Our company is a system integrator for Rapid7 InsightIDR. We use the latest SaaS version of the product. Rapid7 InsightIDR works as the foundation of the security operation center in our company. The solution is used in our organization for data ingesting for multiple security devices and solutions. Rapid7 InsightIDR provides insights and stability on the security aspects of the company. 

The unconventional detection rules of Rapid7 InsightIDR are quite beneficial. The solution provides satisfying native integration features. 

The searching feature in Rapid7 InsightIDR needs to evolve. For instance, when pursuing an incident handling task, extensive searching is required, and the solution's own query language can only be used. In situations similar to the aforementioned example, the solution becomes difficult to use. It would be interesting if the vendor could make the search feature like the Google search engine. 

I have been working with Rapid7 InsightIDR for three years. 

Overall, the solution is stable enough. I would rate the stability a nine out of ten. 

The product's scalability seems good enough. In our company, we are able to manage a couple of thousand devices comfortably using only one single tenant.

Through our company, thousands of users are using the interface of Rapid7 InsightIDR to process data and check incidents. I have implemented data ingestion for couple of thousand devices that include virtual machines, switches, routers and firewalls.

For all the aforementioned devices we haven't faced any issues in our company. Rapid7 InsightIDR is used in our company, majorly for medium and enterprise grade customers, where some enterprises have more than 5000 employees and some less than that. 

Our company mostly receives fast and suitable support from Rapid7 InsightIDR, but sometimes the response arrives quite slow. I would rate the technical support a seven out of ten. 

Neutral

I would rate the initial setup a nine out of ten. It's quite straightforward to put the solution to work. Once Rapid7 InsightIDR activates the tenant, the deployment process becomes straightforward. In our company, we just download the agents and install them in the customers' virtual machines.

Following the aforementioned step, some integration with Azure Entra ID authentication services or on-prem authentication is required. Thus, some base integration is required for login data. For the final stage of deployment, as part of the company, we configure a couple of customizations for the detection rules to start ingesting data; the niche customizations can be performed easily for the use cases. 

In our company we have an engineering deployment team who are highly skilled in setup processes. For client companies with less than 500 devices, usually one full-time engineer is enough for the deployment. For clients with 500 devices, when we at our company use automation to deploy the agents, it takes only a couple of days to finish the deployment process. 

The solution has a mid-range price point in the market. The licensing cost depends on the customer size and the negotiation on whether to add IVM. There are multiple add-ons to the base licensing fee, we use them only for specific customers of our organization. The additional licenses increase the pricing drastically, so we try to stick with the base license at our company. 

At our company, along with Rapid7 InsightIDR we use multiple cloud providers like Azure, Google, Oracle and AWS infrastructure to ingest data. 

I would advise others to select a reliable system integrator to implement Rapid7 InsightIDR for the correct use cases or business needs. The solution is satisfying, but there are multiple other solutions in the market, and having a partner can help a customer explore all the options before adopting one. Overall, I would rate Rapid7 InsightIDR an eight out of ten. 

Rapid7 InsightIDR helps me detect any malicious activities in any endpoints in my company.

I have seen that Rapid7 InsightIDR provides security to the networks and endpoints in the company.

With Rapid7 InsightIDR, you must install the Insight Agent, after which you may get to see some of the risks affecting endpoints.

The integration capabilities of the solution have certain shortcomings where improvements are required.

If possible, it would be great to see AI embedded in all the functionalities offered by the product.

I have been using Rapid7 InsightIDR for four years. I use the solution's latest version since the version gets automatically updated as it is a cloud-based tool. I work as a distributor of the product.

Stability-wise, I rate the solution an eight out of ten.

It is a scalable solution. Scalability-wise, I rate the solution an eight out of ten.

The time required to complete the product's installation phase depends on the number of endpoints that a user has in their environment. Insight Agent can be deployed in a couple of minutes.

Five engineers in my company take care of the deployment phase of Rapid7 InsightIDR.

The solution is deployed on the public cloud services offered by AWS.

Rapid7 InsightIDR is a cheaply priced product. On a scale of one to ten, where one is very expensive, and ten is very cheap, I rate the product's price at seven or eight.

I did not evaluate any other options in the market against Rapid7 InsightIDR.

I have never been involved with any maintenance process related to Rapid7 InsightIDR.

To those who plan to use the solution, I suggest that they undertake a training program to understand the product.

I rate the overall tool an eight out of ten.

Normally, we use the solution as an event viewer to collect and resume cases and playbooks.

The main problem lies in the processes within the client's operating systems. XDR is superior to CMs. Observing how the processes function within the machine is essential if you are monitoring the client or servers, and not only the event with the first or second line but the third line is most important.

I've been familiar with the solution for six months.

The solution is very stable and works very well for what I need it to do. The solution is completely different in an experienced environment and a real environment.

I have worked with Wazuh before, but only to try it. Wazuh is more or less the same as Rapid7 InsightIDR.

I rate Rapid7 InsightIDR an eight out of ten.

The solution is used as a platform for a better understanding of the Intelligence products that different vendors sell. 

Rapid7 is easy to use and deploy. It is a simple solution and has easy data pulling. 

The APIs can be further improved in Rapid7. 

I have been using Rapid7 InsightIDR for two months. 

It is stable solution. 

It is a scalable solution. Presently, there are only small businesses working with the solution. 

The technical support team is good. 

The initial setup is easy. The deployment took only half an hour. It's just a cloud platform. You just have to deploy a connector like Select Pro, and it will set the data from the on-premise. It will send it to the cloud platform, and you can have it installed in five to ten minutes.

The pricing of the solution depends on the user. But there is a yearly licensing cost. 

