We just raised a $30M Series A: Read our story

Compare IBM QRadar vs. Rapid7 InsightIDR

Cancel
You must select at least 2 products to compare!
Devo Logo
Read 12 Devo reviews.
11,583 views|4,490 comparisons
IBM QRadar Logo
32,128 views|20,585 comparisons
Rapid7 InsightIDR Logo
9,003 views|6,164 comparisons
Comparison Summary
Question: What SOC product do you recommend?
Answer: I haven't used these big-name ones like Splunk etc. but I feel they're overpriced. I think they charge an arm and a leg for each module. The ROI justification is not there. Why not try a cheaper and robust alternative like Elasticsearch?
Featured Review
Find out what your peers are saying about IBM QRadar vs. Rapid7 InsightIDR and other solutions. Updated: November 2021.
554,382 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"Those 400 days of hot data mean that people can look for trends and at what happened in the past. And they can not only do so from a security point of view, but even for operational use cases. In the past, our operational norm was to keep live data for only 30 days. Our users were constantly asking us for at least 90 days, and we really couldn't even do that. That's one reason that having 400 days of live data is pretty huge. As our users start to use it and adopt this system, we expect people to be able to do those long-term analytics.""In traditional BI solutions, you need to wait a lot of time to have the ability to create visualizations with the data and to do searches. With this kind of platform, you have that information in real-time.""The real-time analytics of security-related data are super. There are a lot of data feeds going into it and it's very quick at pulling up and correlating the data and showing you what's going on in your infrastructure. It's fast. The way that their architecture and technology works, they've really focused on the speed of query results and making sure that we can do what we need to do quickly. Devo is pulling back information in a fast fashion, based on real-time events.""It's very, very versatile.""Devo provides a multi-tenant, cloud-native architecture. This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate. This allows for global views and/or isolated views restricted by access controls by company or business unit.""The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. Most SIEMs don't do that. And I can do that by creating entity-based queries. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way.""Even if it's a relatively technical tool or platform, it's very intuitive and graphical. It's very appealing in terms of the user interface. The UI has a graphically interface with the raw data in a table. The table can be as big as you want it, depending on your use case. You can easily get a report combining your data, along with calculations and graphical dashboards. You don't need a lot of training, because the UI is relatively very intuitive.""The ability to have high performance, high-speed search capability is incredibly important for us. When it comes to doing security analysis, you don't want to be doing is sitting around waiting to get data back while an attacker is sitting on a network, actively attacking it. You need to be able to answer questions quickly. If I see an indicator of attack, I need to be able to rapidly pivot and find data, then analyze it and find more data to answer more questions. You need to be able to do that quickly. If I'm sitting around just waiting to get my first response, then it ends up moving too slow to keep up with the attacker. Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events."

More Devo Pros »

"Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure.""QRadar, Splunk, and ArcSight are SIEM solutions with built-in AI/ML features. They can do the complete investigation and alert the admin about what is happening. They can also do the root cause analysis. There are many other features that come with QRadar. It has a more granular log, so you can integrate with various non-IT as well as IT-based components. You can get unstructured data to the SIEM data, and you can identify more what is happening in the network or what is happening in the central head office. You can also identify what is happening between your remote offices. You can also use it to identify what the users in the field are doing on their devices and how things are moving. From the integration point of view, it is very centric. It gives complete control centrally. If a user is not connected to the system, whenever he comes online, we can see the policy updates over the Internet, and we can ensure that the data that is supposed to be protected is protected.""We have worked with other solutions, such as LogRhythm and Splunk. Compared to others, IBM QRadar has the best price-performance ratio so that you are able to reserve minimum costs. It starts settling in fast and gets the first results very quickly. It is also very scalable.""When it comes to QRadar, they can do the correlation and not only in networks but also endpoints. This is one of the good features that we have noticed.""The ability to transition from microscopic to macroscopic view, instantly, is very good.""It can analyze event logs, event security, and give a good consult.""Most valuable features include the granularity of information.""The initial setup of QRadar is not complex because we have done it before and we are used to the development. It is getting easier all the time."

More IBM QRadar Pros »

"Rapid7 InsightIDR integrates well with other solutions. It's also easy to configure because Rapid7 InsightIDR has a lot of instructions posted on their website that customers can follow if they need to get the source log.""The web interface is great — very useful and user-friendly.""It is a very stable solution.""Simple configuration and automatically syncs to the cloud platform.""Very intuitive and easy to set up.""If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities."

