My main use case for Rapid7 InsightCloudSec is endpoint detections and monitoring, especially with the SIEM. As a MSP, I use Rapid7 InsightCloudSec for endpoint detection and monitoring daily with multiple clients, and the Rapid7 Insight Agent is installed on all the servers and linked with the ticketing system. Once an alert is generated through Rapid7, we receive an alert and investigate through the Rapid7 Insight Agent by using the logs.

The best feature Rapid7 InsightCloudSec offers is the log, which is really quick, and I appreciate the new update with the AI assistance, allowing us to search and create log searches with AI support.

The AI assistance for log search helps me by allowing me to easily search for something from the log, as I used to manually create the log. With the new AI feature, I just type it in and it generates the code, making it easier to get the results.

Rapid7 InsightCloudSec has positively impacted my organization because we are using Microsoft Defender for endpoint protection alongside Rapid7. Rapid7 is quicker than Defender regarding detection speed and logging in, so in comparison, Rapid7 is faster than Microsoft Defender and is lightweight. Since switching to Rapid7 InsightCloudSec, I have noticed it is more time-saving and cost-effective, especially in cases of false positives. From Defender's point of view, we need to log in and check everything, but from Rapid7's perspective, everything is there and with a quick reference, we can identify false positives without digging deeper, saving time and reallocating resources to positive cases.

It is important to note that Rapid7 InsightCloudSec's features are not 100% precise, but I find about 70% of the time it is satisfactory. I would like to suggest that you improve it to be more precise, ideally making it 100% if possible.

Some cases in Rapid7 InsightCloudSec indicate that the log is not enough, as they mostly just generate alerts, and the synchronization between data connectors is often problematic, particularly in terms of not being in sync always, especially between the AD and Rapid7 alerts, which generates numerous false positives. Additionally, the traditional rules should be updated, as this is a main point worth mentioning since we spend a lot of time fine-tuning these traditional rules. I suggest improving the legacy detection rules.

If there are any authentication cases, such as impossible travel activity where a user has their SharePoint hosted in a different location, Rapid7 can often trigger alerts, creating confusion as we cannot fine-tune it properly. Another issue is with honeypot access. We sometimes lack necessary logs because Defender's advanced threat protection scanning gets detected as honeypot activity by Rapid7, leading to annoying and noisy alerts that we need to constantly close.

If you can improve the traditional detection rules to reflect current detection rules, it would make it significantly easier for us to manage, as we constantly need to check legacy rules to update or possibly turn them off. Updating the legacy rules should be a priority.

I have been using Rapid7 InsightCloudSec for almost one year.

Rapid7 InsightCloudSec is stable.

Regarding scalability, Rapid7 InsightCloudSec is very scalable so far.

The customer support provided by Rapid7 InsightCloudSec is pretty good. We receive enough support on time. In more complex cases, it can take time, but overall, I am satisfied with the support.

We did not use any other solution prior to Rapid7. We started directly with Rapid7 and Microsoft.

In terms of return on investment, I can say that we have seen time saved and money saved. We previously had fewer employees, and with Rapid7, it has been really helpful to manage all workloads effectively.

My experience with pricing, setup costs, and licensing for Rapid7 InsightCloudSec is that it was affordable initially, but now the costs are a bit high. However, in comparison to other tools in the market, I still find it affordable.

Before choosing Rapid7 InsightCloudSec, we evaluated other options, including SentinelOne and other popular solutions.

The first thing we need to do to use Rapid7 InsightCloudSec effectively in our workflow or with our clients is to install the Rapid7 Insight Agent to the endpoints or even the servers. That is a bit challenging because most of the clients are unaware of Rapid7 Insight Agent, and we need to convince them to make it a trustworthy source.

My advice for others looking into using Rapid7 InsightCloudSec is to investigate the features that need to be set up in detail. I rate Rapid7 InsightCloudSec a seven out of ten because of its efficiency, cost-effectiveness, time-saving capabilities, and better monitoring.

We initially wanted to implement CSPM a couple of years back. We did the market research, performed analysis, understood the strengths, and so on. Then we implemented this tool within our environment as a part of CSPM.

