Rapid7 InsightIDR Review: Features & Benefits

Rapid7 combines threat intelligence, security research, data collection, and analytics in its comprehensive Insight platform, but how does its detection and response solution – InsightIDR – compare to other cybersecurity solutions?

While InsightIDR functions as a security information and event management (SIEM) solution, its functionality goes far beyond traditional SIEM products and extends to the budding XDR space. Rapid7’s advanced detection and response hunts threats and harvests critical information for investigations like users, events, endpoints, and more from millions of events. Combining user and entity behavior analytics (UEBA), endpoint detection and response (EDR), and SIEM features, InsightIDR uses machine learning to block anomalous threats and mitigate endless log searches.

The Boston-based cybersecurity vendor has gradually built a comprehensive cloud-based platform that includes vulnerability management, application security, cloud security, and orchestration and automation tools, allowing InsightIDR clients the opportunity to expand coverage and bundle Rapid7 solutions.

This article looks at the top three benefits of the Rapid7 InisightIDR solution.

InsightIDR: Advanced Detection and Response

A top benefit of choosing InsightIDR is its advanced capabilities relative to traditional standalone EDR, SIEM, and threat intelligence solutions.

Bringing these tools’ features together, Rapid7 can provide incident detection and response, monitoring, and endpoint visibility for administrators for current cybersecurity needs. The list of tools and features included with InsightIDR include:

• User and entity behavior analytics (UEBA)
• Endpoint detection and response (EDR)
• Network traffic analysis (NDR)
• Centralized log management
• Automated policy capabilities
• Visual investigation timeline
• Deception technology
• File integrity monitoring (FIM)

Built by the Rapid7 security team, InsightIDR is often considered an alternative to legacy or on-premises SIEM products. Alongside InsightIDR, clients also have access to Rapid7’s managed detection and response (MDR) expertise, even if they aren’t managed services customers.

How Does InsightIDR Work?

Like other SIEM solutions, alert management is critical for administrator visibility. Network administrators can use the behavioral analytics engine to evaluate users affected, associated hashes, domains, and URLs and match components against global sources when alerted.

With the event timeline displayed and broken down for administrators, clients can cut the time devoted to additional threat intelligence and respond faster and more effectively. Administrators establish automated policies that meet network needs for regularly cited activity, while security analysts can focus on proactive threat hunting.

Ease of Implementation, Quick Start Services

Rapid7’s deployment process gets consistently praised by clients for its speed, seamless transition, and technical support for any organization that needs to move fast to protect an expanding network.

Also read: What co-founder and VP of Technology at Rapid7’s DivvyCloud, Chris DeRamus, told TechRepublic about using automation in securing cloud data.

Organizations can sit back with the vendor’s Quick Start Services while Rapid7 remotely deploys up to 1,000 assets each day. In this period, agents are installed on network devices, adequately configured, validated, and capable of demonstrating incident detection workflows. Through a four-step methodology, administrators streamline the deployment process for organizations.

1. Architecture: Identifies network resources and connectivity requirements for agents.
2. Configuration: Deploy Collectors and establish event sources, agents, and systems.
3. Knowledge Transfer: Train users on the dashboard, alerts, log searches, and more.
4. Review: Discuss and implement custom logs, automation, and network traffic analysis.

Bundling with the Rapid7 Insight Platform

InsightIDR alone is a premium tool for network detection and response, but it’s only a part of the comprehensive cloud-based suite Rapid7 offers.

Because third-party risk management is critical for mitigating vulnerabilities presented by vendors, bundling with vendors can help consolidate security systems in one location with a trusted partner. Options to expand security coverage with Rapid7 include:

• InsightVM (Vulnerability Management)
• InsightAppSec (Application Security)
• InsightCloudSec (Cloud Security)
• InsightConnect (Orchestration & Automation)
• Threat Command (Threat Intelligence)
• Services (Expert Managed & Consulting Services)

Also read: Why Rapid7 is one of the Best Endpoint Security and EDR Tools for MSPs on ChannelInsider.

SIEM + SOAR: Enriching Visibility, Alerts, and Remediation

One such opportunity to bundle is pairing InsightIDR with Insight Connect, Rapid7’s SOAR solution. The synergy produced can enrich automated alert systems, accelerate detection and response, and increase efficiency. Insight Connect helps automate several IT processes, improves indicators, and comes with 200+ plugins.

Rapid7 Competitors

Recognition & Reviews

In addition to being one of our Top Cybersecurity Companies of 2021, the development of the Rapid7 Insight platform contributes to the company’s growing reputation. Below is where Rapid7’s technologies stand in the Gartner Magic Quadrant, Gartner Peer Insights, and the Forrester Wave.

Gartner Magic Quadrant and Gartner Peer Insights

• Visionary – Application Security Testing (2021)
• Leader – Security Information and Event Management (2020)
• Visionary – Security Information and Event Management (2017, 2018)

On Gartner Peer Insights, Rapid7 has nearly 700 reviews in a handful of solution categories. For Rapid7 InsightIDR, clients praise the seamless deployment and implementation and product capabilities like real-time data for user monitoring and analytics. To give readers an idea of Rapid7’s range, the vendor’s top five reviewed solutions, scores, and highlighted features currently are:

The Forrester Wave

• Leader – Midsize Managed Security Service Providers (2020)
• Strong Performer – Security Analytics Platform (2020)
• Strong Performer – Global Cybersecurity Consulting Services (2019)
• Leader – Vulnerability Risk Management (2018, 2019)

Rapid7: Company Background

Rapid7 was launched in 2000 in midtown New York City by three software executives, Alan Matthews, Tas Giakouminakis, and Chad Loder, looking to address the growing complexity of network security and provide administrators with visibility into their network, assets, vulnerabilities, and threats.

Over twenty years later, the vendor named for the New York rapid transit system has more than 1,200 workers, 9,300+ organization clients, and headquarters in Boston, Massachusetts.

Product Pricing and Features

For InsightIDR, the standard plan starts at $5.61 per month per asset, or $2,807 per month for InsightIDR Advanced to cover 500 assets. On top of the mentioned product capabilities, plans come with unlimited user accounts, shared data across tools, near-instant visibility, SSO, 24/7 technical support, and Rapid7’s community-built extensions.

Interested organizations can try InsightIDR free for 30 days before the subscription renews annually. Custom quotes are available upon request.

Acquisitions, Growth, and Financials

Rapid7 has made 11 acquisitions since its founding, bringing on a pack of technologies to enhance its software suite. These firms include Logentries in 2015, Komand in 2017, and DivvyCloud in 2020. In July, the company acquired threat intelligence and protection vendor IntSights for $335 million.

Rapid7’s market capitalization in 2021 is over $6.75 billion. In July 2015, the company went public on the Nasdaq Stock Exchange under the ticker RPD. Since its IPO, the vendor’s stock price has risen fivefold in six years. Between 2019 and 2020, Rapid7’s gross revenue increased by more than 26%, from $326 million to $411 million. In the same period, gross profit increased by almost 23%, from $235 million to $289 million.