Security Information and Event Management (SIEM) Reviews 2023 | Gartner Peer Insights

InsightIDR is without a doubt my favorite SIEM solution. I recently started a new role with a new company, and immediately found how reliant I had become on IDR. I inherited a partially deployed Qradar instance, and having deployed numerous SIEMs in my career decided to go ahead and finish the deployment. I ran into problem after problem, and after a thorough business case review decided to pivot to IDR. My thinking centered around these key criteria:
– Ease of Deployment
– Ease of Use
– Integrations offered
– Strong UBA coupled with excellent log management capabilities

With those in mind I found that the cost of scrapping my inherited SIEM and purchasing IDR was the best way forward for my team. There may be a bit of bias there, but if you find something that works and works well I’m a fan of not reinventing the wheel. Within a few hours I had integrated all core log sources, and was able to quickly prove value in the deployment. For me IDR represents a bit of a shift in how you think of your SIEM. In my previous deployment I also was able to quickly deploy the solution, and then found myself thinking “what’s next”? I was used to having to dedicate massive amounts of time to the management and tuning of SIEMs I had used in the past, and just deploying the tool and letting it’s work it’s magic was a different experience. My one gripe at the time was I couldn’t build custom parsers to alert on applications or event sources not currently supported, however Rapid7 has implemented a seamless custom parser utility that can be used directly in browser to create custom parsers in around 30 minutes. The idea to deploy an agent to collect logs is also incredibly well executed, and helps secure remote endpoints with ease.