I am using Rapid7 InsightIDR as an InsightIDR solution. This tool is integrated with other solutions like endpoint and NDR, and it correlates alerts, giving me a comprehensive picture of the alerts.

The platform offers unlimited storage and agent-based solutions. I have user behavior analytics (UBA) and MITRE ATT&CK as well. The user behavior analytics feature helps in enhancing the security posture by helping to identify user behaviors and engineering alerts based on them.

There is a future in AI with Rapid7, however, it is not fully operated. There are certain limitations with Rapid7 that I am working on. I have already opened a list of features with Rapid7, and they are working on it.

I have been using Rapid7 InsightIDR for about two years.

So far, I have not had any performance issues with Rapid7 InsightIDR. It is working well, and I have not faced any downtime in the last two years.

Every product has some limitations, and Rapid7 is no exception, yet it is working for me perfectly right now.

I rate their technical team 8.5 out of ten, which is pretty good.

Positive

Currently, I am not working with the LogRhythm solution. I have another SIEM solution in place. Previously, three years back, I was working with LogRhythm, however, now I do not.

The initial setup was straightforward, and I did not face any complexities during the setup of the IDR product.

The incident response time is good, and I can easily find or search any incident. I easily build the queries in Rapid7 and search my relevant logs or relevant investigation logs.

I have EDR, XDR, NDR, TLP, and many other solutions like these.

I definitely recommend Rapid7 InsightIDR. It is becoming better, with improvements being continuously made to the product. 

Right now, I do not have any advice about Rapid7 for other users because every organization or user has different criteria or multiple use cases, so I refrain from commenting on that. I rate the overall solution seven out of ten.

The solution lacks an AI-driven capability. While other competitors emphasize AI as the most important feature.

I have been using Rapid7 InsightIDR as a distributor for seven years.

The product's stability is high. I rate the solution’s stability an eight out of ten.

Due to its cloud-based nature and numerous agents, its scalability is high. This, combined with its on-premise environment, ensures rapid performance. It can handle several thousand. It is best suited for large-scale businesses.

Support is slow. I'm not satisfied with the support so far.

Neutral

Due to the product's complexity, the initial setup can be challenging. Additionally, setting up the product and training the customer can be quite demanding. Deploying the appliance or sensor on-premises can take up to twelve months.

The product pricing is very cheap.

InsightIDR automates everything through InsightConnect in a seven-day cycle.

The product has improved significantly since its inception. However, based on feedback I've received from other products in the market, aside from InsightIDR.

It improved because several sensors are deployed within the on-premise environment. It can be very efficient if the customer implements and operates it effectively. 

If you combine it with InsightIDR, then it may become more compact. Maybe IBM was a bit larger. So, having MDR is the main key point for this product.

Overall, I rate the solution a four out of ten.

Our company is a system integrator for Rapid7 InsightIDR. We use the latest SaaS version of the product. Rapid7 InsightIDR works as the foundation of the security operation center in our company. The solution is used in our organization for data ingesting for multiple security devices and solutions. Rapid7 InsightIDR provides insights and stability on the security aspects of the company. 

The unconventional detection rules of Rapid7 InsightIDR are quite beneficial. The solution provides satisfying native integration features. 

The searching feature in Rapid7 InsightIDR needs to evolve. For instance, when pursuing an incident handling task, extensive searching is required, and the solution's own query language can only be used. In situations similar to the aforementioned example, the solution becomes difficult to use. It would be interesting if the vendor could make the search feature like the Google search engine. 

I have been working with Rapid7 InsightIDR for three years. 

Overall, the solution is stable enough. I would rate the stability a nine out of ten. 

The product's scalability seems good enough. In our company, we are able to manage a couple of thousand devices comfortably using only one single tenant.

Through our company, thousands of users are using the interface of Rapid7 InsightIDR to process data and check incidents. I have implemented data ingestion for couple of thousand devices that include virtual machines, switches, routers and firewalls.

For all the aforementioned devices we haven't faced any issues in our company. Rapid7 InsightIDR is used in our company, majorly for medium and enterprise grade customers, where some enterprises have more than 5000 employees and some less than that. 

Our company mostly receives fast and suitable support from Rapid7 InsightIDR, but sometimes the response arrives quite slow. I would rate the technical support a seven out of ten. 

Neutral

I would rate the initial setup a nine out of ten. It's quite straightforward to put the solution to work. Once Rapid7 InsightIDR activates the tenant, the deployment process becomes straightforward. In our company, we just download the agents and install them in the customers' virtual machines.

Following the aforementioned step, some integration with Azure Entra ID authentication services or on-prem authentication is required. Thus, some base integration is required for login data. For the final stage of deployment, as part of the company, we configure a couple of customizations for the detection rules to start ingesting data; the niche customizations can be performed easily for the use cases. 

In our company we have an engineering deployment team who are highly skilled in setup processes. For client companies with less than 500 devices, usually one full-time engineer is enough for the deployment. For clients with 500 devices, when we at our company use automation to deploy the agents, it takes only a couple of days to finish the deployment process. 

