We performed a comparison between Elastic Security and Rapid7 InsightIDR based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"The most valuable feature is the network security."
"I like that it's fully integrated with Windows, Microsoft 365 Exchange Online, and Outlook. It is better than other antivirus solutions because it's fully integrated with all Microsoft products. It's easy to integrate them and onboard all Windows devices from SCCM."
"All of the security components are valuable including, antiphishing, antispam, and stage three antivirus."
"The solution is well integrated with applications. It is easy to maintain and administer."
"The Endpoint Manager is incredible; it has a very straightforward interface and is exceedingly easy to use. Pulling out and deploying different tags or resources is a simple task across various departments with different levels of security. The notifications are also simple and satisfying; it's great to see the bubble informing us which devices are compliant and which are waiting to update."
"The most valuable aspect is undoubtedly the exploration capability"
"The performance is good and it is faster than IBM QRadar."
"The most valuable feature is the machine learning capability."
"The intelligence of the system has been very impressive. It's not quite AI, but the technical bit where it correlates information, based on the seen attacks within an organization is good."
"The cost is reasonable. It's not overly pricey."
"The most valuable feature for me is Discover."
"Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because of Elastic's efficient search engine."
"Elastic Security is very customizable, and the dashboards are very easy to build."
"The most valuable features of Elastic Security are it is open-source and provides a high level of security."
"It improved my organization by building a security alerting program."
"The web interface is great — very useful and user-friendly."
"The product works well. Stability-wise, I rate the solution a ten out of ten."
"We were able to identify criminals attempting to login from China and put a stop on their IP locations."
"Great coverage of all systems within our network from endpoint to firewall."
"I have seen that Rapid7 InsightIDR provides security to the networks and endpoints in the company."
"Scalability-wise, I rate the solution a ten out of ten. As a cloud tool, the product is highly scalable."
"The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort through all the logs, network and endpoint data, etc., and add it to an incident case as part of the investigation, is nice. Having it automatically timeline that additional data into the original incident timeline, and correlate it to other notable events and activities on the network, results in a huge improvement in our overall confidence that we've quickly traced down the right source of an issue."
"The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete."
"While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience."
"The mobile app support for Android and iOS is difficult and needs improvement."
"The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging."
"The solution could improve by having better machine learning and AI. Additionally, the interface, documentation, and integration could be better."
"Microsoft Defender XDR is not a full-fledged EDR or XDR."
"The solution does not offer a unified response and standard data."
"The web filtering solution needs to be improved because currently, it is very simple."
"It could use maybe a little more on the Linux side."
"There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM."
"This solution cannot do predictive maintenance, so we have to build our own modules for doing it."
"One limitation of Elastic Security is that it does not have built-in workflows for all tasks. For example, if you need a workflow for compliance, you will need to create a custom workflow."
"Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them."
"The interface could be more user friendly because it is sometimes hard to deal with."
"Improvements in Elastic Security could include refining and normalizing queries to make them more user-friendly, enhancing the user experience with better documentation, and addressing any latency issues."
"Email notification should be done the same way as Logentries does it."
"The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."
"Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries."
"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses."
"InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment."
"The APIs can be further improved in Rapid7."
"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."
"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."
"I feel it would greatly benefit from more supported log sources."
Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 59 reviews while Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 29 reviews. Elastic Security is rated 7.6, while Rapid7 InsightIDR is rated 8.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and syslog-ng, whereas Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and LogRhythm SIEM. See our Elastic Security vs. Rapid7 InsightIDR report.
See our list of best Security Information and Event Management (SIEM) vendors, best Endpoint Detection and Response (EDR) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
