Rapid7 InsightIDR Reviews

• Security incident
• Event management

InsightIDR has allowed us to find potential security issues that we did not know existed, and get remediation quickly.

• User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day. 
• Log search allows us to dive deep into aggregated logs and query all event types at once.

Threat Intelligence: It would be useful to import threat intelligence in YARA format along with known incorrect email addresses.

During the entire duration of use, there have been no issues noted with stability.

The log aggregation and storage provided by InsightIDR has shown no issues with scalability; aggregating over one hundred millions events daily. The only constriction point in deployment is the collectors as they are required for agentless logging. However, keeping with the documentation provided for deployment, it handles the load appropriately if the documentation is adhered to.

Among the best! Their support responds promptly. They fully resolve issues before closing tickets.

We did not use a previous solution.

The initial setup is quite straightforward and can be accomplished from their Quick Start Guide. As the platform is quite adaptable, it can continue to be expanded to add many different log types, which you may find to be a continuous process.

Accurately predict your licensing counts as this is a subscription based product.

We evaluated FireEye Helix, LogRhythm, Splunk, and IBM QRadar.

The product is a shift in paradigm being cloud-based with cloud storage. Be prepared to set up several virtual collector servers within your network, if you have a large network.

Visibility and response.

I am able to run automated actions based on the output of reports, leaving me extra time to focus on more pressing matters.

The ability to ingest Office 365 log files, then process them into events and display them on a map. This feature is particularly useful as it allows us to view students who are attempting to bypass our content filters, and it shows us users who have been phished.

Personally, I feel it would greatly benefit from more supported log sources. Additionally, the ability to tune the collector for custom logs would greatly help.

Product is cloud-based. Thus far, it has proven to be stable.

No product scales extremely well

The technical support is a solid 10 out of 10 as they take the time to answer any questions or problems which may arise in a reasonable time frame.

Initial setup was straightforward. 

I had a support engineer sit with me through the whole process over the course of three days. He was a huge help!

This is a great product. The team is very willing to work with companies. My suggestion is to call the Rapid7 sales department and see how they can help.

We did PoC with a couple of other products. However, Rapid7 InsightIDR was the best product for our needs and budget.

We evaluated LogRhythm and AlienVault. Both were inferior in regards to pricing or performance.

I was looking for a behavior analytics solution to help me monitor our users' activity and to notify of any suspicious activity.

InsightIDR was able to meet those needs and even exceed it by providing full SIEM capabilities, even for devices they don’t support directly. Most importantly, I don’t need a team of people dedicated to log collecting and sifting.

With the full suite of Rapid7 products, I am able to provide effective oversight to the information security program with measurable progress. This is a very difficult thing to measure with the ever-changing threat landscape. Dashboards, including the main screen, provide much-needed information at a glance, without hours of coding and sifting through logs to find it. In case of an actual security incident, I have faith that insightIDR has retained all logs in a secure manner that prevents log tampering as well.

InsightIDR’s ability to process millions of transactions per day, and to notify me of the most critical ones, is priceless. InsightIDR has the alerts tuned, and has the ability to quickly drill down to determine the threat level, which is very important to me as a one-person security department.

Another very important part of insightIDR is the ability to collect data from endpoint devices via agent software. With a large remote workforce, this allows visibility into the endpoints that are connected to the internet, but not to the corporate network.

I would like the ability to adjust the threshold of certain existing alerts.  Currently the only option is to change the notifications or create my own alert. 

I have not encountered any stability issues with the local collector. On the rare occasion that the cloud part of insightIDR is undergoing maintenance or having other issues, I usually receive a notification from Rapid7 before I even notice a problem.

I have not seen any issues with scalability. On average, insightIDR is processing about 60 million events per day from my environment.

The technical support folks at Rapid7 are a great bunch of folks. I haven’t had much need to contact them, but when I have they have been extremely professional and will escalate issues and suggestions to developers, if needed.

I actually purchased the predecessor, InsightUBA, which quickly changed into the insightIDR that we have today. There was no other previous solution.

Setup was extremely simple. An implementation specialist was assigned to me to help get me started and to learn my environment and challenges.

For the most part, all communications are sent to a log aggregation server. It is as simple as pointing syslogs to that server. For some, such as Active Directory and Exchange, there are plugins that are simple to install on those servers to make sure the appropriate logs are sent.

From InsightIDR, it is as simple as choosing from a list of supported log sources, or you can create a generic log source by specifying a port number. It’s that simple.

Licensing is straightforward. If, for some reason, you don’t meet the minimum licensing requirements, there is a third-party managed service that can help.

I did not consider any other options in depth. Most other options I saw required one or more full-time employees to maintain.

In the past I have made several requests and have had the opportunity to work with developers and user-interface specialists to add enhancements to the product. The effort that Rapid7 puts into the user interface, after gaining first-hand use-case information directly from us, the end users, is unprecedented.  Even when I worked for much larger companies, I did not see so many suggestions turn into reality.

Be sure to take full advantage of the agents. I have not seen any performance problems on the endpoints, and having this level of information from outside the network is difficult otherwise.

It is used to maintain our security posture by monitoring inside our network for behavior likely to be conducive with elements of the kill chain.

