Category: Managed Threat Complete

Why MDR In 2025 Is About Scaling With Purpose

Forrester recently released “The Forrester Wave™: Managed Detection and Response (MDR) Services, Q1 2025,", highlighting the top 10 MDR providers out of more than 600 worldwide. While we’re honored to be recognized in such a competitive market, Rapid7’s designation underscores a fundamental difference in perspective: our customers consistently tell us that their top priority is cost-effective, comprehensive security operations at scale. They need contextually risk-aware attack surface visibility and protection without incurring exorbitant expenses, and that is precisely where we excel.

Our Mission: Monitor 100% Of What Matters—Affordably

The Wave places a premium on detection engineering and coverage breadth. We agree that those factors matter, but for most organizations, success lies in balancing coverage breadth and depth, seamless scalability, and cost constraints. You shouldn't ingest data for the sake of it—doing so drives spiraling costs and complexity. Instead, you need measured, focused monitoring of the specific data that impacts your risk profile.

What sets Rapid7 apart is our deeper understanding of the attack surface—we collect and integrate more data about the state of each customer’s environment than any other MDR provider. By honing in on meaningful, high-fidelity sources rather than chasing noise, our platform minimizes false positives and unnecessary overhead, ensuring you get the best possible visibility.

A Deeply Integrated Approach: The Key To Scalable Security

Modern security operations demand an ecosystem that brings together data from not only your endpoints, but also your networks, clouds, identities, and third-party tools—without a budget meltdown. Rapid7’s Command Platform was built precisely for this purpose, anchoring on our Next-Gen SIEM and a flexible architecture that is both data-rich and cost-conscious.

Uniquely, we deliver a fully integrated MDR experience from end to end:

  • Native SIEM Capabilities: Our platform correlates data across multiple attack surfaces, from the endpoint to the cloud, natively and in real time.
  • Deep Tech Synergy: The same models that power our vulnerability management and attack surface analytics fuel our MDR, so you gain actionable insights without juggling multiple, disconnected vendors.
  • In-Platform Partnership, Faster Resolution: Collaborate directly within the Command Platform with security veterans from our global SOC to augment internal teams and  accelerate investigations, reduce time to remediation, and build long-term resilience.

People + AI-Driven Efficiency: More Than Just Buzzwords

At Rapid7, AI isn’t a marketing tagline. We take a deliberate, responsible approach to AI and ML, building AI to power tangible improvements for our customers:

  • Faster, High-Fidelity Detections: Through machine learning on massive volumes of behavioral data, we pinpoint real threats quickly and effectively.
  • Enhanced Analyst Experience: Our AI-assisted investigations spotlight suspicious activity, giving our team immediate, context-rich information that saves you from chasing endless false positives.
  • Transparent Partnership:We don’t hide behind a “black box.” Our security analysts operate out of the same platform and share their findings with you in real time—creating a genuinely collaborative environment rather than an outsourced service.

Going Beyond The Wave: A Blueprint For Resilient Security

  • A True Partnership Model, Including Unlimited Incident Response: Our team acts as an extension of your own, giving you full-scale incident support at no extra cost. Security emergencies don’t respect budget approvals, so neither do we.
  • Unparalleled Insight Into The Attack Surface: We combine comprehensive visibility (both external and internal) with continual intelligence on attacker techniques, providing deeper context on potential exposures. Stay tuned for more announcements in this area.
  • Community Focus: Rapid7 proudly supports the broader cybersecurity community through key open-source projects like Metasploit and Velociraptor, keeping us close to innovative researchers and practitioners worldwide.

What’s Next: Continued MDR Innovation

We recognize some organizations may look at our placement in the Wave and wonder about Rapid7’s future roadmap. Rest assured, we’re just getting started:

  • Extended Cloud & Identity Threat Coverage: From AWS to Azure to Google Cloud—and major identity platforms—we’re broadening our detection capabilities to reflect attackers’ evolving tactics.
  • AI-Driven SOC Investments: Our upcoming releases significantly reduce alert noise and speed up investigations, leveraging context-based threat intelligence tailored to your specific environment.
  • Deeper Integrations and Partnerships: We’ll continue building alliances with leading technologies so your existing tools—alongside our Command Platform—deliver holistic security without the bloat.
  • See and Secure Your Attack Surface: Upcoming releases deepen our visibility into customer environments to secure the entire digital estate.

