We performed a comparison between NetWitness Platform and Rapid7 InsightIDR based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"Offers a good wireless feature."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"The most valuable features are the packet inspection and the automated incident response."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"It's quite economical compared to other solutions in the market."
"Simple configuration and automatically syncs to the cloud platform."
"User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day."
"During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an application belongs to a known ransomware group. The system rates the threat, offering a clear detection ratio, such as 97 out of 100. It not only identifies threats but also illustrates the associated behaviors, helping us understand the potential risk to a particular endpoint."
"Enables the use of honey pots, honey users, and honey files to monitor for suspicious patterns."
"Intelligent alerting to avoid the common problem of alert fatigue associated with traditional SIEMs."
"InsightIDR’s ability to process millions of transactions per day, and to notify me of the most critical ones, is priceless. InsightIDR has the alerts tuned, and has the ability to quickly drill down to determine the threat level."
"Features for user behavior analytics and the rules for attack review are good."
"Very intuitive and easy to set up."
"More customizability is required, which is something that they need to improve on."
"It is not so easy to customize this product."
"We have encountered issues with unresolved crashes."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
"The user interface is a little bit difficult for new users and it needs to be improved."
"An area for improvement would be better automation and more inbuilt use cases."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"Lacks a mobile application."
"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."
"Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."
"Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries."
"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."
"One thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not."
"The searching feature in Rapid7 InsightIDR needs to evolve"
"The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."
NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews while Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 30 reviews. NetWitness Platform is rated 7.4, while Rapid7 InsightIDR is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Rapid7 InsightIDR writes "Helps in the management of compliance, secret events and information". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Microsoft Sentinel, whereas Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and IBM Security QRadar. See our NetWitness Platform vs. Rapid7 InsightIDR report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