I was an early adopter of the product. I have seen it get better over time, making use of the data and methodologies used by the industry standard and Rapid7 Metasploit community.

We were able to identify criminals attempting to login from China and put a stop on their IP locations.

• Intelligent alerting to avoid the common problem of alert fatigue associated with traditional SIEMs.
• Great coverage of all systems within our network from endpoint to firewall.
• Integration with threat modeling from the Metasploit and InsightIDR repositories.
• Enables the use of honey pots, honey users, and honey files to monitor for suspicious patterns.

It gives all the advantages of a SIEM. However, using clever AI, it looks for patterns of behavior rather than just flooding me with all the alerts.

Although the solution has been improving continually in the time I have been using it, there could be areas of improvement. 

The one thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not.

None at all. Even as an early adopter, there were no significant issues with stability. Due to the continual improvement, I do not recall the last issue that I had with the system.

We are only a small PLC with 300 staff over six sites and two continents, so scalability has never been a major concern. However, the InsightIDR system looks to be scalable, if required.

Technical support is excellent both technically, timely, and professional throughout any incident or enhancement request.

This was our first look at a security as a single entity. After creating a threat register, we were able to mitigate over two-thirds of the threats with this one product.

It is very simple. It is a case of requesting a trial from Rapid7, then connecting the relevant logging devices, such as our AD servers or DNS servers to it and sitting back. 

Obviously, there is more to it than that, but that is the principle.

I am sure that there are cheaper products out there, but none that meet so many of our needs whilst maintaining stability and usability.

At the time, there was no other product that came close to InsightIDR feature set coupled with Rapid7's world leading security position producing other products, such as Metasploit and Nexpose (InsiteVR), which we also use.

Use it. The setup is minimal, but the payback is phenomenal.

Rapid7 InsightIDR is a cloud-based solution. Customers don't have to provision storage either internally or externally, and everything is already factored into the cost of the solution. So that takes out the headache.

The solution is very scalable in terms of the licensing model. It's not licensed based on the number of EPS as in a traditional SIEM solution. It's licensed based on the number of assets, and I believe the customers have more control over their assets than their EPS.

The solution's XDR agents cannot compete with the XDR solutions out there yet. It has to be a stand-alone XDR solution, and I know they are working on that. They have to ensure that it has the full capabilities of an XDR solution.

I have been working with Rapid7 InsightIDR for about two years.

Rapid7 InsightIDR is a stable solution.

Rapid7 InsightIDR's technical support is great and very responsive. Of course, their support depends on the SLAs.

Positive

Rapid7 InsightIDR can be up or running in a matter of hours or minutes. It takes about a week or two to deploy the solution for an enterprise account with full integration of an IT use case.

Rapid7 InsightIDR's pricing is reasonable.

Overall, I rate Rapid7 InsightIDR a nine out of ten.

We are distributors and sell this product to our customers. I'm a security consultant. 

The features for user behavior analytics and the rules for attack review are valuable. I also like the honeypot feature. It's easy to integrate and collect data from other solutions. 

I'd like to see a better ability to customize the check within the console. Rules can be customized better if the integration is improved. They now have integration with CrowdStrike so maybe they could have some kind of integration with Microsoft.

I've been using this solution for a year. 

The solution is stable.

This is a cloud-based product so it's scalable.

The technical support could be improved. We've had times when our requests get stuck with the engineering team and we sometimes don't get a response. That's a problem for us. 

Neutral

All Rapid7 solutions are easy to deploy because if you have any one of the products, the integrations between these products become easier because they have a lot of the important things within a single port. You get a single platform to visualize a lot of different kinds of data.

The pricing is very competitive because the licensing model that we use is based on endpoints which is different from most other solutions.

This solution is suited to all sizes of organizations. We generally deal with small and medium-sized companies.  

I rate this solution eight out of 10. 

Rapid7's reporting is more robust than Tenable's. 

Tenable Nessus is easier to deal with. It's more efficient and accurate. InsightIDR is heavier than Tenable in terms of performance and scanning. Rapid7 would be much easier to use if it had a network connector like Tenable. Tenable's connector allows continuous monitoring over the B caps.

I worked with InsightIDR for about two years, but I switched to Tenable Nessus around two months ago.

Rapid7's customer support is awful. They didn't respond at all. Tenable's support is always available. I didn't have to visit the customer every time they wanted to perform a scan.

InsightIDR is easy to install, but the components inside are a bit complicated. Tenable was much easier.

I rate Rapid7 InsightIDR seven out of 10. 

The solution is used as a platform for a better understanding of the Intelligence products that different vendors sell. 

Rapid7 is easy to use and deploy. It is a simple solution and has easy data pulling. 

The APIs can be further improved in Rapid7. 

I have been using Rapid7 InsightIDR for two months. 

It is stable solution. 

It is a scalable solution. Presently, there are only small businesses working with the solution. 

The technical support team is good. 

The initial setup is easy. The deployment took only half an hour. It's just a cloud platform. You just have to deploy a connector like Select Pro, and it will set the data from the on-premise. It will send it to the cloud platform, and you can have it installed in five to ten minutes.

The pricing of the solution depends on the user. But there is a yearly licensing cost. 

It is a good solution but just has some API issues. I rate the solution an eight out of ten.