeCount
Small Business21
Midsize Enterprise5
Large Enterprise6
By reviewers
Company SizeCount
Small Business10
Midsize Enterprise10
Large Enterprise29
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is a...
What needs improvement with Rapid7 InsightIDR?
If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as ...
What do you like most about Vectra AI?
The solution is currently used as a central threat detection and response system.
What is your experience regarding pricing and costs for Vectra AI?
It is very acceptable when you compare it with Darktrace, for example.
What needs improvement with Vectra AI?
Vectra AI could be improved by focusing on all threat types, not only malicious threats or virus threats. All threats...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
InsightIDR
Vectra Networks, Vectra AI NDR
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Liberty Wines, Pioneer Telephone, Visier
Tribune Media Group, Barry University, Aruba Networks, Good Technology, Riverbed, Santa Clara University, Securities Exchange, Tri-State Generation and Transmission Association
Find out what your peers are saying about Rapid7 InsightIDR vs. Vectra AI and other solutions. Updated: April 2026.
893,438 professionals have used our research since 2012.