Skip to main content
TrustRadius
InsightIDR

InsightIDR

Overview

What is InsightIDR?

In addition to their incident response service, Rapid7 offers InsightIDR, a combined XDR and SIEM that provides user behavior and threat analytics.

Read more
Recent Reviews

TrustRadius Insights

Rapid7 InsightIDR has proven to be highly effective for incident detection and response, with users praising its ability to provide a …
Continue reading

Great SIEM

7 out of 10
January 27, 2023
Incentivized
Product has been our primary SIEM tools to collect logs and develop alerting around behaviors in our environment. We monitor network,cloud …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing

InsightIDR Advanced

$5.89

Cloud
per month per asset

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.rapid7.com/products/insight…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Starting price (does not include set up fee)

  • $5.89 per month per asset
Return to navigation

Product Demos

Using the Parsing Tool in InsightIDR

YouTube

User and Asset Containment in InsightIDR

YouTube
Return to navigation

Product Details

What is InsightIDR?

InsightIDR is a lightweight, cloud-native infrastructure means it scales with the business. InsightIDR provides SaaS delivery and software based data collection, giving users access to new detections, new features, and product updates as soon as they’re rolled out.

InsightIDR offers wizard-guides to help users know where to go next. For this Rapid7 credits a global MDR SOC which uses and vets everything, to provide a deep and early look at user experience.

With it, the vendor states every analyst is empowered to be an expert, and there’s no more “alert fatigue," and that users can count on flexible search options, comprehensive coverage of the environment, helpful visualizations, and cloud computing power.

InsightIDR Video

Rapid7 InsightIDR 3-Min Overview

InsightIDR Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

In addition to their incident response service, Rapid7 offers InsightIDR, a combined XDR and SIEM that provides user behavior and threat analytics.

InsightIDR starts at $5.89.

The most common users of InsightIDR are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(35)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Rapid7 InsightIDR has proven to be highly effective for incident detection and response, with users praising its ability to provide a comprehensive view of endpoints and assets. It offers a single pane of glass view, ensuring maximum visibility and allowing users to view and act on alerts in real time. Customers in the financial services industry have found great value in using InsightIDR to secure their networks and endpoints from various attack scenarios, including those targeting cloud platforms such as AWS, Azure, and Oracle. The software's system monitoring tools send instant alerts in case of breaches, enabling timely response to mitigate potential threats. It has also been lauded for its capability to trap malicious behavior early in the attack chain, safeguarding vital assets from compromise. By automating regular vulnerability scanning and presenting results in a manageable format, InsightIDR streamlines vulnerability management and reduces the burden on security teams. Additionally, it integrates with other technologies to develop in-depth security strategies and facilitate threat hunting, aiding in early threat detection and response. Overall, InsightIDR serves as a primary SIEM tool that collects logs and develops alerting around behaviors in the environment, providing crucial incident detection, authentication monitoring, and endpoint visibility.