These enhancements begin rolling out next month, and we can’t wait to share how they further advance automated detection, rapid response, and proactive risk mitigation.

The Bottom Line: Effective, Affordable, and Scalable MDR

We prioritize what we know customers need. We’re focused on delivering a scalable, cost-effectiveMDR service that partners deeply with your team to optimize long-term resilience. If you need MDR that goes far beyond just the endpoint and beyond just outsourced alerting—and want to maintain your budget without sacrificing innovation—Rapid7 stands ready to transform your security operations.

Ready to explore how Rapid7 MDR can fit your needs?
Check out our Managed Threat Complete solution or reach out to our team to learn how we can help scale your success. Let’s move past the checkbox approach to MDR—together.

What’s New in Rapid7 Products & Services: Q4 2024 in Review

This quarter at Rapid7 we continued to make investments across our Command Platform to provide security professionals with a holistic, actionable view of their entire attack surface - from Exposure Management to Detection and Response. Below, we’ve highlighted key releases and updates from the quarter across our products and services, including the new Platform Home Navigation experience, extensibility enhancements to Exposure Command and Surface Command, expanded MXDR support, and 2024 threat landscape trends from Rapid7 Labs.

Accelerate security efficiency and results with Rapid7’s Command Platform

In October, we released our revamped, modernized Command Platform home navigation experience for all users, providing a more cohesive, efficient flow for our users and increased visibility between Rapid7 products and capabilities. Now, viewing security program metrics across your suite of Rapid7 products is easier than ever before—so you can spend less time navigating between products and more time making decisions with easily accessible data.

We’ll be building on this new experience in the coming year to bring iterative updates to the look, feel, and function of the Command Platform—stay tuned for more!

What’s New in Rapid7 Products & Services: Q4 2024 in Review
New Command Platform Home Navigation

Along with the navigation updates, we’ve made improvements to our user management experience. Now, teams are empowered to better safeguard data and systems with more tailored, role- and responsibility-based user access controls. This enables easier collaboration across your organization while ensuring the appropriate access level for each person.

What’s New in Rapid7 Products & Services: Q4 2024 in Review
Revamped user management experience

Achieve complete attack surface visibility and proactively eliminate exposures from endpoint to cloud

Rapid7 co-launches Resource Control Policies with AWS, Adding Support in Exposure Command and InsightCloudSec

Leading up to Re:Invent, AWS announced a powerful new feature to help organizations enforce least privilege access at scale: Resource Control Policies (RCPs). RCPs are an org-level access control policy that can be used to centrally implement and enforce preventative controls across all AWS resources in your environment.

To support this launch, we expanded our existing cloud identity and entitlement management capabilities to include dedicated, out-of-the-box checks for consistent and secure application of RCPs. Today, both Exposure Command and InsightCloudSec include these checks, enabling organizations to apply RCPs consistently and securely. Learn more here.

Shifting Left to Stay Secure with Exposure Command

Developers are at the forefront of modern cloud environments, making “shift-left” strategies essential for effective security. By addressing risks during development rather than after deployment, teams can eliminate vulnerabilities before they become costly issues.

To support our customers in executing stronger shift-left strategies, Exposure Command now offers more robust Infrastructure-as-Code (IaC) scanning and deeper CI/CD integration with Terraform and CloudFormation support across hundreds of resource types. For development teams, integrations like GitLab, GitHub Actions, AWS CloudFormation, and Azure DevOps bring security checks directly into their workflows, helping to secure code without disrupting productivity.

Streamline Vulnerability Management Across Your Entire Application Inventory with Vulnerability Groupings

Triaging scan results can be one of the most arduous and time-consuming parts of vulnerability management, but it’s also one of the most critical. Teams need to quickly synthesize results to validate exposures, prioritize response, and determine next steps for safeguarding their attack surface.

With the recent addition of Application Vulnerability Grouping, InsightAppSec customers can now visualize attacks and assess single applications or their entire application inventory at once, allowing teams to:

  • Visualize exposures with pre-triaged vulnerabilities by app and attack type
  • Identify and focus on threats in key functional areas to simplify vulnerability remediation
  • Manage application-layer risks at scale by updating the status or severity and adding comments to entire groups of vulnerabilities at once
What’s New in Rapid7 Products & Services: Q4 2024 in Review

Explore Exposure Management Use Cases via Guided Product Tours

We’re excited to introduce a new way for you to engage hands-on with core use cases across the Command Platform with our new guided product tours. These tours provide a first-hand, in-depth look at new products and features.