More Rapid7 InsightIDR Pros »

Cons
"Some basic reporting mechanisms have room for improvement. Customers can do analysis by building Activeboards, Devo’s name for interactive dashboards. This capability is quite nice, but it is not a reporting engine. Devo does provide mechanisms to allow third-party tools to query data via their API, which is great. However, a lot of folks like or want a reporting engine, per se, and Devo simply doesn't have that. This may or may not be by design.""Devo has a lot of cloud connectors, but they need to do a little bit of work there. They've got good integrations with the public cloud, but there are a lot of cloud SaaS systems that they still need to work with on integrations, such as Salesforce and other SaaS providers where we need to get access logs.""There's room for improvement within the GUI. There is also some room for improvement within the native parsers they support. But I can say that about pretty much any solution in this space.""From our experience, the Devo agent needs some work. They built it on top of OS Query's open-source framework. It seems like it wasn't tuned properly to handle a large volume of Windows event logs. In our experience, there would definitely be some room for improvement. A lot of SIEMs on the market have their own agent infrastructure. I think Devo's working towards that, but I think that it needs some improvement as far as keeping up with high-volume environments.""There is room for improvement in the ability to parse different log types. I would go as far as to say the product is deficient in its ability to parse multiple, different log types, including logs from major vendors that are supported by competitors. Additionally, the time that it takes to turn around a supported parser for customers and common log source types, which are generally accepted standards in the industry, is not acceptable. This has impacted customer onboarding and customer relationships for us on multiple fronts.""I would like to have the ability to create more complex dashboards.""Their documentation could be better. They are growing quickly and need to have someone focused on tech writing to ensure that all the different updates, how to use them, and all the new features and functionality are properly documented.""There's always room to reduce the learning curve over how to deal with events and machine data. They could make the machine data simpler."

More Devo Cons »

"I don't look at only the features and benefits; I also look at the price. It is a bit expensive when compared with other solutions. It is expensive for specific deployment topologies, and the decision-makers go for alternatives like ArcSight. It should also have more AI features or capabilities for better threat intelligence. The more it uses machine learning, the better would be the dashboard, analytics, and other things.""The user interface is a bit difficult to get used to.""When it comes to what could be better, it is always what others are trying to do and what is the roadmap. It can have more integration. It should have more flexible RESTful APIs for integration with applications. These are the things that are always in demand for any of the SIEM solutions, not only for QRadar. Integration is ever-evolving. Nowadays, different versions of mobile handsets are there and data is getting scattered. Users are using their personal handsets to keep the data of the organization. So, it should have a more flexible integration, irrespective of the flavor of the firmware and iOS or Android version. It should have an API that can seamlessly get integrated. It should also provide more flexible control and a more advanced or analytical view to see what exactly is happening across the globe or network. From wherever a user is connecting and accessing the enterprise data, it should give real-time visibility and predictive visibility about what exactly is happening. These things are already there, but there should be more advanced control in terms of managing the security.""QRadar needs to be more specialized, along the lines of what other SIEM solutions are.""We need more features in order to create rules to detect or to meet some requirements for other areas, for example, catching the event from other authentication tools.""SOAR is what is expected the most from QRadar. They have something called SOAR Resilient, and it would be great if that gets induced in SIEM. IBM QRadar (as well as McAfee ESM) should have analytics platform integration. Currently, SIEMs don't have full-fledged integration with analytics where we are able to dump our data in SIEM, and the same data can be called from different analytics applications. We should be able to bring this data to a platform like Hadoop for big data and run the analytics there. Currently, people are seeing the past data and taking some actions in the present, but when it comes to analytics, there should be futuristic data where you can predict something out of your present and past data. Apart from that, I would like to see a full-fledged ITSM tool in QRadar. It sometimes has some technical issues that need to be checked. It requires a dedicated QRadar engineer to completely manage it. It has different module sets, such as event collector and event processor, and some technical glitches come in between. It takes the log but doesn't exactly process it in the way we want.""A lot of information that we receive for the devices is IP-based, but it would help if we could have a default dashboard in which we can add more details about the assets for which we are receiving the information. For example, if it is a Windows or Linux device, we only get the IP for that particular device. We don't really get the name and other details of that particular device. For that, you have to drill down into your own asset management system. It would be good to have a place where we can probably add this information so that we don't have to look into other tools.""The user interface is a bit clunky, a bit hard to find what you need."

More IBM QRadar Cons »

"The dashboard is an area that could be simplified.""Lacks a mobile application.""Cloud risk assessment is one area where I think they need a lot of improvement.""Inability to get access to compliance reports within the solution.""The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful.""InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment."

