2018-04-22T07:58:00Z
it_user434868 - PeerSpot reviewer
Senior Director of Delivery at a tech services company with 51-200 employees
  • 0
  • 73

What needs improvement with Rapid7 InsightIDR?

Please share with the community what you think needs improvement with Rapid7 InsightIDR.

What are its weaknesses? What would you like to see changed in a future version?

10
PeerSpot user
10 Answers
SamiAyyash - PeerSpot reviewer
Threat Intelligence Engineer at a tech services company with 11-50 employees
Reseller
Top 10
2022-10-05T13:43:30Z
Oct 5, 2022

Tenable Nessus is easier to deal with. It's more efficient and accurate. InsightIDR is heavier than Tenable in terms of performance and scanning. Rapid7 would be much easier to use if it had a network connector like Tenable. Tenable's connector allows continuous monitoring over the B caps.

Search for a product comparison
BR
Security Officer at a tech consulting company with 51-200 employees
Real User
Top 5
2022-08-12T15:45:45Z
Aug 12, 2022

One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level. It could have intelligence. It is available as a separate product but not as a part of the platform itself.

KimeangSuon - PeerSpot reviewer
Pre-Sale Consultant at Yip In Tsoi Co., LTD.
Real User
Top 5Leaderboard
2021-10-13T12:20:00Z
Oct 13, 2021

InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment. So it's a challenge to get the customer to see the benefits of a cloud-based product in terms of ROI. If they switch to a cloud application, they won't have to pay for hardware maintenance or inventory. So with the next update, the customers want to see how it applies to their environment and its advantages over on-premise solutions.

Midhun Kumar - PeerSpot reviewer
Head of Infrastructure at Pearl Data Direct
Real User
Top 10
2021-09-08T16:38:09Z
Sep 8, 2021

I'd like to be able to get the compliance report within the solution which is currently not possible. For example, the P-Series was around 77001 compliance report of your SIEM solution. That option is unfortunately not available.

Davide Baudanza - PeerSpot reviewer
CoFounder & Head of Technology at intuity
Real User
Top 5
2021-07-21T17:38:17Z
Jul 21, 2021

I'd like to see a mobile application included and some feature related to the generality of segregation for internal users that access the application.

OS
Linux admin at a wholesaler/distributor with 51-200 employees
Real User
Top 5
2021-04-05T12:07:13Z
Apr 5, 2021

The dashboard is an area that could be simplified. For management, it should be clear and the files should be there.

Find out what your peers are saying about Rapid7, Splunk, Microsoft and others in Security Information and Event Management (SIEM). Updated: November 2022.
655,113 professionals have used our research since 2012.
AS
Enterprise Sales at a tech vendor with 11-50 employees
Real User
2020-07-19T08:15:52Z
Jul 19, 2020

Earlier they didn't have a network flow capture product, so they were not able to capture the network flows. We were able to capture the logs but not the network flows. Now, they have acquired a company called NetFort, and now they are also using the capture network flows. This was one of the shortcomings of the product which they have now rectified after acquisition of the company. Cloud risk assessment is one area where I think they need a lot of improvement. The solution should have a CIS Benchmark in terms of, I would say, config change detection.

JS
IT Engineer Security Operation Team at a tech services company with 201-500 employees
Real User
2020-01-07T06:27:00Z
Jan 7, 2020

The only thing I can think of to improve the product is that the interface for doing investigation needs to be enhanced. For example, we can add notes through the interface, but we can not attach files to the investigation. It would be a useful addition. It would give us more flexibility to resolve more complicated situations.

PD
Information Security Manager at a tech vendor with 51-200 employees
Real User
2018-10-02T19:05:00Z
Oct 2, 2018

The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user and a separate table or group by destination. But I'd be more interested in where a person was logging into instead of who was logging in or where he was logging in.

NJ
Security Manager
Real User
2018-04-22T07:58:00Z
Apr 22, 2018

Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition.

Related Questions
Navin Rehnius - PeerSpot reviewer
Security Engineer at a tech services company with 201-500 employees
Aug 2, 2021
What is the difference between Incident Detection Response (IDR) e.g. in Rapid7 InsightIDR and Endpoint Detection and Response (EDR) in other solutions? Thanks.
See 1 answer
John Rendy - PeerSpot reviewer
CTO at Systema Global Solusindo
Aug 2, 2021
Hi @Navin Rehnius, The IDR focus is on the correlation of the host system vulnerability with the exploit activity. In a way, it will classify if an exploit or attack event is most potentially an incident.  However, IDR works by scanning the whole segment of the target hosts while EDR is running continuously at the endpoint level. With the correct implementation of EDR, you could actually correlate EDR events with vulnerability assessment information and achieve the same objectives of IDR. 
Navin Rehnius - PeerSpot reviewer
Security Engineer at a tech services company with 201-500 employees
Feb 15, 2022
Hello, Is Rapid7 InsightIDR an efficient solution (to be used in SOC as an analysis tool) in comparison with other SIEM products, such as IBM QRadar, Splunk, and LogRhythm NextGen SIEM?
2 out of 3 answers
PrasanthPrasad - PeerSpot reviewer
Product Manager at Spire Solutions
Aug 10, 2021
Of course.  If you look at Gartner's 2020 Magic Quadrant for SIEM solutions, you will see that Rapid 7 is even ahead of LogRhythm.  If you look at the 2021 Quadrant, you can see that some players, while are losing their ground in the leaders' Quadrant (like LogRhythm), Rapid 7 has maintained a position in the leaders' quadrant.  Feel free to reach out to me for any support to help get you moving on this decision. 
John Rendy - PeerSpot reviewer
CTO at Systema Global Solusindo
Aug 12, 2021
No, Navin,  The use of SIEM products will focus a lot broader on managing all sources of target systems log integration and correlation, while InsightIDR will work best with existing Rapid7 solutions.  Alternatively, several SIEM would have a plugin to integrate VA result into the repository, providing assets classification and prioritization based on the vulnerability result from Rapid7.
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 12, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top User Behavior Analytics - UEBA Tools...
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 12, 2022
Top 7 User Behavior Analytics (UEBA) Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Download Free Report
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about Rapid7, Splunk, Microsoft, and more! Updated: November 2022.
DOWNLOAD NOW
655,113 professionals have used our research since 2012.