Today, you’ll see tours showcasing how Surface Command can help you map your entire attack surface and identify coverage gaps across your security ecosystem. You’ll also learn how you can prioritize remediation efforts and mobilize teams across your organization with Remediation Hub. Check out the available tours here, and we’ll continue to add more covering use cases across the Command Platform in the future.

Gain Insights from Products Across Your Environment Faster with Self-Service Surface Command Connector

Surface Command customers can now install connectors at their own convenience via the Rapid7 Extensions Library, making it faster and easier to gain visibility into cyber asset insights across your security and IT management tools. Customers can choose from over 100 out-of-the-box connectors to ingest and enrich asset data within Surface Command, consolidating insights from across your entire security ecosystem into one place.

What’s New in Rapid7 Products & Services: Q4 2024 in Review
Surface Command connectors in Rapid7 Extensions Library

Pinpoint critical signals and act confidently against threats with cloud-ready detection and response

A Growing Ecosystem of Cloud Event Sources in InsightIDR and MDR

At Rapid7, we understand that organizations are tasked with collecting and correlating vast amounts of data across their unique ecosystems. To tackle this, teams need faster, more dynamic mechanisms to ingest cloud data directly into their SIEM tool. We addressed this earlier this year with cloud event sources, providing a native cloud collection framework that can receive log data from cloud platforms directly - without requiring installation of collector software in their cloud and on-premise environments.

This quarter, we further expanded our list of cloud event sources by adding support for Microsoft products, including: Defender for Endpoint, Defender for Cloud, Defender for Identity, Defender for Cloud Apps, Defender O365, Defender for Vulnerability Management, and Entra ID.

MXDR: Expanded Support for Microsoft & AWS

In our Q3 “What’s New” blog, we announced the launch of Rapid7 MDR for the Extended Ecosystem (MXDR), which expands our MDR service to triage, investigate, and respond to alerts from third-party tools within customer organizations. Now, we’re excited to announce that we have updated our MXDR to support an expanded subset of detections across AWS GuardDuty and Microsoft security tools, bringing more protection to customer environments across a broader group of security tools.

Furthering our commitment to keep organizations safe and ahead of adversaries in today’s complex threat landscape, this update includes:

  • Deepened existing support for Microsoft security tools like Defender for Endpoint, Defender for Cloud, and AWS GuardDuty
  • Expanded support (via aforementioned cloud event sources) to critical alerts across Defender for Identity, Microsoft O365, Defender for Vulnerability Management, and Microsoft Entra
What’s New in Rapid7 Products & Services: Q4 2024 in Review
Example Microsoft Defender for Endpoint alert

Expanded Coverage for Next-Gen Antivirus: MacOS and Linux

We’ve extended operating system coverage for Next-Gen AV (NGAV) support beyond Windows OS to now include protection capabilities for MacOS and Linux. Now, customers utilizing NGAV don’t have to utilize multiple point systems across the operating systems within their detection surface to stop breaches as early as possible in the kill chain.

The latest research and intelligence from Rapid7 Labs

2024 Threat Landscape Statistics

This year, Rapid7’s global Managed Services team and Rapid7 Labs researchers responded to hundreds of major incidents, significant vulnerabilities, and ransomware threats—delivering emergent threat guidance, research reports, and other vulnerability and threat content for customers. See the roundup of key statistics and trends from our Rapid7 Labs team in our recent blog post, here.

What’s New in Rapid7 Products & Services: Q4 2024 in Review
Example of findings presented in the 2024 Threat Landscape Statistics: Ransomware Activity, Vulnerability Exploits, and Attack Trends from Rapid7 Labs

Emergent Threat Response: Real-time Guidance for Critical Threats

Rapid7’s Emergent Threat Response (ETR) program from Rapid7 Labs delivers fast, expert analysis and first-rate security content for the highest-priority security threats to help both Rapid7 customers and the greater security community understand their exposure and act quickly to defend their networks against rising threats.

In Q4, Rapid7’s ETR team provided expert analysis, InsightIDR and InsightVM content, and mitigation guidance for multiple critical, actively exploited vulnerabilities and widespread attacks, including:

Follow along here to receive the latest emergent threat guidance from our team.

