Last updated at Thu, 22 Aug 2024 18:57:34 GMT
By George Schneider, Information Security Manager at Listrak
I've worked in cybersecurity for over two decades, so I've seen plenty of platforms come and go—some even crash and burn. But Rapid7, specifically InsightIDR, has consistently performed above expectations. In fact, InsightIDR has become an essential resource for maintaining my company’s cybersecurity posture.
Alerting Rules!
Back in the early days, a SIEM didn’t come with a bunch of standardized alerting rules. We had to write all of our own rules to actually find what we were looking for. Today, instead of spending six hours a day hunting for threats, InsightIDR does a lot of the work for the practitioner. Now, we spend a maximum of one hour a day responding to alerts.
In addition to saving time, the out-of-the-box rules are very effective; they find things that our other security products can't detect. This is a key reason I’ve been 100% happy with Rapid7. As a user, I just know it’s functional. It’s clear that InsightIDR is designed by and for users—there’s no fluff, and the kinks are already ironed out. Not only am I saving time and company resources, the solution is a joy to use.
Source Coverage
When scouting SIEM options, we wanted a platform that could ingest a lot of different log sources. Rapid7 covered all of the elements we use in the big platforms and various security appliances we have—and some in the cloud too. InsightIDR can ingest logs from all sources and correlate them (a key to any high-functioning SIEM) on day one.
Trust the Process
I can honestly say this is the first time I’ve ever used a product that adds new features and functionality every single quarter. It’s not just a new pretty interface either, Rapid7 consistently adds capabilities that move the product forward.
What’s also wonderful is that Rapid7 listens to customers, especially their feedback. Not to toot my own horn, but they’ve even released a handful of feature requests that I submitted over the years. So I can say with absolute sincerity that these improvements actually benefit SOC teams. They make us better at detecting the stuff that we’re most concerned about.
Visibility and Coverage, Thanks, Insight Agent!
If you’re not familiar with Insight Agent, it’s time to get acquainted. Insight Agent is critical for running forensics on a machine. If I have a machine that gets flagged for something through an automated alert, I can quickly jump in without delay because of the Insight Agent. I get lots of worthwhile information that helps me consistently finish investigations in a timely manner. I know in pretty short order whether an alert is nefarious or just a false positive.
And this is all built into the Rapid7 platform—it doesn’t require customization or installations to get up and running. You truly have a single pane of glass to do all of this, and it’s somehow super intuitive as well. Using the endpoint agent, I don’t have to switch over to something else to do additional work. It’s all right there.
“Customer support at Rapid7 is outstanding. It’s the gold standard that I now use to evaluate all other customer support.”
Thinking Outside the Pane
I also have to give a shout out to the Rapid7 community. The community at discuss.rapid7.com/ and the support I get from our Rapid7 account team cannot be overlooked. When I have a question about how to use something, my first step is to visit Discuss to see if somebody else has already posted some information about it—often saving me valuable time. If that doesn’t answer my question, the customer support at Rapid7 is outstanding. It’s the gold standard that I now use to evaluate all other customer support.
The Bottom Line
My bottom line? I love this product (and the people). To say it’s useful is an understatement. I would never recommend a product that I didn’t think was outstanding. I firmly believe in the Rapid7InsightIDR and experience how useful it is every day. So does my team.