Rapid7 InsightIDR Reviews

I use it to track events on our infrastructure to help with secure access and detection. We have many firewalls and antivirus DHCP (The Dynamic Host Configuration Protocol) DNS (Domain Name System), logs of Office 365, et cetera. We use this software to monitor and track our traffic and usage by creating logs.  

The most valuable features have to do with ease-of-use. It is easy to check the events, investigate suspicious activities, and do forensic analysis. The web interface is great — very useful and user-friendly.  

The only thing I can think of to improve the product is that the interface for doing investigation needs to be enhanced. For example, we can add notes through the interface, but we can not attach files to the investigation. It would be a useful addition. It would give us more flexibility to resolve more complicated situations. 

I have been using this solution for about six months.  

This solution is stable. Because it is a software as a service product, when any bugs appear, the manufacturer can correct the problems quickly and deploy the solutions immediately. This is better than other solutions on-premises that we would need to install an upgrade to resolve any bugs or other issues.  

Because this is a software as a service solution, the provider manages the scalability. It has never been an issue from our end.  

The setup for the product was straightforward.  

Although we did do the deployments by ourselves, we did it with some support from the provider, but it was easy to deploy.  

On a scale from one to ten where one is the worst and ten is the best, I would rate this product as a nine-out-of-ten. It is very good but it could be better with a few details that would improve the utility of the investigations interface.  

We use this solution to develop our business and we also provide it to some of our customers. The primary use case is for security information and event management, monitoring and acting on any event. 

The solution is very intuitive, it's easy to set up, is absolutely stable, and has a lot of integration with other security products.

I'd like to see a mobile application included and some feature related to the generality of segregation for internal users that access the application.

This solution is absolutely stable. 

This solution is scalable. 

The technical support is very good and respond quickly when there is a problem.

The initial setup is reasonably straightforward, it takes a few hours. We've deployed it for 10 different clients and we have several engineers and eight certified technical staff that carry out implementation. 

You can scale the license as needed. It's really easy to update and upgrade.

The solution is used as a platform for a better understanding of the Intelligence products that different vendors sell. 

Rapid7 is easy to use and deploy. It is a simple solution and has easy data pulling. 

The APIs can be further improved in Rapid7. 

I have been using Rapid7 InsightIDR for two months. 

It is stable solution. 

It is a scalable solution. Presently, there are only small businesses working with the solution. 

The technical support team is good. 

The initial setup is easy. The deployment took only half an hour. It's just a cloud platform. You just have to deploy a connector like Select Pro, and it will set the data from the on-premise. It will send it to the cloud platform, and you can have it installed in five to ten minutes.

The pricing of the solution depends on the user. But there is a yearly licensing cost. 

It is a good solution but just has some API issues. I rate the solution an eight out of ten. 

We use this solution for monitoring intrusion detection and prevention.

The most valuable feature is monitoring.

The dashboard is an area that could be simplified.  For management, it should be clear and the files should be there.

I have only recently started using this solution. It's been a couple of months.

I believe that we are using th latest version.

It is very stable.

It's a scalable solution. We have more than 1,000 users and we plan to continue using it.

We have not had the need to contact technical support.

Previously, we were using another solution. We changed because the price was completely suitable.

The initial setup was straightforward. It was simple.

We have a team of four to deploy and maintain this solution.

It is a reasonably priced solution.

I am not able to recommend this solution at this time. I don't know it well enough yet. Similarly, it is difficult to say at this time what needs to be improved. We need more time to explore.

I would rate this solution a seven out of ten, only because I have recently started using it.

We primarily use the solution for a combination of log management as well as threat detection.

The ease of use of the solution is excellent.

The individual setup is great. You can set it up and get it going in a short amount of time.

They have one agent for Insight where, basically, we can also install agents on Linux and Windows Servers as well as the endpoints. This agent provides for more capabilities in terms of threat detection. Normally, SIEM is more centered around log management and data mining. It's nice to have this extra layer. 

If you look at the agent part, the Insight agent, which is an optional component of InsightIDR, that agent also helps us to detect more threats, due to the fact that the endpoints are also vulnerable to a lot of security breaches. 

If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities.

Earlier they didn't have a network flow capture product, so they were not able to capture the network flows. We were able to capture the logs but not the network flows. Now, they have acquired a company called NetFort, and now they are also using the capture network flows. This was one of the shortcomings of the product which they have now rectified after acquisition of the company.

Cloud risk assessment is one area where I think they need a lot of improvement.

The solution should have a CIS Benchmark in terms of, I would say, config change detection.

I've been using the solution for about one year.

Since it is on cloud, so we need to just provision the collectors, which is like a sensor that captures logs on-premise and sends it to their cloud, the metadata. We are able to scale more. The scalability is high. There is no issue related to redundancy or high availability. Since it is on cloud, it is taken care of from their data center.

The solution is more suited towards larger enterprises, and not really ideal for smaller companies.

The technical support is good. They follow and adhere to their SLA terms. Based on the customer's needs, they can go with a higher level of support. Based on their standard support, they adhere to whatever is their SLA terms are and they are typically good enough. There's no complaints of any lag in service. They do a good job.

I've used other products such as QRadar and other SIEM solutions and I find this solution is much more simplified and user-friendly. Their DNA is also really in security, which they can feed quite effectively into their SIEM. They understand security far better than other OEMs.

The initial setup is not complex. It's straightforward. Deployment takes less than two weeks. It is based on the customer's environment, however, on average, you can assume it will take one to two weeks. You only need about two to three people to handle the deployment.

We're an integrator for Rapid7. We handle deployments for our customers.

If you look at any other SIEM solution, the license is based on events per second or EPS based licensing. Here, the licensing is the number of assets, and the number of days the log would be retained on their cloud. That is one of the huge differences between this solution and the competition.

We are solution partners.

The solution has a console with everything on the cloud, however, only the centers, the log collectors, are on-premise. This solution is actually cloud-based.

People who want a solution, a very simplified and easy to start, and then they want to start immediately on a solution with fewer complications, so those would be the right customers. You can say SME, mid and large actually, but I think mid and large enterprises would be the right fitment.

I would recommend the solution. Rapid7's professional services, including their planning, architecture, deployment, et cetera is up to the mark. I would recommend having a few workdays, in the initial planning stage, maybe for assessment of the solution and to take some time to understand everything before beginning. New users should reach out to their Rapid7 professional services for the planning portion of the implementation process.

I would rate the solution eight out of ten.