More Rapid7 InsightIDR Cons »

Pricing and Cost Advice
"Our licensing fees are billed annually and per terabyte.""I like the pricing very much. They keep it simple. It is a single price based on data ingested, and they do it on an average. If you get a spike of data that flows in, they will not stick it to you or charge you for that. They are very fair about that.""We have an OEM agreement with Devo. It is very similar to the standard licensing agreement because we are charged in the same way as any other customer, e.g., we use the backroom.""Be cautious of metadata inclusion for log types in pricing, as there are some "gotchas" with that.""[Devo was] in the ballpark with at least a couple of the other front-runners that we were looking at. Devo is a good value and, given the quality of the product, I would expect to pay more.""Devo is definitely cheaper than Splunk. There's no doubt about that. The value from Devo is good. It's definitely more valuable to me than QRadar or LogRhythm or any of the old, traditional SIEMs.""I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money.""Devo was very cost-competitive... Devo did come with that 400 days of hot data, and that was not the case with other products."

More Devo Pricing and Cost Advice »

"It is costlier as compared to the other alternatives available in the market.""When it comes to the initial pricing there can be a huge discount from there side and also I think they are open to competing with other products.""There is a license required for this solution and it is an annual payment. I have found all solutions in the category to be expensive, including Splunk.""There is a license required for this solution.""It is overly expensive and overly complex in terms of licensing. They have many different appliances, which makes it extremely difficult to choose the technology. It is very difficult to choose the technology or QRadar components that you should be deploying. They have improved some of it in the last few years. They have made it slightly easy with the fact that you can now buy virtual versions of all the appliances, which is good, but it is still very fragmented. For instance, on some of the smaller appliances, there is no upgrade path. So, if you exceed the capacity of the appliance, you have to buy a bigger appliance, which is not helpful because it is quite a major cost. If you want to add more disks to the system, they'll say that you can't.""IBM QRadar is a little bit expensive compared to other products.""Customers have to purchase a license based on the number of users, devices, and applications they want to protect. It allows you to take a license on a subscription basis for three years or five years.""There is a license required for this solution. There are some limitations depending on what license you purchase."

More IBM QRadar Pricing and Cost Advice »

"It is a reasonably priced solution."

More Rapid7 InsightIDR Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
554,382 professionals have used our research since 2012.
Answers from the Community
Navin Rehnius
author avatarJairo Willian Pereira
Real User

Apache Metron, ELK, OSSIM, Splunk and Qradar (in cost/benefit order for starters).

author avatarJack Callaghan
Real User

For tools I’d recommend: 


-SIEM- LogRhythm


-SOAR- Palo Alto XSOAR


Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic.


Also, remember that any EDR/XDR should integrate to the SIEM/SOAR and a strong threat intel source.


If you consider SOC outsourcing take your time and find one you can integrate like a virtual team member. They are only as good as their depth of knowledge in your business and your on-prem SOC.

author avatarTjeerd Saijoen
Reseller

I have no experience with Rapid 7 or InsightIDR. 


IBM Qradar works great but is not easy to install. If it is running it is a great tool. Also depending on the budget, Riverbed security is a tool to consider. Costs are lower than QRadar and easier to implement. 


Or you can use our SaaS solution with QRadar and a lot more built-in. One holistic solution for your complete IT environment.

author avatarJack Callaghan
Real User

@Evgeny Belenky, ​ I found Stellar to be quite intriguing. 


I would also recommend McAFee’s new console for centralizing and coordinating a well-deployed enterprise solution.

author avatarIshan Kukreti
Reseller

COMODO MDR 

author avatarJohn Stanford
Real User

Disclaimer: ICE Consulting offers SOC as a Service to our Clients.


For SOC Tools we use Securonix and other in-house developed solutions. Securonix provides an all in one package (SIEM, UEBS, & NTA) that we believe is competitively priced for the Small to Mid Market. Their Customer Service seems better than most and they are always highly rated in the Gartner MQ reports. Set-up is not difficult, but is time consuming for the first time, afterwards each client deployment we have added has seemed to get easier and quicker.


Please contact several vendors and ask for demos, talk with the vendor engineers to ensure the solution will workfor your needs... We evaluated Rapid7, AlienVault (ATT Cybersecurity), QRadar, LogRythm, and Securonix before deciding on Securonix. 


Also take your time in evaluating and re-evaluating the products, I took us about about 18 months and over $30K of working with what was utimately the wrong product for us, before moving to Securonix.


