No more typing reviews! Try our Samantha, our new voice AI agent.

Rapid7 InsightIDR vs WatchGuard EPDR comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Rapid7 InsightIDR
Ranking in Endpoint Detection and Response (EDR)
47th
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
32
Ranking in other categories
Security Information and Event Management (SIEM) (25th), User Entity Behavior Analytics (UEBA) (11th), Threat Deception Platforms (6th), Extended Detection and Response (XDR) (28th)
WatchGuard EPDR
Ranking in Endpoint Detection and Response (EDR)
22nd
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
38
Ranking in other categories
Endpoint Protection Platform (EPP) (16th)
 

Mindshare comparison

As of July 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of Rapid7 InsightIDR is 1.2%, up from 1.1% compared to the previous year. The mindshare of WatchGuard EPDR is 1.4%, down from 1.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.6%
WatchGuard EPDR1.4%
Rapid7 InsightIDR1.2%
Other93.8%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
SohailHyder - PeerSpot reviewer
Head Of Cyber Security at Super Secure
Has supported compliance needs for mid-sized organizations but lacks customization and advanced integration
If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as a SIEM solution is. This is where it can improve if we keep in front the feature sets of a complete SIEM solution. Most common in the market is QRadar, but it is depleting now. It has been taken over by some other products such as Splunk and LogRhythm. If we compare these things with Rapid7 InsightIDR, then there are definitely some gaps that need to be filled. Data retention is also one concern because Rapid7 InsightIDR is cloud-based and operates on a subscription model. Whatever data you want to retain, it has to be paid for separately or it has a cost. Other solutions that are on-premises can have their own infrastructure or they provide some data retention for a month or in some capacity-wise, they provide that solution to them which makes them more attractive.
NJ
Section Head, Information Technology at a transportation company with 201-500 employees
Using cloud-based console for software inventory management and email alerts
I have no idea if I use some automation functions. I can't find any disadvantages; maybe that is because many companies haven't used it. I would prefer to see some features such as AI in antivirus solutions. I appreciate reporting, but it could be better with monthly reporting or auto-generated monthly reports.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Its ability to react to cyber data attacks is awesome."
"This software helps us understand any issues that may arise when someone is not at work."
"The behavior-based detection feature is valuable."
"I don't have to do much monitoring with it; I don't have to have anybody manually looking at this, it gives us reports, and it lets us know if something needs to be addressed, and we can easily address it."
"I've found the solution to be highly scalable for enterprises."
"Based on my experience, I would recommend Cortex XDR by Palo Alto Networks to other people."
"The scalability of Cortex XDR by Palo Alto Networks is very good."
"It's a perfect solution. It integrates well into the environment."
"The solution's initial setup is easy."
"The log aggregation and storage provided by InsightIDR has shown no issues with scalability; aggregating over one hundred millions events daily."
"Intelligent alerting to avoid the common problem of alert fatigue associated with traditional SIEMs."
"Rapid7's reporting is more robust than Tenable's."
"The most valuable features have to do with ease-of-use, as it is easy to check the events, investigate suspicious activities, and do forensic analysis, and the web interface is great — very useful and user-friendly."
"The biggest reason why we chose Rapid7 was to gain value in a really quick time. Its deployment doesn't take months. It just takes a few days."
"Log search allows us to dive deep into aggregated logs and query all event types at once.​"
"I definitely recommend Rapid7 InsightIDR."
"We are very satisfied with the product."
"The deployment of Panda Security Adaptive Defense is easy and convenient."
"Technical support has always been top-notch when you can get through."
"I can put tons of load on it."
"I think there's quite a good balance in everything with WatchGuard EPDR, with tools to do things and watch what's happening, and everything is in the same tools and quite well designed or thought about how to do things, which is the reason I've been enjoying them."
"It is easy to manage."
"The product's most valuable features are the zero-trust application service and its capability to detect threats and attacks."
"I have seen some positive impact from using WatchGuard EPDR because it's less painful than the previous product we were using, has more functionality, and is easier to manage."
 