The solution has a mid-range price point in the market. The licensing cost depends on the customer size and the negotiation on whether to add IVM. There are multiple add-ons to the base licensing fee, we use them only for specific customers of our organization. The additional licenses increase the pricing drastically, so we try to stick with the base license at our company. 

At our company, along with Rapid7 InsightIDR we use multiple cloud providers like Azure, Google, Oracle and AWS infrastructure to ingest data. 

I would advise others to select a reliable system integrator to implement Rapid7 InsightIDR for the correct use cases or business needs. The solution is satisfying, but there are multiple other solutions in the market, and having a partner can help a customer explore all the options before adopting one. Overall, I would rate Rapid7 InsightIDR an eight out of ten. 

We use the tool for deployment, incorporating both EDR and SIP management. It serves the purpose of event management, including log retrieval from endpoints, malware detection, and providing about system health. This includes assessing vulnerabilities and determining the level of risk the system is exposed to at specific points in time. Its dashboard is wonderful. 

We use Rapid InsightIDR for security operations, threat response, and DFIR. It also provides lab practices to individuals. 

During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an application belongs to a known ransomware group.  The system rates the threat, offering a clear detection ratio, such as 97 out of 100. It not only identifies threats but also illustrates the associated behaviors, helping us understand the potential risk to a particular endpoint.

It provides user entity behavior analysis and a threat intelligence framework, combining SIEM and EDR for automation. My experience with user behavior analytics is positive and wonderful. It allows fetching logs, managing users, and overseeing endpoints. The capability to conduct investigations and import applications, along with configuring endpoints by collecting data, adds to its functionality. The platform offers a variety of features, including a dashboard for new alerts. This dashboard provides a quick overview of the number of users, endpoints, and noticeable behaviors. 

The solution needs improvement in threat intelligence. Increasing the depth of intelligence to help users understand more about threats is a possibility. My suggestion is to expand access to other websites or resources. 

I have been using the product for more than three years. 

I rate the product's stability a nine out of ten.

I rate the tool's scalability a nine out of ten. 

The initial setup is easy. It involves tasks such as data collection, onboarding, and downloading, making the process straightforward for clients. You can deploy it on mobile devices as well. It offers deployment options for iPhone users and Windows. 

In one instance, we faced a threat from the DarkSide ransomware, known for its ability to execute without requiring administration privileges, including a privilege escalation part. This particular ransomware was embedded in an Excel file, and it didn't need any administrative privileges for execution. The hackers cleverly concealed the DarkSide ransomware within an Excel file. When an unsuspecting team member tried to open the file, an alert indicated the malicious nature of the Excel file.

The employee was unaware that the  Excel file contained a ransomware threat. As security personnel monitoring the endpoint received an alert, they immediately contacted the individual, notifying them about the presence of the DarkSide ransomware. The security team advised against opening the file and guiding the user to delete it.

I cannot compare Rapid7 InsightIDR with other tools directly because it has integrated both EDR and SIM. It combines these functionalities into an XDR platform, operating at a different level compared to other services. Additionally, the network analysis provided is wonderful.

The product is easy to use and easy to understand. It is lightweight. I rate it a nine out of ten.

I recommend it for easy deployment, enabling swift detection from endpoints to the cloud. This accelerates security orchestration across various environments and endpoints, aiding in risk mitigation within hybrid environments. The system is valuable for discovering new threats and offers exposure management to enhance understanding of the entire security operation.

The most valuable feature of the product for managing security events stems from the fact that the product's intelligence part is very good since it offers its own threat intelligence and vulnerability management platform. The tool also has its own cloud security posture management platform. The tool also is a dynamic application security testing platform. The aforementioned tools fall under Rapid7 InsightIDR's kitty. The intelligence and the data that Rapid7 gathers from customers across the globe enrich the quality of its detection capabilities. All other tools in the market depend on third-party solutions for intelligence. Rapid7 InsightIDr has the intelligence part natively available within the product, giving it a good edge over other vendors.

I believe that Rapid7 InsightIDR has moved to a complete cloud-first strategy. The tools offered by Rapid7 InsightIDR are amazing. The product should have provided some capabilities to users who wanted to stay or use the tool's on-premises version, as it would have provided the solution with more acceptance in the market, especially in the Middle East region.

It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required.

I have been using Rapid7 InsightIDR for three to four years.

As I haven't heard any complaints about the product, I rate the solution's stability a nine out of ten.

Scalability-wise, I rate the solution a ten out of ten. As a cloud tool, the product is highly scalable.

The product is meant for medium-sized customers and large enterprises and not for corporate or government organizations since the product is available only on the cloud. Customers who have the privilege of using cloud solutions can use Rapid7 InsightIDR. Cloud solutions' use is less in government spaces in the Middle East region since there are some regulations to use cloud-based products. In the private space, I feel that Rapid7 InsightIDR is considered to be a fairly strong product.

