NetWitness Platform vs Rapid7 InsightIDR comparison

NetWitness and Rapid7 are both solutions in the Security Information and Event Management (SIEM) category. NetWitness is ranked #30 with an average rating of 8.3, while Rapid7 is ranked #14 with an average rating of 8.0. NetWitness holds a 0.6% mindshare in SIEM, compared to Rapid7’s 2.4% mindshare. Additionally, 75% of NetWitness users are willing to recommend the solution, compared to 95% of Rapid7 users who would recommend it.

NetWitness Platform

Read 37 NetWitness Platform reviews

1,507 Views
980 Comparison Views

75% willing to recommend

Rapid7 InsightIDR

Read 32 Rapid7 InsightIDR reviews

6,825 Views
3,344 Comparison Views

95% willing to recommend

NetWitness Platform

Rapid7 InsightIDR

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 18, 2024

NetWitness Platform and Rapid7 InsightIDR compete in the cybersecurity tools category. Rapid7 InsightIDR seems to have the upper hand due to better features and customer service, despite NetWitness Platform being more affordable.

Features: NetWitness Platform offers robust threat detection, analytics, and comprehensive visibility. Rapid7 InsightIDR is favored for its simplicity, effective incident detection, and user-friendliness, leading to quicker threat identification.

Room for Improvement: NetWitness Platform needs enhancements in configuration complexity, integration with other tools, and easier deployment. Rapid7 InsightIDR could improve its alerting system, provide more customization options, and enhance its reporting features.

Ease of Deployment and Customer Service: NetWitness Platform is criticized for its lengthy deployment process and the need for expert handling. Rapid7 InsightIDR stands out with smoother deployment and better user support, making it easier to implement.

Pricing and ROI: NetWitness Platform is known for lower setup costs and decent ROI, but requires additional investment in expertise. Rapid7 InsightIDR, while more expensive, offers higher ROI due to its advanced features and effective threat management, justifying the higher cost.

To learn more, read our detailed NetWitness Platform vs. Rapid7 InsightIDR Report (Updated: September 2025).

Buyer's Guide

NetWitness Platform vs. Rapid7 InsightIDR

September 2025

Download the complete report

Helped 868,759 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

NetWitness Platform

Ranking in Security Information and Event Management (SIEM)

30th

Average Rating

7.4

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

Log Management (33rd)

Rapid7 InsightIDR

Ranking in Security Information and Event Management (SIEM)

14th

Average Rating

8.4

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

User Entity Behavior Analytics (UEBA) (5th), Endpoint Detection and Response (EDR) (25th), Threat Deception Platforms (4th), Extended Detection and Response (XDR) (17th)

Mindshare comparison

As of October 2025, in the Security Information and Event Management (SIEM) category, the mindshare of NetWitness Platform is 0.6%, up from 0.6% compared to the previous year. The mindshare of Rapid7 InsightIDR is 2.4%, down from 2.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Information and Event Management (SIEM) Market Share Distribution
Product	Market Share (%)
Rapid7 InsightIDR	2.4%
NetWitness Platform	0.6%
Other	97.0%

Security Information and Event Management (SIEM)

Featured Reviews

MOTASHIM Al Razi

CISO at One Bank Limited

It is a stable solution, but they should make the user interface easier to understand

The solution's initial setup takes work. We have to organize multiple paths and many features. The deployment process takes less than a week. But it takes a month to complete if we want to make the solution smarter by integrating it with various devices. I rate the process as a six out of ten.

Read full review

Asim Naeem

Principal IT Security & Compliance at IBEX Holdings Ltd

Providing comprehensive insight into alerts while working towards AI enhancement

I definitely recommend Rapid7 InsightIDR. It is becoming better, with improvements being continuously made to the product. Right now, I do not have any advice about Rapid7 for other users because every organization or user has different criteria or multiple use cases, so I refrain from commenting on that. I rate the overall solution seven out of ten.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most valuable features are its ingestion of logs and raising of alerts based on those logs."

"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."

"The product's initial setup phase was not at all difficult."

"Incident management is its most valuable feature."

"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."

"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."

"Their technical support responds quickly and are knowledgable."

"NetWitness can be highly beneficial for incident detection and response."

More NetWitness Platform pros

"The biggest reason why we chose Rapid7 was to gain value in a really quick time. Its deployment doesn't take months. It just takes a few days."

"Rapid7 is easy to use and deploy. It is a simple solution and has easy data pulling."

"The web interface is great — very useful and user-friendly."

"InsightIDR’s ability to process millions of transactions per day, and to notify me of the most critical ones, is priceless. InsightIDR has the alerts tuned, and has the ability to quickly drill down to determine the threat level."

"We were able to identify criminals attempting to login from China and put a stop on their IP locations."

"I am able to run automated actions based on the output of reports, leaving me extra time to focus on more pressing matters."

"During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an application belongs to a known ransomware group. The system rates the threat, offering a clear detection ratio, such as 97 out of 100. It not only identifies threats but also illustrates the associated behaviors, helping us understand the potential risk to a particular endpoint."