It is a good solution but just has some API issues. I rate the solution an eight out of ten. 

I like that it's a cloud-based solution. The features of all SIEM solutions are pretty much the same, but Rapid7 is user-friendly, totally cloud-based, and can integrate into the EDR solution whenever a customer wants it. Those are USPs for us.

Because Rapid7 was originally a vulnerability management solution, more and more companies are now moving towards their technologies and their existing SIEM applications and converting them to XDR solutions. Though Rapid7 provides its EDR option with SIEM, it has a long way to go to achieve an XDR status.

I would like to see more development in InsightIDR towards building their SIEM solution and converting it to XDR because every SIEM solution provider is moving their solutions toward XDR.

I've been working with Rapid7 InsightIDR for two years.

The product is stable.

We used to use QRadar in my previous company. The first difference is in the deployment architecture. QRadar comes with cloud and on-prem options. In countries like Pakistan, where I am from, there are very strict regulations for using cloud solutions, especially in the banking sector. Rapid7 only offers a SaaS-based SIEM.

The second difference between the two is in their licensing. Rapid7 InsightIDR license is applied based on the number of nodes and devices. QRadar, on the other hand, does licenses the events per second.

The third difference is in the threat intelligence QRadar provides, and there's a huge difference between the two in this domain. QRadar is an IBM product that is very old in the SIEM market and provides relatively better threat intelligence than players like Rapid7.

The solution is easy to implement.

Rapid7 InsightIDR is priced very well and is cost-effective.

Enterprise-level customers have better options, such as LogRhythm, QRadar, and Splunk. These products are core SIEM-based companies that are old players in this market. Rapid7 is a relatively new entrant in the SIEM market. However, it has strong capabilities, and customers trust big names, big companies they've known from the beginning, who have been working on SIEM solutions since inception.

The benefit of the solution, first of all, is that it's cost-effective. It is also a Gartner leading solution, which provides more credibility in the customer's eyes. Eventually, it benefits us to translate that credibility into achieving more and more revenue through it.

I recommend Rapid7 InsightIDR for SMB companies because there are better options in the market for enterprises.

I rate the solution an eight out of ten.

We use the tool for secret events, compliance, and information management. 

I like the tool's user analysis feature. 

Rapid7 InsightIDR is not intuitive to search for logs. It should be more user-friendly and improve the dashboards. We should be able to use ready-made templates instead of having to build one. 

We had done our first deployment three years ago. 

Rapid7 InsightIDR is stable. 

The tool is cloud-based and scalable. 

Rapid7 InsightIDR's technical support is reactive and supportive. However, they only speak English. Our native language is French and it would be better if they can have some French speaking agents. 

The solution provides better value than competitors with its modules. The deployment is simple and straightforward. However, Rapid7 InsightIDR is not good for log management. 

One of our customers had a Huawei firewall and we required help to do the configuration. However, the installation was easy with other standard vendors like Cisco and Check Point.  The product's deployment got completed in four to five days and we required three people to handle it. One person was in charge of the portal's initial set up and the other one handled the integration of on-premises devices. The third one took care of Office 365 integration. 

Rapid7 InsightIDR's pricing is reasonable but we have challenges with the Minimum Order Quantity. It is not reasonable for customers who have less than one hundred devices. If they can reduce Minimum Order Quantity, it is good. You have to pay around 5000-6000 dollars per year for the product. The pricing includes maintenance and support costs. 

I would rate Rapid7 InsightIDR an eight out of ten. 

We provide InsightIDR for our banking and ICT clients. 

InsightIDR helps us investigate an environment to discover information about incidents. 

InsightIDR's integration with other solutions could be improved. Also, I'd like more control from the portal over what's happening on the endpoint side. For example, when I see an attack on an endpoint, I want to be able to stop it from the portal. 

I have used InsightIDR for four years. 

I rate InsightIDR 10 out of 10 for stability. 

I rate InsightIDR six out of 10 for scalability. The licensing model limits the scalability. The licenses are defined based on assets, so you have to purchase more licenses as you add assets. It's suitable for a small or medium-sized company. We have about 250 users. 

I rate Rapid7 support nine out of 10.

Positive

I rate InsightIDR eight out of 10 for ease of setup. It takes about seven working days to deploy. We install a connector on the LAN, which links up to the cloud and becomes one of your event sources. Next, you need to integrate everything with the console.

I rate InsightIDR six out of 10 for affordability. It isn't the cheapest solution I've seen, but it offers a greater value than less expensive competitors. 

I rate InsightIDR eight out of 10. It's worth a try. InsightIDR provides excellent visibility and threats. The network detection is fast, so you get alerts as soon as something happens. 

We are distributors and sell this product to our customers. I'm a security consultant. 

The features for user behavior analytics and the rules for attack review are valuable. I also like the honeypot feature. It's easy to integrate and collect data from other solutions. 

I'd like to see a better ability to customize the check within the console. Rules can be customized better if the integration is improved. They now have integration with CrowdStrike so maybe they could have some kind of integration with Microsoft.

I've been using this solution for a year. 

The solution is stable.

This is a cloud-based product so it's scalable.

The technical support could be improved. We've had times when our requests get stuck with the engineering team and we sometimes don't get a response. That's a problem for us. 

Neutral

All Rapid7 solutions are easy to deploy because if you have any one of the products, the integrations between these products become easier because they have a lot of the important things within a single port. You get a single platform to visualize a lot of different kinds of data.

The pricing is very competitive because the licensing model that we use is based on endpoints which is different from most other solutions.

This solution is suited to all sizes of organizations. We generally deal with small and medium-sized companies.  

I rate this solution eight out of 10.