• Home
  • NetWitness Platform vs. Rapid7 InsightIDR

NetWitness Platform vs Rapid7 InsightIDR comparison

Cancel
You must select at least 2 products to compare!
NetWitness Logo
NetWitness Platform
Read 36 NetWitness Platform reviews
1,932 views|1,200 comparisons
74% willing to recommend
Rapid7 Logo
Rapid7 InsightIDR
Read 30 Rapid7 InsightIDR reviews
6,420 views|3,425 comparisons
95% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
NetWitness Platform vs. Rapid7 InsightIDR
May 2024
Executive Summary

We performed a comparison between NetWitness Platform and Rapid7 InsightIDR based on real PeerSpot user reviews.

Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed NetWitness Platform vs. Rapid7 InsightIDR Report (Updated: May 2024).
Download the complete report
772,649 professionals have used our research since 2012.
Featured Review
Salah Sabouni
Provides comprehensive network visibility, and has available helpful support
Prior to implementing the solution, the customers had no visibility of their assets. However, after adopting the solution, they have gained... Read more →
Anonymous User
Quick to deploy and helpful in detecting and responding to security incidents before there is a big outage
Previously, when something happened, such as when a hacker was attacking one of our customers, we were always behind, or we didn't know that we... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible.""The solution is really scalable for the high-end power, enterprise customer.""Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements.""Their technical support responds quickly and are knowledgable.""The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that.""The product has a user-friendly interface and a valuable feature for threat intelligence integration.""Performance and reporting are very good.""The most valuable features are the packet decoder, log decoder, and concentrator."

More NetWitness Platform Pros →

"The solution's initial setup is easy.""Integration with threat modeling from the Metasploit and InsightIDR repositories.""During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an application belongs to a known ransomware group. The system rates the threat, offering a clear detection ratio, such as 97 out of 100. It not only identifies threats but also illustrates the associated behaviors, helping us understand the potential risk to a particular endpoint.""The solution provides satisfying native integration features""The technical support is a solid 10 out of 10 as they take the time to answer any questions or problems which may arise in a reasonable time frame.""It is a very stable solution.""InsightIDR has allowed us to find potential security issues that we did not know existed, and get remediation quickly.""The solution is very scalable in terms of the licensing model."

More Rapid7 InsightIDR Pros →

Cons
"Its technical support could be better.""I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex.""Security needs improvement.""The system architecture is complex and sometimes it’s hard to troubleshoot potential problems.""There are instances where you try to run the reports and then it does not give you the desired outcome.""The initial setup is complex. There are other solutions that are easier to implement.""It is not so easy to customize this product.""We have encountered issues with unresolved crashes."

More NetWitness Platform Cons →

"I would like to see more development in InsightIDR towards building their SIEM solution and converting it to XDR.""Lacks a mobile application.""The searching feature in Rapid7 InsightIDR needs to evolve""The ability to tune the collector for custom logs would greatly help.""Tenable Nessus is easier to deal with. It's more efficient and accurate. InsightIDR is heavier than Tenable in terms of performance and scanning. Rapid7 would be much easier to use if it had a network connector like Tenable. Tenable's connector allows continuous monitoring over the B caps.""Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition.""Cloud risk assessment is one area where I think they need a lot of improvement.""I feel it would greatly benefit from more supported log sources."

More Rapid7 InsightIDR Cons →

Pricing and Cost Advice
  • "It’s cheaper to run virtual machines in a VMware environment."
  • "The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."
  • "It is cheap."
  • "The licenses are good but the cost is very expensive."
  • "This is a pricey solution; it's not cheap."
  • "We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."
  • "Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
  • "Our license is for one year."

    • More NetWitness Platform Pricing and Cost Advice →

  • "​I am sure that there are cheaper products out there, but none that meet so many of our needs whilst maintaining stability and usability.​"
  • "The team is very willing to work with companies. My suggestion is to call the Rapid7 sales department and see how they can help.​"
  • "Licensing is straightforward. If, for some reason, you don’t meet the minimum licensing requirements, there is a third-party managed service that can help."
  • "​Accurately predict your licensing counts as this is a subscription based product.​"
  • "The pricing and licensing are competitive."
  • "Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's also a provide-your-own-S3 option for longer retention if you don't want to pay for the additional retention years in your Rapid7 agreement."
  • "It is a reasonably priced solution."
  • "It is on a yearly basis. For our own company, for about 250 users, it was 16,000 euros a year."

