Cybereason Endpoint Detection & Response vs Rapid7 InsightIDR comparison

Cybereason and Rapid7 are both solutions in the Endpoint Detection and Response (EDR) category. Cybereason is ranked #32 with an average rating of 7.3, while Rapid7 is ranked #22 with an average rating of 7.8. Cybereason holds a 1.1% mindshare in EDR, compared to Rapid7’s 1.2% mindshare. Additionally, 85% of Cybereason users are willing to recommend the solution, compared to 96% of Rapid7 users who would recommend it.

Cybereason Endpoint Detecti...

Read 22 Cybereason Endpoint Detection & Response reviews

3,854 Views
2,467 Comparison Views

85% willing to recommend

Rapid7 InsightIDR

Read 32 Rapid7 InsightIDR reviews

6,636 Views
1,924 Comparison Views

96% willing to recommend

Cybereason Endpoint Detecti...

Rapid7 InsightIDR

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 9, 2024

Cybereason Endpoint Detection & Response and Rapid7 InsightIDR compete in the cybersecurity field. Cybereason appears to have the upper hand in advanced threat hunting and real-time response capabilities, while Rapid7 is preferred for strong incident detection and investigation features.

Features: Cybereason offers advanced threat hunting, real-time response, and automated response functionalities. Rapid7 InsightIDR provides incident detection, investigation capabilities, and integration with various third-party tools.

Room for Improvement: Cybereason could improve integration with other security tools, enhance reporting capabilities, and streamline user interfaces. Rapid7 needs better alert accuracy, reduced false positives, and refined alerting mechanisms.

Ease of Deployment and Customer Service: Cybereason has a straightforward deployment process and responsive customer service. Rapid7 InsightIDR is easy to deploy with a supportive and knowledgeable customer service team.

Pricing and ROI: Cybereason has higher setup costs leading to mixed opinions on ROI. Rapid7 InsightIDR offers competitive pricing and users report favorable ROI due to its comprehensive feature set.

To learn more, read our detailed Cybereason Endpoint Detection & Response vs. Rapid7 InsightIDR Report (Updated: December 2025).

Buyer's Guide

Cybereason Endpoint Detection & Response vs. Rapid7 InsightIDR

December 2025

Download the complete report

Helped 881,082 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cybereason Endpoint Detecti...

Ranking in Endpoint Detection and Response (EDR)

32nd

Average Rating

7.8

Reviews Sentiment

5.6

Number of Reviews

Ranking in other categories

Endpoint Protection Platform (EPP) (41st)

Rapid7 InsightIDR

Ranking in Endpoint Detection and Response (EDR)

22nd

Average Rating

8.4

Reviews Sentiment

7.0

Number of Reviews

Ranking in other categories

Security Information and Event Management (SIEM) (15th), User Entity Behavior Analytics (UEBA) (7th), Threat Deception Platforms (4th), Extended Detection and Response (XDR) (18th)

Mindshare comparison

As of January 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cybereason Endpoint Detection & Response is 1.1%, up from 1.1% compared to the previous year. The mindshare of Rapid7 InsightIDR is 1.2%, up from 0.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Endpoint Detection and Response (EDR) Market Share Distribution
Product	Market Share (%)
Rapid7 InsightIDR	1.2%
Cybereason Endpoint Detection & Response	1.1%
Other	97.7%

Endpoint Detection and Response (EDR)

Featured Reviews

reviewer2642739

Security Delivery Analyst at a consultancy with 10,001+ employees

User-friendly platform and dashboards provide comprehensive insights

I would like to see improvements on the operational side, specifically in grouping. Currently, I can group sensors into a custom group and assign policies, but I feel it is a shame that I cannot create groups of groups with inheritance. This would be useful for organizing multiple sites or countries into a single group containing multiple sub-groups. Additionally, in the whitelisting case, if I want one policy to have specific whitelisting, but not all the machines in that policy to have it, I could use multiple groups belonging to the same parent group. It is a bit disappointing that whitelisting can only be done via policies and not for individual machines. If I need to whitelist for only one machine, I must create a specific policy. This poses a challenge with two thousand endpoints, making it nearly impossible to create two thousand different policies.