Stay tuned for more!

As always, we’re continuing to work on exciting product enhancements and releases throughout the year. Keep an eye on our blog and release notes as we continue to highlight the latest in product and service investments at Rapid7.

Embracing a consolidated security ecosystem

From Top Dogs to Unified Pack

Authored by Ralph Wascow

Cybersecurity is as unpredictable as it is rewarding. Each day often presents a new set of challenges and responsibilities, particularly as organizations accelerate digital transformation efforts. This means you and your cyber team may find yourselves navigating a complex landscape of multi-cloud environments and evolving compliance requirements.

So how does that translate into what cyber professionals have to deal with on a daily basis?

A Day in the Life of a Security Professional

In the Trenches

The responsibility of safeguarding sensitive data and protecting that very same data can create a constant pressure to stay one step ahead – of many things. Teams defending environments often face high stress levels and tight deadlines. Unsurprisingly, the demand for skilled security leaders often outpaces the supply of personnel. This is where an array of tools and solutions are introduced to support those teams. And while there are many positives to be had, security teams are often overrun by an array of solutions and vendors, creating increased complexity and vulnerabilities in their organisation’s risk posture.

Multiple Vendors Often Means More Work

Using different vendors and solutions for various security functions can help keep things fresh, but it can also be time-consuming and cumbersome. And rather than help teams, it may lead to a decrease in performance. With each platform and tool requiring its own resources, the overall efficiency of your infrastructure and processes may suffer. These performance issues can impact critical business operations and hinder productivity. For instance, by the time you receive a threat alert, the attacker could already be hard at work.

Security analysts require a streamlined work environment that enables them to understand the root cause of alerts from any source with a single click. They shouldn’t have to waste time switching between multiple tools to investigate and remediate potential threats. And when belts start tightening and resources become scarce, managing multiple vendors with different payment cycles can become frustrating.

It pays to find ways to create a security ecosystem without sacrificing the efficacy of its components. By reducing the number of disparate cyber solutions, security professionals can optimise effectiveness and efficiency, subsequently enhancing security posture and reducing their risk profile.

What are the Benefits of a Unified Security Ecosystem?

Widening visibility into your entire IT environment strengthens threat detection capabilities, allowing security teams to minimise the impact of potential cyberattacks. In fact, 41% of organisations surveyed by Gartner say consolidating security solutions improved their risk posture. For some organisations still clinging to the status quo of best of breed solutions, consider the following consolidation benefits when trying to gain executive-buy-in.

Identify Systems and Applications at Risk

A robust vulnerability management program should be your first port of call to help identify any systems or applications potentially at risk. It provides your security team with critical insight into potential weaknesses in your IT infrastructure and overall network. Importantly, it will enable you to properly manage and patch vulnerabilities that pose risks to the network, protecting your organisation from the possibility of a breach.

Safeguard an Evolving Landscape with Real-time Monitoring

Continuous scanning and testing of applications are vital components of a robust security strategy. Consolidating your security tech stack into a centralised ecosystem offers the ability to monitor your infrastructure in real-time and receive in-depth reports for better cross-team collaboration. Actionable insight gained will give you and your security team the autonomy you need to stay ahead of evolving risks and proactively address potential vulnerabilities.

Broaden Visibility and Contextual Understanding

Avoid leaving your security team with isolated alerts that require manual investigation and correlation. Integrating data from multiple sources, including endpoints, networks, cloud environments, and applications offers a comprehensive view and analysis of threats across different layers of the IT environment. This holistic approach allows for better correlation of data across various vectors, uncovering complex attack patterns that might otherwise go unnoticed. Consider broadening your context with threat intelligence, providing information about actor groups, typical targets, TTP's, and more.

Automate Threat Hunting and Distinguish Friend from Foe

In the face of ever-evolving threats, automating threat hunting becomes a crucial capability. By integrating automation within your consolidated security ecosystem, you’ll be able to quickly discern whether incoming threats are benign or malicious. Streamlined processes allow for efficient identification of potential risks, enabling you and your team to prioritize your efforts for activities that require human effort.

Prioritize Risk and Simplify Workflows

The sheer volume of security alerts can overwhelm even the most robust security operations. A consolidated security ecosystem mitigates this challenge by automatically grouping related alerts and prioritising events that demand immediate attention. Unifying and visualizing activities in one place more rapidly identify the root causes of threats and their potential impact. Armed with this knowledge, you can assess the scope of an incident efficiently, build a timeline of the attack, and take swift, targeted action to effectively neutralize the threat.