Reviews

(1-13 of 13)
Companies can't remove reviews or game the system. Here's why
Azhar Chaudri | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We use it mainly as our incident detection and response application of choice, but it has helped us out enormously with its feature rich capabilities in numerous other areas. InsightIDR provides us with a single pane of glass view that allows us to have maximum visibility of our endpoints, while being aware of all assets, even newly created ones. It also allows us the ability to view and act on alerts in real time by conducting deep root cause analysis with additional functions. Our installation is cloud based so we have integration with other applications. Additionally, Reports can be formulated with ease and convenience and on a bespoke basis.
  • Alerts detection
  • Simple and effective monitoring of endpoints
  • Allows all security incidents to be saved in single pane of glass
  • Intuitive approach to sorting Logs in terrms of labelling and importance
  • Straightforward reporting tool, that allows for numerous types of reports to be created
  • Dashboards feature lots of detail
  • Sometimes there is lag and latency when we have heavy date loads
  • Integration with certain APIs are not easy and always straighfroward
  • Automation is a bit limited.
It has been brilliant for us in terms of understanding the behaviour affecting our endpoints and assets. We have full visibility of our alerts, which menas we can act on them immediately. We use a single pain of glass with dashboards that can be easily drilled down into to get further information. It has laso helped us eo create bespoke reports for senios Managmeent, while at the same time supports other teams like Network Mnagement and Operations.
Varun Khare | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We as a financial services provider required to adhare with customer need which is security in current world and to protect those we have to secure our network and endpoint with every single possible attack scenario which are actively and passively try to invade and can cause problems. These infra includes cloud platform which includes AWS, Azure and Oracle and some in-house data centres so get a smooth coverage we used InsightIDR to bring everything under one umbrella.
  • Endpoint protection
  • SIEM
  • Integration with Various other sec tools
  • Asset Management
  • Segmentation
  • False positives are high
  • Dashboarding can be improved
Well, As a financial Services Provider we have dependency on various cloud platform such as AWS, Azure and Oracle which requires more attention to safeguard it. It cover holistically every single possible point which is good feature ofcourse but dashboarding can be improved and giving unnecessary false positives can be minimised as it creates chaos when we see reports and log.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
When I arrived at my org vulnerability management was done ad hoc using an inexpensive NESSUS license. But this didn't provide results in a good manageable format. The idea was to be able to automate regular scanning and present the results in a format that would allow responsible asset owners to see the status of their systems and insofar as possible make it a self-service experience, taking as much burden off the security team as possible. InsightIDR has made this possible, and gone further through our use of the agent for detailed on device results.
  • Scanning
  • Vulnerability context
  • Multi-user/group usage
  • Allowing group owners to scan assets
  • There is an occasional false positive
Anyone looking to implement a mature vulnerability management program would be advised to give InsightIDR a look. Rapid7 is always on top of the latest vulnerability coverage and the platform is constantly improved to make it better and better. It has a great user/group permission scheme. The agent means that you can have good results without credentialed scans which we consider risky.
Bhuwan Chandra | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Rapid7 InsightIDR helps in the early detection & response of threats, integration with other technologies for in-depth strategy & ultimately threat hunting. Early detection help organization detect attacker in the first stage of the kill chain. By in-depth use case helps to get intelligence of malware tactics protecting from the malware but also helps in to detect such malware in the future also.
  • Deceive Expose & Eliminate threats.
  • Attacker Visibility.
  • Integration with existing technologies like SIEM to 360 overviews of malware.
  • Granularity in reporting is missing.
Provide Contextual intelligence about the attackers with AI to enable an antimalware engine. AI enable Web-filtering solution. Automation of threat response & Broder investigates the report. Rapid7 Insight can be deployed rapidly in the network. Rapid7 Insight also helps to detect the lateral movement of malware. We can deploy Rapid7 Deception on any ware in the network rather than putting only on DMZ; I can put it in-line so that all traffic would scan.
January 27, 2023