Agentless scanning is a possible use with Rapid7 InsightCloudSec. You do not deploy the agents within your workload or to the cloud resources, which is an advantage. I also think there's an automation feature available within Rapid7 ICS, which is good.

Overall, Rapid7 ICS is good. There are no major drawbacks. However, there are a lot of other solutions in the market, not only providing the features of a CSPM, but also CNAPP. When it comes to CNAPP, if you have deployed many containerized-based applications within your environment, plus the containers, managing all those things becomes complex. It can't be easy to keep an eye on those resources because sometimes doing so requires an additional agent that one needs to deploy so that they can perform the scans on those workloads. However, there are a lot of tools in the market that provide these scans at the API level. One could connect Rapid7 with an API at the workload or cluster level, and you'll get all that information. However, the challenge is how easily you can implement those things within the environment. Sometimes, you'll encounter some complexity while implementing APIs. Some customers won't be happy getting complex things implemented. At the end of the day, they would prefer that things be simpler. That is something Rapid7 could improve on. Besides, the UI is a bit complex and not user-friendly, but they're working on that.

I have been working with this tool for more than 12 months.

As far as scalability is concerned, since it's a SaaS-based application, you just need to integrate it. Rapid7 only provides a platform, like with AWS, Azure, and G Suite, so you must integrate Rapid7's platform. Most of the resources within it will get replicated or harvested, so there aren't any immediate challenges regarding scalability.

There are a lot of other things to consider, though. When providing deep information about the cloud, the Rapid7 team needs to work on those areas. Let's say you have a Kubernetes cluster. Once you integrate your platform, you must do additional configurations to monitor the Kubernetes cluster deployed on a specific platform, such as AWS or Azure. Those additional configurations are not as straightforward as they would seem. Those are areas that require some modification from the Rapid7 team.

I rate Rapid7 ICS' scalability a six and a half out of ten since I haven't seen any issues with stability. Rapid7 ICS is just a tool that acts as a platform to expand your visibility to the cloud resources. ICS does not explicitly do something from Rapid7's end apart from just performing the scan. It's not a cloud platform like AWS or Azure.

The Rapid7 team has sync-up calls to help users understand the solution. When you have any issues, you can contact the team, who will help you.

Rapid7's deployment was not that complex. There are a lot of requirements, and the requirements vary as time passes. But once you deploy the solution and start using it, you'll discover which features are good and which could be improved. I rate the deployment a three out of five.

Companies generally buy this tool because the pricing is not that high. ICS's pricing is still per the market standard, but there are a lot of other solutions that are more expensive than Rapid7 ICs. Rapid7 ICS is good, considering the number of features they provide.

We need to stand parallel to our competition, meeting the market and user demands. We should ensure the tools we leverage within our environment are up to the market.

Apart from Rapid7 ICS, there are a lot of other tools available in the market which are also agentless. Most other solutions work on the API level, where you use the API to integrate them and perform the scans.

As for privileged access in Rapid7, you sometimes require privileged access to perform automatic remediations, which could be something that most customers are not comfortable with since they would not want someone outside their company to grant privileged access.

Considering Rapid7 ICS' shortcomings, Rapid7 is working on the same. But there are a lot of other competitors in the market providing better features. When it comes to keeping an eye on PII data, which is very sensitive, Rapid7 ICS does not detect if it is in the cloud resources. But other vendors' products could detect that. That feature is based on which one can compare Rapid7 with other tools.

People are still in the phase of developing most of the features. They might have Rapid7's documentation with them, but those require some prerequisites if you want to understand them. If you're a vendor and do not know anything, you must learn some things without directly jumping to the documentation part.

Rapid7 ICS is good, considering the number of features they provide. But that depends on your and the company's requirements. If the company just wants a tool that acts as a CSPM, Rapid7 ICS can be helpful. But if the company wants to not only buy a CSPM tool but wants a CSPM-cum-CNAPP, Rapid7 ICS is lacking in those areas.

There are a lot of pros and cons, but Rapid7 ICS is doing well as of now.

I rate the solution a six out of ten.