Cons

"The solution could improve by providing better integration with their own products and others."
"For Cortex XDR by Palo Alto Networks, if I had to point out improvements, I would say the UI is still somewhat difficult for beginners."
"The GUI could be improved."
"It tends to do 99.9% of things. The only thing I'd like is single sign-on authentication into their cloud platform so that my users can be properly authenticated against it."
"The solution should add unwanted malicious hash values to a block list so that whenever the action is triggered, it will automatically prevent the malicious content."
"Product might have some bugs."
"There's an overall lack of features."
"Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth."
"The dashboard is an area that could be simplified. For management, it should be clear and the files should be there."
"The product allows us to make only 30 custom rules."
"One thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not."
"Cloud risk assessment is one area where I think they need a lot of improvement."
"The main problem lies in the processes within the client's operating systems."
"Needs a better ability to customize the check within the console."
"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses.​"
"The searching feature in Rapid7 InsightIDR needs to evolve"
"The solution should have additional endpoint protection."
"Although the antivirus solution is so good that we've never suffered from an attack, we've had a few problems with false positives where they weren't correct."
"Panda Security Adaptive Defense’s stability could be improved."
"WatchGuard EPDR does have areas for improvement. One significant gap is the lack of a virtual patching feature integrated into the endpoint security. This would be particularly useful for endpoints running operating systems that are no longer supported, such as Windows 7."
"It needs improvements in its EDR and its ability to manage all the nodes. I'd like better communication between the console and the nodes, so I don't have to remote into each individual machine that's having an issue with the protection."
"They need to expand their offering of add-ons to enhance capabilities further."
"Panda is the most painful endpoint solution I've ever had to work with except SentinelOne."
"For some urgent updates, I don't like the need for the tool to be frequently restarted."
 

Pricing and Cost Advice

"Very costly product."
"I am using the Community edition."
"It's the most expensive solution, but features-wise, it's quite strong. It's very good for protection, so the results are very good in the case of protection. I would rate it a two out of ten in terms of pricing."
"Every customer has to pay for a license because it doesn't work with what you get from a managed services provider."
"I don't recall what the cost was, but it wasn't really that expensive."
"The price of the product is not very economical."
"It has a yearly renewal."
"When we first bought it, it was a bit expensive, but it was worth it. The licensing was straightforward."
"The pricing of the solution depends on the user. But there is a yearly licensing cost."
"Rapid7 InsightIDR's pricing is reasonable but we have challenges with the Minimum Order Quantity. It is not reasonable for customers who have less than one hundred devices. If they can reduce Minimum Order Quantity, it is good. You have to pay around 5000-6000 dollars per year for the product. The pricing includes maintenance and support costs."
"Rapid7 InsightIDR is a cheaply priced product. On a scale of one to ten, where one is very expensive, and ten is very cheap, I rate the product's price at seven or eight."
"The pricing is good, and it is not very expensive."
"Rapid7 InsightIDR is priced very well and is cost-effective."
"The pricing and licensing are competitive."
"Licensing is straightforward. If, for some reason, you don’t meet the minimum licensing requirements, there is a third-party managed service that can help."
"It is on a yearly basis. For our own company, for about 250 users, it was 16,000 euros a year."
"The price of this solution depends on the number of licenses that you are purchasing."
"The licensing costs are not too high. We pay about 20 Euros a year. It's a reasonable amount to pay."
"The licensing is subscription-based and priced well compared to other endpoint security solutions."
"The solution's pricing is better compared to other products."
"I don't think Panda's license is too expensive, but they're charging more than it's worth. It's a yearly license. For 1,000 endpoints, it's around $18,000."
"Customers need to pay monthly licensing costs for Panda Security Adaptive Defense, which is not expensive."
"The solution is priced well for what features it provides."
"Panda is cloud-only and comes at a reasonable cost. It is a set price per seat."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Manufacturing Company
9%
Financial Services Firm
9%
Computer Software Company
8%
Comms Service Provider
7%
Comms Service Provider
12%
Computer Software Company
10%
Manufacturing Company
7%
Financial Services Firm
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business21
Midsize Enterprise5
Large Enterprise6
By reviewers
Company SizeCount
Small Business28
Midsize Enterprise8
Large Enterprise2
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is a...
What needs improvement with Rapid7 InsightIDR?
If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as ...
What is your primary use case for Rapid7 InsightIDR?
I am working with Rapid7 InsightOps and Rapid7 InsightIDR because the requirement is as such from the customer side, ...
What needs improvement with WatchGuard EPDR?
I think there's always something that needs to be improved about WatchGuard EPDR, but I don't have something specific...
What is your primary use case for WatchGuard EPDR?
I'm talking about WatchGuard EPDR, which is endpoint protection. I try to remember if we have them in our system, and...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
InsightIDR
Panda Adaptive Defense 360
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Liberty Wines, Pioneer Telephone, Visier
Indra, Valea AB, Fineit, Aemcom, Data Solutions INC., Gloucestershire NHS, Golden Star Resources Ltd, Hispania Racing Team, Instituto Dos Museus e da ConserÊo, Escuelas Pias Provincia Emaus, Axiom Housing Association, Municipality of Bjuv, Lesedi Nuclear, Mullsj_ municipality, Eng. skolan Norr AB, Dalakraft AB, Peter Green Haulage Ltd
Find out what your peers are saying about Rapid7 InsightIDR vs. WatchGuard EPDR and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.