"I like that it's a cloud-based solution."

More Rapid7 InsightIDR pros

Cons

"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."

"I believe that integrating the solution with other products such as Oracle would be beneficial."

"The user interface is a little bit difficult for new users and it needs to be improved."

"An area for improvement would be better automation and more inbuilt use cases."

"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."

"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."

"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."

"The tool's integration capability isn't so great."

More NetWitness Platform cons

"The solution's XDR agents cannot compete with the XDR solutions out there yet."

"The APIs can be further improved in Rapid7."

"The solution needs improvement in threat intelligence. Increasing the depth of intelligence to help users understand more about threats is a possibility. My suggestion is to expand access to other websites or resources."

"One thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not."

"Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries."

"There is a future in AI with Rapid7, however, it is not fully operated. There are certain limitations with Rapid7 that I am working on."

"The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user and a separate table or group by destination. But I'd be more interested in where a person was logging into instead of who was logging in or where he was logging in."

"Lacks a mobile application."

More Rapid7 InsightIDR cons

Pricing and Cost Advice

"It provides tools to assist in selecting the appropriate license and usage scenarios."

"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."

"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."

"We are on an annual license for the use of the solution."

"The product is expensive."

"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."

"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."

"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."

More NetWitness Platform pricing and cost advice

"The pricing of the solution depends on the user. But there is a yearly licensing cost."

"Rapid7 InsightIDR is priced very well and is cost-effective."

"Rapid7 InsightIDR is a cheaply priced product. On a scale of one to ten, where one is very expensive, and ten is very cheap, I rate the product's price at seven or eight."

"I am sure that there are cheaper products out there, but none that meet so many of our needs whilst maintaining stability and usability."

"The solution has a mid-range price point in the market"

"Accurately predict your licensing counts as this is a subscription based product."

"The pricing is good, and it is not very expensive."

"Rapid7 InsightIDR charges us based on the endpoints we connect to."

More Rapid7 InsightIDR pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

868,759 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at Deloitte & Touche

Feb 26, 2015

HP ArcSight vs. IBM QRadar vs. McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm

We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…

Read full review

Top Industries

By visitors reading reviews

Financial Services Firm

13%

Computer Software Company

12%

Comms Service Provider

Performing Arts

Computer Software Company

14%

Financial Services Firm

Manufacturing Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	9
Midsize Enterprise	7
Large Enterprise	20

By reviewers
Company Size	Count
Small Business	20
Midsize Enterprise	5
Large Enterprise	6

Questions from the Community

What do you like most about NetWitness Platform?

The product's initial setup phase was not at all difficult.

See all answers

What is your experience regarding pricing and costs for NetWitness Platform?

The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.

See all answers

What needs improvement with NetWitness Platform?

There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.

See all answers

What SOC product do you recommend?

For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...

See all answers

What do you like most about Rapid7 InsightIDR?

During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an applicati...

See all answers

What is your experience regarding pricing and costs for Rapid7 InsightIDR?

The product pricing is very cheap.

See all answers

Comparisons

IBM Security QRadar vs NetWitness Platform

Compared 24% of the time

Splunk Enterprise Security vs NetWitness Platform

Compared 18% of the time

Elastic Security vs NetWitness Platform

Compared 14% of the time

USM Anywhere vs NetWitness Platform

Compared 11% of the time

Trellix Network Detection and Response vs NetWitness Platform

Compared 9% of the time

More NetWitness Platform Competitors

Rapid7 InsightVM vs Rapid7 InsightIDR

Compared 8% of the time

Darktrace vs Rapid7 InsightIDR

Compared 8% of the time

Microsoft Sentinel vs Rapid7 InsightIDR

Compared 7% of the time

CrowdStrike Falcon vs Rapid7 InsightIDR

Compared 6% of the time

Splunk Enterprise Security vs Rapid7 InsightIDR

Compared 5% of the time

More Rapid7 InsightIDR Competitors

Product Reports

Buyer's Guide

NetWitness Platform

September 2025

Download NetWitness Platform product report

Buyer's Guide

Rapid7 InsightIDR

September 2025

Download Rapid7 InsightIDR product report

Also Known As

RSA Security Analytics

InsightIDR

Overview

NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

NetWitness

Parsing hundreds of trivial alerts. Managing a mountain of data. Manually forwarding info from your endpoints. Forget that. InsightIDR instantly arms you with the insight you need to make better decisions across the incident detection and response lifecycle, faster.

Rapid7

Sample Customers

Los Angeles World Airports, Reply

Liberty Wines, Pioneer Telephone, Visier

Buyer's Guide

NetWitness Platform vs. Rapid7 InsightIDR

September 2025

Free Report: NetWitness Platform vs. Rapid7 InsightIDR

Find out what your peers are saying about NetWitness Platform vs. Rapid7 InsightIDR and other solutions. Updated: September 2025.

DOWNLOAD NOW

868,759 professionals have used our research since 2012.

See our NetWitness Platform vs. Rapid7 InsightIDR report.

See our list of best Security Information and Event Management (SIEM) vendors.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.