    • More Rapid7 InsightIDR Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    See Recommendations
    772,649 professionals have used our research since 2012.
    Comparison Review
    Vinod Shankar
    HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
    We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are based on Gartner Magic Q which is what Organizations typically use to select SIEM vendors. The Vendors mentioned here in the deck are : 1. HP ArcSight 2. McAfee Nitro 3. IBM QRadar 4. Splunk SIEM 5. RSA Security Analytic 6. LogRhythm. SIEM Technology Space SIEM market analysis of the last 3 years suggest: Market consolidation of SIEM players (25 vendors in 2011 to 16 vendors in 2013)Only products with technology maturity and a strong road map have featured in leaders quadrant.HP ArcSight & IBM Q1 Labs have maintained leadership in SIEM industry with continued technology upgradeMcAfee Nitro has strong product features & road map to challenge HP & IBM for leadershipHPArcSight The ArcSight Enterprise Threat and Risk Management (ETRM) Platform is an integrated set of products for collecting, analysing, and managing enterprise Security Event information ArcSight Enterprise Security Manager (ESM): Correlation and analysis engine used to identify security threat in real-time& virtual environments ArcSight Logger: Log storage and Search solution ArcSight IdentityView: User Identity tracking/User activity monitoring ArcSight Connectors: For data collection from a variety of data… Read more →
    Questions from the Community
    What do you like most about NetWitness Platform?
    Top Answer:The product's initial setup phase was not at all difficult.
    Read all 26 answers   →
    What is your experience regarding pricing and costs for NetWitness Platform?
    Top Answer:The product price was reasonable for my region and the market.
    Read all 16 answers   →
    What needs improvement with NetWitness Platform?
    Top Answer:From an improvement perspective, the NetWitness Platform needs to release new features and improve in areas like log correlation. The tool needs to have easier integrations with the cloud. Building a… more »
    Read all 25 answers   →
    What SOC product do you recommend?
    Top Answer:For tools I’d recommend:  -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also,… more »
    Read all 12 answers   →
    What do you like most about Rapid7 InsightIDR?
    Top Answer:During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an application… more »
    Read all 20 answers   →
    What is your experience regarding pricing and costs for Rapid7 InsightIDR?
    Top Answer:We chose Rapid7 because of its price. IBM QRadar charges us based on data storage. Rapid7 InsightIDR charges us based on the endpoints we connect to. We are satisfied with the product’s price.
    Read all 17 answers   →
    Ranking
    15th
    out of 80 in Security Information and Event Management (SIEM)
    Views
    1,932
    Comparisons
    1,200
    Reviews
    10
    Average Words per Review
    487
    Rating
    7.4
    9th
    out of 80 in Security Information and Event Management (SIEM)
    Views
    6,420
    Comparisons
    3,425
    Reviews
    11
    Average Words per Review
    441
    Rating
    8.2
    Comparisons
    Also Known As
    RSA Security Analytics
    InsightIDR
    Learn More
    NetWitness
    Video Not Available
    Rapid7
    Overview

    NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

    Parsing hundreds of trivial alerts. Managing a mountain of data. Manually forwarding info from your endpoints. Forget that. InsightIDR instantly arms you with the insight you need to make better decisions across the incident detection and response lifecycle, faster.

    Sample Customers
    Los Angeles World Airports, Reply
    Liberty Wines, Pioneer Telephone, Visier
    Top Industries
    REVIEWERS
    Comms Service Provider24%
    Financial Services Firm24%
    Computer Software Company24%
    Manufacturing Company10%
    VISITORS READING REVIEWS
    Financial Services Firm15%
    Computer Software Company15%
    Government10%
    Insurance Company6%
    REVIEWERS
    Comms Service Provider27%
    Computer Software Company20%
    Non Tech Company13%
    Security Firm13%
    VISITORS READING REVIEWS
    Computer Software Company15%
    Manufacturing Company8%
    Financial Services Firm8%
    Government6%
    Company Size
    REVIEWERS
    Small Business26%
    Midsize Enterprise17%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise10%
    Large Enterprise67%
    REVIEWERS
    Small Business63%
    Midsize Enterprise20%
    Large Enterprise17%
    VISITORS READING REVIEWS
    Small Business26%
    Midsize Enterprise20%
    Large Enterprise53%
    Buyer's Guide
    NetWitness Platform vs. Rapid7 InsightIDR
    May 2024
    Free Report: NetWitness Platform vs. Rapid7 InsightIDR
    Find out what your peers are saying about NetWitness Platform vs. Rapid7 InsightIDR and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    772,649 professionals have used our research since 2012.

    NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews while Rapid7 InsightIDR is ranked 9th in Security Information and Event Management (SIEM) with 30 reviews. NetWitness Platform is rated 7.4, while Rapid7 InsightIDR is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Rapid7 InsightIDR writes "Helps in the management of compliance, secret events and information". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Microsoft Sentinel, whereas Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and IBM Security QRadar. See our NetWitness Platform vs. Rapid7 InsightIDR report.

    See our list of best Security Information and Event Management (SIEM) vendors.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.