It is difficult for enterprise businesses to use the solution, especially the ones regulated by governments. There are no problems with the solution when it comes to a private company or a private enterprise. I think Rapid7 InsightIDR provides the best tools. The tool won't work for you if you are not allowed to use a public cloud.

I rate the technical support a six to seven out of ten.

Neutral

The tool has improved the efficiency of security incident detection and response in our company as it works fairly well. It is possible to enhance the capabilities of the platform since the solution offers a whole stack or suite of tools. When dealing with Rapid7 InsightIDR, you will see the integration capabilities offered are extremely seamless. Rapid7 InsightIDR offers its own set of features that enrich the capabilities of the vulnerability management tool. In general, the product's features increase the solution's overall capabilities in terms of reporting and detection of vulnerabilities.

I can't remember a scenario where the product was effective in threat hunting or investigation. Rapid7 InsightIDR is a very acceptable product for people who want a cloud-based solution. The product is not available on an on-premises version. The product can be useful for industries ranging from SMBs to large-sized companies where there is a need for a tool that can be very easily rolled out at a very effective and attractive price point that gives them very good coverage from a cybersecurity perspective.

Speaking about how the product has enhanced the security posture in our company, I would say that I am not really sure about the capabilities of the UABA part of the solution since I haven't seen many use cases around it.

Rapid7 InsightIDR mean time-to-detect and mean time-to-respond are fairly good because Rapid7's support team does pick up a ticket whenever it is raised from the users' end, but its mean time-to-resolve has some concerns since some of the tools under Rapid7 are available on an on-premises model. In specific to InsightIDR, I think that everything is very good, including areas like detection, MTTD, and MTTR, which are very good in InsightIDR specifically. The product can improve a bit in the area of MTTD and MTTR.

Rapid7 InsightIDR's integration capabilities with other tools are not an area I have experience with since the product is completely available on the cloud. I believe that whatever integrations users want from the product would work since it is a solution that is available on the cloud. I don't have personal experience with the integration part.

I rate the overall tool a seven out of ten.

It’s a great tool. The solution helps us a lot in threat detection. It’s one of the most updated tools. The UI is very good. We can easily start using the tool and explore it. It also provides features like legacy UBA that other products do not provide. We can customize the rules from the default template in InsightIDR. UBA is a great feature.

When a new user is created in Active Directory, an investigation is created. We can use the default features to create an investigation. The solution has many advanced features and default templates that help protect from attacks without a user’s intervention. It is quite impressive.

The product allows us to make only 30 custom rules. The limit on custom rules must be changed.

I have been working with the product for two months.

We have deployed the solution in 28 offices. We are using the basic features for now.

The initial setup is straightforward.

We chose Rapid7 because of its price. IBM QRadar charges us based on data storage. Rapid7 InsightIDR charges us based on the endpoints we connect to. We are satisfied with the product’s price.

I have used IBM QRadar, Splunk, and Sentinel. We use Splunk in our offices, too. Compared to other products, Rapid7 InsightIDR’s UI is very good. It is very easy to handle. We are working with the tool currently and are quite satisfied with it.

Overall, I rate the solution a nine out of ten.

Rapid7 InsightIDR helps me detect any malicious activities in any endpoints in my company.

I have seen that Rapid7 InsightIDR provides security to the networks and endpoints in the company.

With Rapid7 InsightIDR, you must install the Insight Agent, after which you may get to see some of the risks affecting endpoints.

The integration capabilities of the solution have certain shortcomings where improvements are required.

If possible, it would be great to see AI embedded in all the functionalities offered by the product.

I have been using Rapid7 InsightIDR for four years. I use the solution's latest version since the version gets automatically updated as it is a cloud-based tool. I work as a distributor of the product.

Stability-wise, I rate the solution an eight out of ten.

It is a scalable solution. Scalability-wise, I rate the solution an eight out of ten.

The time required to complete the product's installation phase depends on the number of endpoints that a user has in their environment. Insight Agent can be deployed in a couple of minutes.

Five engineers in my company take care of the deployment phase of Rapid7 InsightIDR.

The solution is deployed on the public cloud services offered by AWS.

Rapid7 InsightIDR is a cheaply priced product. On a scale of one to ten, where one is very expensive, and ten is very cheap, I rate the product's price at seven or eight.

I did not evaluate any other options in the market against Rapid7 InsightIDR.

I have never been involved with any maintenance process related to Rapid7 InsightIDR.

To those who plan to use the solution, I suggest that they undertake a training program to understand the product.

I rate the overall tool an eight out of ten.

Normally, we use the solution as an event viewer to collect and resume cases and playbooks.

The main problem lies in the processes within the client's operating systems. XDR is superior to CMs. Observing how the processes function within the machine is essential if you are monitoring the client or servers, and not only the event with the first or second line but the third line is most important.

I've been familiar with the solution for six months.

The solution is very stable and works very well for what I need it to do. The solution is completely different in an experienced environment and a real environment.

I have worked with Wazuh before, but only to try it. Wazuh is more or less the same as Rapid7 InsightIDR.

I rate Rapid7 InsightIDR an eight out of ten.