I've been working with InsightIDR for quite a while, and lately I've been wondering whether others in the community feel that the platform is starting to lag behind some of the innovation we're seeing across the security market.
Don't get me wrong, the core SIEM, UEBA and detection capabilities are still solid. But when I compare the product roadmap and recent releases with what other vendors are doing, I sometimes get the impression that InsightIDR is becoming a bit "legacy" in its approach.
A few areas where I'd be interested in hearing the community's thoughts:
AI security visibility: Are there plans for deeper visibility into enterprise AI usage (ChatGPT Enterprise, Copilot, Gemini, Claude, custom LLM deployments, etc.)?
AI governance and monitoring: How are people using InsightIDR today to detect risky AI usage, prompt leakage, sensitive data exposure, or unauthorized AI applications?
AI-powered investigations: Many vendors are heavily investing in AI-assisted triage, investigation copilots, autonomous response workflows, and natural-language threat hunting. Do others feel InsightIDR is keeping pace here?
Cloud-native environments: Are you satisfied with the level of visibility and detection coverage across modern cloud and SaaS ecosystems?
Integrations: Has anyone else noticed that the ecosystem of integrations feels relatively static compared to competitors that are rapidly expanding support for new security, AI, SaaS and developer platforms?
Security Data Lake / SIEM evolution: With the market moving toward large-scale data lakes, flexible telemetry ingestion, and AI-driven analytics, where do you see InsightIDR fitting over the next few years?
I'm genuinely curious whether this is just my perception or whether other customers and practitioners have similar concerns. Are you seeing enough innovation from Rapid7 in the SIEM space, or do you think InsightIDR needs a significant modernization push to remain competitive?
Would love to hear both customer and Rapid7 perspectives.
I think you already answered/know the answer. The core solution, IDR, is SIEM/UEBA and even that is starting to feel aged by itself. Rapid7 is pushing more towards their additional products and the integrations they offer with them to provide a more in-depth āfeature richā platform. Whereas before, I felt like the platform itself included more things that seem to be getting parsed out and it seems whenever i check IDR integrations (which isnāt frequently) there are fewer and fewer and even less customizations unless you have āXā product to go along with it.
Is IDR falling behindā¦yes. By itself - i think it is and i think thatās by Rapid7ās design in order to push additional solutions ($$$).
Is Rapid7 falling behindā¦not really. They have additional solutions to help with visibility into other areas. Are they the best for everyoneās environment - thatās up for each of us to decide.
I think Rapid7 is falling behind, yes, but I also appreciate the controlled growth behind the product. Being a customer of Cisco, Microsoft, and other security products there is a rush/haste behind their development team that brings a lot of growing pains and developmental issues. Worst part of that pain is the inaccessibility to the development timeline and developers in general.
I do get the feeling that Rapid7 is trying to do a lot right now which has brought a number of bugs, but I also believe they are trying to do everything in the right way. My personal perception has been that they need more bodies working on what they want to accomplish, but I will appreciate that they donāt want to push out a product that is rushed. Especially in the AI-space, a lot of companies are pushing AI just because they want to say they have AIā¦but at the cost of it not being as helpful or effective as it should be. Other companies are just throwing it into every interaction just because itās a selling point, which unfortuantely may end up collapsing due to unstable upkeep costs after forcing it on all of their users. Rapid7 isnāt pushing that hard on these new initiatives, and Iām hoping itās strategic and not due to lack of resources.
From every interaction Iāve had with other security vendors and their engineering teams, Rapid7ās public opinion has always been a āgood companyā. They havenāt excelled in any unique aspect, but they also havenāt failed either. Theyāre just a good, reliable base. The reliability aspect of this has been a little rocky while they make larger steps in progress than averageā¦but hereās to hoping itās all worth it. My guess is that at some point in the future we will have the unified platform that they are promising and then that will be the new foundation for their growth. Unfortunately, itās just taking a lot longer than both customers and engineers have expected.