We performed a comparison between Darktrace and Rapid7 InsightIDR based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Cisco, TitanHQ and others in Email Security."The two main features that prove most beneficial for us are URL scanning and attachment scanning."
"The solution is very easy to use. All you have to do is to assign the license to the end-user and it's done. The customer will only have the feature activated, and the solution will monitor the emails to determine if they are a threat or not."
"The risk level notifications are most valuable. We get to know what kind of intrusion or attack is there, and we can fix a problem on time."
"Defender for 365 is a comprehensive cloud-based solution. The value of the cloud is that you aren't alone. Threat intelligence and analytics are shared in the cloud. We don't have to find the solution alone. If you face an unknown threat with traditional solutions like Trend Micro and Symantec, you need to open a case and send your information to them to analyze forensically and identify the source of the attack."
"The good part is that you don't have to configure it, which is very convenient."
"It also gives me good visibility because, with Defender, I'm using a Microsoft product to defend Microsoft products. The integration was really seamless and I have wide visibility because it picks up almost everything. Literally, I can see almost every activity that happens, from the e-mail to the workstation itself."
"Microsoft Defender for Office 365's most valuable feature is its performance."
"The technical support is good and quick to resolve issues."
"It provides a comprehensive, detailed view of network activity and whatever is happening inside it."
"Its most valuable feature is its ability to identify malicious connected IPs from outside and the attacks that get through to the inside."
"t was pretty as far as the granularity of what you were getting out of it."
"The Dynamic Threat Dashboard is very nice, as it lists all of your threats and rates them, and then you can choose whether to investigate further."
"AI analytics are built directly into the product."
"It is very stable and easy to use."
"The most valuable feature of Darktrace and the most valuable feature is the artificial intelligence module because that is the tool that determines automatically if there is any risk or not in the network."
"Darktrace is very useful for us because it has a large number of models for detecting threats."
"Integration with threat modeling from the Metasploit and InsightIDR repositories."
"The ability to ingest Office 365 log files, then process them into events and display them on a map."
"If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities."
"The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort through all the logs, network and endpoint data, etc., and add it to an incident case as part of the investigation, is nice. Having it automatically timeline that additional data into the original incident timeline, and correlate it to other notable events and activities on the network, results in a huge improvement in our overall confidence that we've quickly traced down the right source of an issue."
"The solution provides satisfying native integration features"
"It is a very stable solution."
"During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an application belongs to a known ransomware group. The system rates the threat, offering a clear detection ratio, such as 97 out of 100. It not only identifies threats but also illustrates the associated behaviors, helping us understand the potential risk to a particular endpoint."
"Dashboards, including the main screen, provide much-needed information at a glance, without hours of coding and sifting through logs to find it. In case of an actual security incident, I have faith that insightIDR has retained all logs in a secure manner that prevents log tampering as well."
"It would be better if it were more scalable. It depends on the architecture, but we would like to make it more scalable for both data centers."
"One area for improvement is support, in terms of being able to reach them and, especially, technical support for configuration."
"This product's effectiveness could be improved, in terms of detecting unwanted spam or even malware between the emails, compared to other products."
"Microsoft Defender for Office 365 should be more proactive."
"Microsoft should provide more documentation for users so they can self-educate. I would like to see more documentation for advanced security features."
"The custom alerts have to improve a lot."
"Microsoft wants its well-paying customers to finish testing some of its half-baked products, find bugs, and report bugs back to Microsoft's team, which is a little frustrating for those who have to manage it and roll it up to thousands of people across the organization."
"We need a separate license and we don't know how to get the license that is required."
"It can have more integration with orchestration or event management solutions. They can provide more knowledge or research information for analysts for investigating cases and detecting anomalies in networks."
"It should be easier to access the Darktrace portal and its documentation. Only the customer can access their portal and support. It could be cheaper."
"Darktrace requires numerous configurations. It would be beneficial if the configuration could be made simpler."
"Although we haven't detected any network threats since implementing Darktrace, we are unsure of its efficacy. It would be beneficial if the solution could offer additional details to the user regarding any potential or prevented threats. Additionally, there could be better search tools and integration."
"I was under impression that Darktrace's automatic blocking would be an out-of-the-box feature, but we had to integrate it with our firewall to get it to block automatically. The salesperson should be upfront and explain that you need to integrate it with your network. I would also like to see more reporting on risk. Banks in my region want to see at a glance the risk level of various assets."
"Getting logs from different sources can be a challenge."
"In terms of improvements, fine-tuning is the area where we have to spend some time because it works on unsupervised machine learning. It would be good if they can improve their algorithm or technical functionality to reduce the fine-tuning effort. They can also come up with something at the endpoint level. So far, Darktrace has been a network detection response (NDR) solution. It does not offer much at the endpoint level or on user-client devices or servers. There should be more visibility at the endpoint level. It would be good to have the detection and response at the endpoint level by Darktrace. It should also have integration with an agile environment so that we can have continuous development and continuous integration in the application development environment. This is currently not there. It should also have internet-facing platform visibility, which is currently missing. They also need to improve the reporting and management dashboards. Currently, these are not so easy for a non-technical person. All these features would make Darktrace much better, and they would also be helpful in selling more solutions."
"The solution would benefit from automation. Currently, you have to know what you are searching for."
"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."
"Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."
"One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level."
"I would like to see more development in InsightIDR towards building their SIEM solution and converting it to XDR."
"I feel it would greatly benefit from more supported log sources."
"The product allows us to make only 30 custom rules."
"The solution's XDR agents cannot compete with the XDR solutions out there yet."
"The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."
More Microsoft Defender for Office 365 Pricing and Cost Advice →
Darktrace is ranked 11th in Email Security with 66 reviews while Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 30 reviews. Darktrace is rated 8.2, while Rapid7 InsightIDR is rated 8.4. The top reviewer of Darktrace writes "Great autonomous support, offers an easy setup, and has responsive support". On the other hand, the top reviewer of Rapid7 InsightIDR writes "Helps in the management of compliance, secret events and information". Darktrace is most compared with CrowdStrike Falcon, Vectra AI, SentinelOne Singularity Complete, Cortex XDR by Palo Alto Networks and Trend Micro Deep Discovery, whereas Rapid7 InsightIDR is most compared with Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM, IBM Security QRadar and Microsoft Defender for Identity.
We monitor all Email Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.