Better, in more ways than one

Explore the features of the BluSapphire solution as they compare with equivalent features in Rapid7

Open data platform with native threat detection functionalities and agent-less architecture. Our Big Data lake enables seamless correlation and effortless log ingestion welcoming third-party solution management, making triage through the BluSapphire platform easy. With our multi-tenant architecture, cross-intelligence sharing becomes effortless. Discover our comprehensive in-house threat detection and response functionality.
The architecture is built upon strategic acquisitions, enabling a bolt-on approach over time. The system is flexible, allowing for the ingestion of third-party logs and the construction of analytics. However, there are limitations in threat detection across multiple layers of the organization's IT landscape. Threat response heavily relies on playbook which is a big limitation considering current threat landscape and overall assets expected within organisation.
Sensor, Log Collector - A simple VM or commodity hardware to ingest network traffic.No Firewall ports to open if outbound communication is open for all.Less than 2% of Network bandwidth consumption. BluSapphire's components do not sit in line hence, no risk of outage.
The deployment of Collectors and sensor VMs is essential. For seamless operations, Rapid7 Agent is essential. Typically, one site deployment takes less than a week. There are high volume of change requests to facilitate communication between Rapid7 agents and components in their cloud.
The Comprehensive One platform eliminates security operations silos by seamlessly integrating native threat detection components and consolidating third-party telemetry. With effortless triage capabilities, it incorporates Native Threat detection components built on NBAD, UEBA, EDR, Deception.
Initially a vulnerability management system, Rapid7 shifted strategically to focus on threat detection. This involved incorporating SIEM functionality through acquisitions. While these additions provided SIEM, UBA, and EDR capabilities, it's important to note that they are essentially bolted on, which may impact their effectiveness.The NTA capability is limited to DPI and signature matching, essentially functioning as an IDS. However, advanced attackers easily bypass firewalls and IDS systems. Additionally, with over 95% of traffic being encrypted, the system is rendered ineffective.What is needed is the ability to identify subtle malicious signals early and proactively contain threats. This can be achieved through the implementation of Network Behavior Anomaly Detection (NBAD), a capability that Rapid7 currently lacks.
Advanced Analytics
The open platform enables seamless data ingestion from any third-party source. BluSapphire's data lake operates on an open schema, ensuring a consistent data structure across different onboarded sources. This common schema facilitates efficient data management and analysis, simplifying the handling of complex data. The horizontally scalable data lake allows unrestricted data ingestion, with no limits commercialy on the number of queries or dashboards for analysis and problem-solving purposes.
Rapid7 boasts excellent analytics capabilities and also supports third-party log ingestion. However, storing the data for a longer time frame is a challenge considering cost involved. The larger the data set, the better the value of analytics.
Response functions are distributed across various components including endpoints, networks, Active Directory (AD), third-party security, and network devices or applications. There are no restrictions when working with Third Party APIs to execute response functions. REST APIs are available to facilitate seamless data exchange with third-party systems.
Analysts are typically assigned to execute IR within an hour post incident. However, there is limited flexibility to directly respond to client devices using automation through their SOAR functionality. The effectiveness of SOAR heavily relies on the playbook framework rather than being intelligent enough to respond to each attack scenario. This often results in significant manual intervention required for response, which is both time-consuming and ineffective.
The Hybrid XDR solution is built from the ground up with native components along with Third Party integrations,  providing a unified platform to detect malicious signals across cloud, endpoints, users, and networks. By significantly reducing false positives, it greatly enhances the efficiency and effectiveness of security operations.
The SIEM-driven XDR capability heavily relies on integrating third-party threat detection functionalities to identify malicious signals throughout the IT landscape. However, these third-party threat detection systems primarily share "Alert Data" and do not provide access to the raw data they analyze for identifying anomalies. As a result, the ability to triage across the organization becomes limited, creating vulnerabilities in the XDR framework and compromising the overall effectiveness of the system.
Threat Hunt
Experience industry-first agent-less hunts directly on hosts. Eliminate the risk of overlooking any artifacts during hunt exercises. Execute hunts guided by the MITRE framework and hypotheses. Create and search for your own indicators/artifacts without limitations. BluSapphire offers meticulously curated threat intelligence from over 110+ sources. You are also free to consume threat intelligence of your choice. Effortlessly conduct hunts on data stored in your data lake.
Hunts are only performed on ingested log data, which limits the overall scope of the hunt. There is also a risk of overlooking important artifacts if the log data is not completely collected, especially considering that a majority of logs are never stored in the data lake. It's important to note that threat hunts are not real-time and do not rely on behavioral analysis.
Remote Forensics
Can fetch remote forensics real time from compute devices while staying completely agent-less enabling analyst for analysis and or build assurance.
No functionality to fetch live forensics post Incident Response / remediation compromising on assurance.
Managed Detection and Response
Powered by BluHawk team - offers you a dedicated Point of contact and access to professional analyst, threat hunters, Incident response teams.
Service is super rigid when it comes to monitoring and managing 3rd party devices.
Unlimited Storage
Offers unlimited hot data storage. In Addition, BluSapphire offers flexbility in storing your data within your AWS S3 / Azure Blurb. Your data, your control at an affordable cost.
While the claim is unlimited storage - be very careful, the pricing is purely asset based with a fair data consumptin policy attached. In security, the more data - more visibility. With that, you'll start seeing surprise overage as a bill.
Contract Flexibility
No Contacting anymore - no lock-in. Pay monthly, move on if you do not like.
Contracts are always annual & hence, you’re locked in.
Time to Value
(Deployment + Tune + Ops Timeline)
Deployment closes in <48 hours, tune up & system operational in 3 days.
Deployment of Sensor, Agent and collector closes in 7 Days time. Alert streamlining takes 1.5 months.
Open to work with any exisitng technnology deployed within the organisation. With or without integration. 
Rigid working with competetor products / solutions.
Low, One platform offers you holistic coverage by identification of threat signals across user, network, cloud.
Moderate, platform offers coverage around End point, User behavior with basic Network visiblity.
High, On Average >145%
Data unavailable
Our cyber-detection capabilities increased drastically. Agentless Quarantine has improved our response times
CTO, Large Investment Firm in NYC
Dramatically improved our SOC visibility and response times, while cutting our costs significantly.
VP – Security, Tier II MSSP