Read full review

SohailHyder

Head of Cyber Security at Super Secure

Has supported compliance needs for mid-sized organizations but lacks customization and advanced integration

If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as a SIEM solution is. This is where it can improve if we keep in front the feature sets of a complete SIEM solution. Most common in the market is QRadar, but it is depleting now. It has been taken over by some other products such as Splunk and LogRhythm. If we compare these things with Rapid7 InsightIDR, then there are definitely some gaps that need to be filled. Data retention is also one concern because Rapid7 InsightIDR is cloud-based and operates on a subscription model. Whatever data you want to retain, it has to be paid for separately or it has a cost. Other solutions that are on-premises can have their own infrastructure or they provide some data retention for a month or in some capacity-wise, they provide that solution to them which makes them more attractive.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"We didn't have the visibility that we now have. It has increased our visibility by a lot. So, we put a lot more time into really looking at our environment and what is happening throughout our different networks. It has increased our visibility by around fivefold."

"Immediately we can pick up the computers in the network if any malicious operation that is triggered."

"They do a very good job of providing multi-stage visualizations of malicious operations that immediately show all attack details across all devices and users. Since it is MalOp-centric model, you can see if there has been a similar operation across multiple machines. If it is the same thing appearing on multiple machines, you see all the machines and users affected in one screen."

"I haven't had any issues with the solution. Stability-wise, I rate the solution a ten out of ten."

"Cybereason's threat hunting and investigation are the most valuable features. Threat hunting is a user-friendly feature that keeps you safe. Investigation offers an added value that I haven't seen with other EDR services. It allows you to find specific policy problems within your environment."

"The initial setup process is straightforward."

"Cybereason absolutely enables us to mitigate and isolate on the fly. Our managed detection response telemetry has dropped dramatically since we began using it. It's very top-of-mind. We were running some tabletop exercises and none of the detections were getting triggered by the managed security services provider. So we needed to find a solution that would trigger high-fidelity alerts. That was Cybereason and it dramatically changed our landscape from the detection and response perspective."

"What I find most valuable is the clarity of the platform."

More Cybereason Endpoint Detection & Response pros

"The platform offers unlimited storage and agent-based solutions."

"Very intuitive and easy to set up."

"I like that it's a cloud-based solution."

"The UI is very good."

"Rapid7's reporting is more robust than Tenable's."

"Another very important part of insightIDR is the ability to collect data from endpoint devices via agent software. With a large remote workforce, this allows visibility into the endpoints that are connected to the internet, but not to the corporate network."

"I am able to run automated actions based on the output of reports, leaving me extra time to focus on more pressing matters."

"Integration with threat modeling from the Metasploit and InsightIDR repositories."

More Rapid7 InsightIDR pros

Cons

"The network coverage becomes an issue most of the time."

"We are in the process of removing it from many of our endpoint clients because it's not really showing enough value for them at the moment."

"There is room for improvement in the product features related to device control, particularly USB management."

"What needs to improve in Cybereason Endpoint Detection & Response and what I'd like to see in its next release is a centralized dashboard that allows you to view what is there, similar to what's on Symantec Endpoint Protection Manager: a beautiful display and reporting. Cybereason Endpoint Detection & Response has to start with the compliance, the homepage, etc. Everything should be there and should be customizable. The options should be there. The tool is very good currently, but visibility for IT administrators is lacking and needs to be worked on."

"I feel it is a shame that I cannot create groups of groups with inheritance."

"It initially took some time to deploy."

"The integration with Microsoft solutions and Microsoft capabilities needs to be improved."

"Cybereason does not have sandbox functionality."

More Cybereason Endpoint Detection & Response cons

"Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."

"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses."

"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."

"Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries."

"Lacks a mobile application."

"I feel it would greatly benefit from more supported log sources."

"They should add more configuration and security features to it."

"There are certain limitations with Rapid7 that I am working on."

More Rapid7 InsightIDR cons

Pricing and Cost Advice

"I do not have experience with the licensing of the product."

"In terms of pricing, it's a good solution."

"This product is somewhat expensive and should be cheaper."

"We considered a few other solutions. Some were ridiculously overpriced, while others didn't have solutions for Mac endpoints. That was a deal-breaker because most of our organization is on Mac. It came down to two vendors: Cybereason and another. They had similar pitches and almost identical approaches, but in the end, Cybereason gave us the best value for our money."

"I had to go through a third-party to purchase it, which I wasn't really pleased about."

"On a scale of one to ten, where one is cheap and ten is expensive, I rate the pricing an eight."

"In terms of cost, this is a good choice for our needs."

"The pricing is manageable."

More Cybereason Endpoint Detection & Response pricing and cost advice

"Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's also a provide-your-own-S3 option for longer retention if you don't want to pay for the additional retention years in your Rapid7 agreement."