Make sure training for the use of the service is included.  We have been able to provide entensive training to out team through the vendor and would not have been able to get out SOC offering off the ground without it.


Good Luck!

author avatarIshan Kukreti
Reseller

COMODO SOC covers your entire network and also your email. It is very easy to deploy and is very effective for reports. 

author avatarIshan Kukreti
Reseller

I prefer the COMODO SOC solution because it is a very good and easy to deploy product.

Questions from the Community
Top Answer: It's very, very versatile.
Top Answer: Devo, like other vendors, doesn't charge extra for playbooks and automation. That way, you are only paying for the side… more »
Top Answer: I need more empowerment in reporting. For example, when I'm using Qlik or Power BI in terms of reporting for the… more »
Top Answer: The product has plenty of features and capabilities.
Top Answer: The usability of interfaces could be improved and the solution could have better correlation services, as well as faster… more »
Top Answer: Rapid7 InsightIDR integrates well with other solutions. It's also easy to configure because Rapid7 InsightIDR has a lot… more »
Top Answer: InsightIDR is quite expensive. But with on-prem solutions, you need to wait for delivery then spend more money on… more »
Top Answer: InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to… more »
Comparisons
Also Known As
QRadar SIEM, QRadar UBA, QRadar on Cloud, QRadar
InsightIDR
Learn More
Overview

Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.

The IBM QRadar security and analytics platform is a lead offering in IBM Security's portfolio. This family of products provides consolidated flexible architecture for security teams to quickly adopt log management, SIEM, user behavior analytics, incident forensics, and threat intelligence and more. As an integrated analytics platform, QRadar streamlines critical capabilities into a common workflow, with tools such as the IBM Security App Exchange ecosystem and Watson for Cyber Security cognitive capability.

With QRadar, you can decrease your overall cost of ownership with an improved detection of threats and enjoy the flexibility of on-premise or cloud deployment, and optional managed security monitoring services.

Parsing hundreds of trivial alerts. Managing a mountain of data. Manually forwarding info from your endpoints. Forget that. InsightIDR instantly arms you with the insight you need to make better decisions across the incident detection and response lifecycle, faster.

Offer
See Devo in Action

See how Devo allows you to free yourself from data management, and make machine data and insights accessible.

Learn more about IBM QRadar
Learn more about Rapid7 InsightIDR
Sample Customers
United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel
Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Liberty Wines, Pioneer Telephone, Visier
Top Industries
VISITORS READING REVIEWS
Computer Software Company28%
Comms Service Provider20%
Government8%
Financial Services Firm7%
REVIEWERS
Financial Services Firm21%
Comms Service Provider12%
Security Firm7%
Transportation Company7%
VISITORS READING REVIEWS
Computer Software Company29%
Comms Service Provider28%
Financial Services Firm6%
Government5%
VISITORS READING REVIEWS
Computer Software Company28%
Comms Service Provider20%
Government6%
Financial Services Firm5%
Company Size
REVIEWERS
Small Business17%
Midsize Enterprise17%
Large Enterprise67%
VISITORS READING REVIEWS
Small Business48%
Midsize Enterprise15%
Large Enterprise37%
REVIEWERS
Small Business40%
Midsize Enterprise18%
Large Enterprise42%
VISITORS READING REVIEWS
Small Business27%
Midsize Enterprise27%
Large Enterprise46%
REVIEWERS
Small Business42%
Midsize Enterprise42%
Large Enterprise17%
Find out what your peers are saying about IBM QRadar vs. Rapid7 InsightIDR and other solutions. Updated: November 2021.
554,382 professionals have used our research since 2012.

IBM QRadar is ranked 2nd in Security Information and Event Management (SIEM) with 57 reviews while Rapid7 InsightIDR is ranked 11th in Security Information and Event Management (SIEM) with 6 reviews. IBM QRadar is rated 8.2, while Rapid7 InsightIDR is rated 8.2. The top reviewer of IBM QRadar writes "Provides a single window into your network, SIEM, network flows, and risk management of your assets". On the other hand, the top reviewer of Rapid7 InsightIDR writes "Easy to use with a simple setup and good scalability". IBM QRadar is most compared with Splunk, ELK Logstash, LogRhythm NextGen SIEM, Microsoft Sentinel and AT&T AlienVault USM, whereas Rapid7 InsightIDR is most compared with Microsoft Sentinel, Darktrace, Splunk, AT&T AlienVault USM and Exabeam Fusion SIEM. See our IBM QRadar vs. Rapid7 InsightIDR report.

See our list of best Security Information and Event Management (SIEM) vendors.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.