Great SIEM

Chris Goodhue | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Incentivized
Product has been our primary SIEM tools to collect logs and develop alerting around behaviors in our environment. We monitor network,cloud logins and firewall traffic with this tool. Along with MS log data. This has been a great one pane of glass tool to see all logs.
  • Easy to inject logs
  • Lots of useful information
  • Lots of connections with out products
  • Can be difficult to query logs
  • UI can be overwhelming
  • Sometimes it’s hard to see data of an alert
Great place for small team to gather and monitor logs from many resources to get a better picture of behaviors in your environment.
Gray Nathan | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Incentivized
Rapid7 InsightIDR is our cybersecurity software and we use it to handle Endpoint Detection and Response. My line of duty involves deploying AI bots under a cloud-based infrastructure that's prone to cyber attacks and viruses invasion to compromise the bots functionality. The security team engaged Rapid7 InsightIDR to help secure critical data being handled by the bots and systems, networks at large. I use it's system monitoring tools in my jurisdiction. It sends instant alerts in case of breaches to prevent major damages.
  • It provides network visibility with the sensor unlock over your environment.
  • Has a lightweight sensor for suspicious activity that's also noiseless.
  • The indicators of compromise are complex to analyze.
  • Running system scans consumes heavily the network bandwidth slowing processes.
Rapid7 InsightIDR handles malware like a pro. It's able to identify the steathly techniques used by attackers. There was a certain attack where the hacker masked as an employee of our company to escape the radar but we were able to sample out the activity with Rapid7 UEBA. It's also worth noting that Rapid7 InsightIDR has a complex architecture and while running system scans, operations may slow down as it takes up most of the network bandwidth.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We use Rapid7 InsightIDR to gain knowledge and understanding about the vulnerabilities in place in our organization. Whether it is an unpatched software product, a misconfiguration, or a zero-day exploit, we know what remediation steps are needed within our organization. Additionally, we can automate reports and trigger actions for technicians to remediate issues.
  • Reporting
  • Aggregating data from thousands of machines against thousands of vulnerabilities
  • Agentless and Agent based scanning
  • Pricing
  • Network Segmentation Flexability
We have found Rapid7 InsightIDR especially well suited for auditing a new environment prior to working on/supporting it. It is very simple to push an agent and setup a scanner and start receiving actionable information. It is also well suited for ongoing monitoring of an environment, to make sure new vulnerabilities are dealt with.
Mary Ramirez | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We are using Rapid7 for incident detection and responses on our servers by reducing the attack's dwell time. We've also utilized it for IOCs TTP procedures to map the threat indicators metrics. We picked it because it's capable of trapping malicious behavior on the attack chain early enough before the vital assets are compromised.
  • Attacks are detected early enough on the peripheral assets to allow us more time to initiate responses with SOAR before compromising the critical assets.
  • Provides a good analysis of log and network data.
  • InsightIDR has limited SIEM capabilities, we are using another software for that.
InsightIDR has been very suitable for deception and extra. It maps attacks on our servers and networks in a very detailed manner, stating not only the log and network data but also important information like how the loops in which the attack was orchestrated and how the attackers got in. Also, during an attack, it weaves the intruder in InsightIDR's' honeypot' to give us plenty of time to initiate security response protocols.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use Rapid7 as our SIEM solution. It provides us the network monitoring and detection capabilities without having to bring in an in-house SIEM technology and the FTE support required for such an implementation. Our network is spread across the US with over 60 offices spanning three time zones. We are an SMB with over 1,400 employees.
  • Timely Detection of Abnormal Behavior
  • Host Isolation
  • Collection of Network Devices Logs
  • Threat Intelligence Source
  • User Behavior and Analytics
  • Cost Effective
  • Staff Augmentation
  • Tamper Proofing Agent Against Bad Actors
  • Log Searching
  • Integration with Other Security Technologies
InsightIDR is well suited for SMBs that do not have the resources to bring in an on-prem SIEM. After the initial configuration is completed, which the Rapid7 team was very good at assisting us on, the upkeep of the SIEM in the cloud is mainly done by them. Then after the "tuning" is done and the noise of the benign network traffic is muted, then only the true alerts can be investigated for malicious intentions. It has been a great tool for us to identify malicious activity. The technology also allows us to isolate hosts on-the-fly.
Score 7 out of 10
Vetted Review
Verified User
Incentivized
We have an issue with end users lacking knowledge of IT security, so we purchased Rapid7 InsightIDR to deploy an agent on their workstations for monitoring, as well as internal pen testing. If an employee fails a security check, then they have to take the security education course over again. Over time this has helped.
  • Collect logs from workstations and send them back for analysis
  • Internal pen testing
  • Monitor authentications to internal resources
  • Agent can be resource intensive at times
  • Server has to be rebooted more often than it should
  • Logging needs a better archiving ability
Rapid7 InsightIDR is great for facilities where access to internal resources is highly restricted, such as healthcare. It helps with logging attempted access to restricted servers, as well as providing a way to bait test the end users to verify they are educated on the security side of IT. Companies with little to no restrictions to internal resources would see no benefit from a software such as this.
Nikhil Wadhwani | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Incentivized
With the help of cloud security, I am able to easily operate my functions and get in my best work in place. The data streams do not need to be worried about and a lot of the data can be accessed without thinking twice of who or what is behind or ahead.
  • Security
  • Rapid authentication
  • Highlights suspicious activities in turn helping us to be ahead of attackers
  • Free trials should be well documented
  • Prices can be reduced if possible
  • Add support for syncing a workplace
If you have any major impacting security device that needs replacement this is the one to go to. The entire setup is easy on cloud and in turn gives much more than just security. The authenticity and the data streaming is priceless. Applications are much more secure and not vulnerable
Score 7 out of 10
Vetted Review
Verified User
Incentivized
Rapid7 InsightIDR is a wonderful, easy to use tool for incident detection, authentication monitoring and endpoint visibility. It provide due diligence on your security we are mainly using this to protect our organisation security venerability. It has the ability to monitor numerous of endpoints and dispatch the security breach alerts in no time.
  • Incident detection
  • authentication monitoring
  • endpoint visibility
  • There should be an testing version
  • make more user friendly
  • add PII rules as well.
Rapid7 InsightIDR is an amazing tool for your organisation security it suites well if your organisation is growing and expanding globally it help to make secure data transactions among team or groups and help to avoid security threads. if you're tiny company like 1-10 people then your might not needed Rapid7 InsightIDR.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Rapid7 InsightIDR is our current product for EDR and antivirus. This product allows us to keep our environment secure from any and all vulnerabilities that could be harmful to the systems that run the business. We use it to secure our web applications as well as design plans for detection and response.
  • Rapid7 InsightIDR does a very good job at keeping virus definitions up to date so that our threat intelligence is very up to date when knowing what to protect against.
  • It helps us by scanning all of our infrastructure components and highlights where improvements need to be made in security so we can be proactive with our security initiatives.
  • It has automated response mechanisms to triage and resolve any potentials risks allowing us to save time in the long run.
  • Sometimes Rapid7 InsightIDR will be too locked down and without knowing will block applications and processes needed for day to day operation.
  • System scans with Rapid7 InsightIDR can be very bandwidth-heavy on the network and system resources.
  • From a recent incident, we have seen more and more false positives from Rapid7 InsightIDR on areas that we know are secure.
Rapid7 InsightIDR is best suited for environments with different types of infrastructures, cloud, virtual, and on-premise. It will easily handle each of these infrastructures and provide detailed vulnerability scans and show where security holes lie. Rapid7 InsightIDR is also best used where you are looking to automate security as it is able to program automated response and quarantine based on its virus detection.
Return to navigation