"The solution has a mid-range price point in the market"

"I am sure that there are cheaper products out there, but none that meet so many of our needs whilst maintaining stability and usability."

"Licensing is straightforward. If, for some reason, you don’t meet the minimum licensing requirements, there is a third-party managed service that can help."

"Accurately predict your licensing counts as this is a subscription based product."

"The pricing is good, and it is not very expensive."

"Rapid7 InsightIDR is a cheaply priced product. On a scale of one to ten, where one is very expensive, and ten is very cheap, I rate the product's price at seven or eight."

"I rate Rapid7 InsightIDR's price a four on a scale of one to ten, where one is cheap, and ten is expensive."

More Rapid7 InsightIDR pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.

See recommendations

881,082 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

12%

Computer Software Company

12%

Manufacturing Company

Outsourcing Company

Computer Software Company

11%

Financial Services Firm

Manufacturing Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	5
Midsize Enterprise	4
Large Enterprise	13

By reviewers
Company Size	Count
Small Business	20
Midsize Enterprise	5
Large Enterprise	6

Questions from the Community

What is your experience regarding pricing and costs for Cybereason Endpoint Detection & Response?

Comparison with other products showed it be cheaper than some larger competitors. Set up cost for us were cheaper as we already had users experienced with the product in other business units. Initi...

See all answers

What is your primary use case for Cybereason Endpoint Detection & Response?

My main use case for Cybereason Endpoint Detection & Response is mostly for incident response.

See all answers

What do you like most about Cybereason Endpoint Detection & Response?

The interface is user-friendly.

See all answers

What SOC product do you recommend?

For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...

See all answers

What do you like most about Rapid7 InsightIDR?

During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an applicati...

See all answers

What is your experience regarding pricing and costs for Rapid7 InsightIDR?

The product pricing is very cheap.

See all answers

Comparisons

CrowdStrike Falcon vs Cybereason Endpoint Detection & Response

Compared 11% of the time

SentinelOne Singularity Complete vs Cybereason Endpoint Detection & Response

Compared 7% of the time

Fortinet FortiEDR vs Cybereason Endpoint Detection & Response

Compared 4% of the time

Microsoft Defender for Endpoint vs Cybereason Endpoint Detection & Response

Compared 4% of the time

ESET Inspect vs Cybereason Endpoint Detection & Response

Compared 4% of the time

More Cybereason Endpoint Detection & Response Competitors

Rapid7 InsightVM vs Rapid7 InsightIDR

Compared 6% of the time

Microsoft Sentinel vs Rapid7 InsightIDR

Compared 5% of the time

Splunk Enterprise Security vs Rapid7 InsightIDR

Compared 5% of the time

CrowdStrike Falcon vs Rapid7 InsightIDR

Compared 4% of the time

Darktrace vs Rapid7 InsightIDR

Compared 4% of the time

More Rapid7 InsightIDR Competitors

Product Reports

Buyer's Guide

Cybereason Endpoint Detection & Response

January 2026

Cybereason Endpoint Detection & Response report

Download Cybereason Endpoint Detection & Response product report

Buyer's Guide

Rapid7 InsightIDR

January 2026

Download Rapid7 InsightIDR product report

Also Known As

Cybereason EDR, Cybereason Deep Detect & Respond

InsightIDR

Overview

Cybereason's Endpoint Detection and Response platform detects in real-time both signature and non-signature-based attacks and accelerates incident investigation and response. Cybereason connects together individual pieces of evidence to form a complete picture of a malicious operation.

Cybereason

Parsing hundreds of trivial alerts. Managing a mountain of data. Manually forwarding info from your endpoints. Forget that. InsightIDR instantly arms you with the insight you need to make better decisions across the incident detection and response lifecycle, faster.

Rapid7

Sample Customers

Lockheed Martin, Spark Capital, DocuSign, Softbank Capital

Liberty Wines, Pioneer Telephone, Visier

Buyer's Guide

Cybereason Endpoint Detection & Response vs. Rapid7 InsightIDR

December 2025

Free Report: Cybereason Endpoint Detection & Response vs. Rapid7 InsightIDR

Find out what your peers are saying about Cybereason Endpoint Detection & Response vs. Rapid7 InsightIDR and other solutions. Updated: December 2025.

DOWNLOAD NOW

881,082 professionals have used our research since 2012.

See our Cybereason Endpoint Detection & Response vs. Rapid7 InsightIDR report.

See our list of best Endpoint Detection and Response (EDR) vendors.

We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.