Swiftly Investigate with End-to-end Digital Forensics

Incident resolution demands a thorough understanding of the attack's entry point and the ability to track down any traces left by adversaries. With a consolidated security ecosystem, conduct swift and comprehensive investigations using end-to-end digital forensics and review key artefacts such as event logs, registry keys, and browser history across your entire IT environment — significantly enhancing your incident response capabilities. A full view of attacker activity can help you determine the extent of the compromise, identify weaknesses in your defenses, and take appropriate remedial actions.

Coordinate Responses with Remediation and Policy Enforcement

Enable coordinated responses and future-proof defences by integrating prevention technologies across your entire tech stack. Leverage communication between various security components and take decisive action against active threats in real-time. For example, an attack blocked on the network can automatically update policies on endpoints, ensuring consistent security measures across your infrastructure. This proactive approach to security ultimately reduces the risk of successful cyberattacks.

Consolidate to Mitigate

With a rapidly changing threat landscape, consolidation offers the security improvements your organisation needs to give it the balance of power. Simplifying and streamlining your cybersecurity solutions begins with gaining visibility into your tech stack. This enables your team to identify where consolidation can improve your team’s productivity and effectiveness in detecting and mitigating risk.

How Rapid7 Can Help: Managed Threat Complete

Managed Threat Complete offers a simplified security stack, fuelling your D&R program to give you a 24x7x365 SOC, IR, XDR technology, SIEM, SOAR, threat intelligence, and unlimited VRM in a single service. This ensures your environment is monitored round-the-clock and end-to-end by an elite SOC that works transparently with your in-house team, helping to further expand your resources.

Learn more.

What’s New in Rapid7 Products & Services: 2023 Year in Review

Throughout 2023 Rapid7 has made investments across the Insight Platform to further our mission of providing security teams with the tools to proactively anticipate imminent risk, prevent breaches earlier, and respond faster to threats. In this blog you'll find a review of our top releases from this past year, all of which were purpose-built to bring your team a holistic, unified approach to security operations and command of your attack surface.

Proactively secure your environment

Endpoint protection with next-gen antivirus in Managed Threat Complete

To provide protection against both known and unknown threats, we released multilayered prevention with Next-Gen Antivirus in Managed Threat Complete. Available through the Insight Agent, you’re immediately able to:

  • Block known and unknown threats early in the kill chain
  • Halt malware that’s built to bypass existing security controls
  • Maximize your security stack and ROI with existing Insight Agent
  • Leverage the expertise of our MDR team to triage and investigate these alerts

New capabilities to help prioritize risk in your cloud and on-premise environments and effectively communicate risk posture

As the attack surface expands, we know it’s critical for you to have visibility into vulnerabilities across your hybrid environments and communicate it with your executive and remediation stakeholders. This year we made a series of investments in this area to help customers better visualize, prioritize, and communicate risk.

What’s New in Rapid7 Products & Services: 2023 Year in Review
  • Executive Risk View, available as a part of Cloud Risk Complete, provides security leaders with the visibility and context needed to track total risk across cloud and on-premises assets to better understand organizational risk posture and trends.
  • Active Risk, our new vulnerability risk-scoring methodology, helps security teams prioritize vulnerabilities that are actively exploited or most likely to be exploited in the wild. Our approach enriches the latest version of the Common Vulnerability Scoring System (CVSS) with multiple threat intelligence feeds, including intelligence from proprietary Rapid7 Labs research. Active Risk normalizes risk scores across cloud and on-premises environments within InsightVM, InsightCloudSec, and Executive Risk View.
  • The new risk score in InsightCloudSec’s Layered Context makes it easier for you to understand the riskiest resources within your cloud environment. Much like Layered Context, the new risk score combines a variety of risk signals - including Active Risk - and assigns a higher risk score to resources that suffer from toxic combinations or multiple risk vectors that present an increased likelihood or impact of compromise.
  • Two new dashboard cards in InsightVM to help security teams communicate risk posture cross-functionally and provide context on asset and vulnerability prioritization:
  • Vulnerability Findings by Active Risk Score Severity - ideal for executive reporting, this dashboard card indicates total number of vulnerabilities across the Active Risk severity levels and number of affected assets and instances.
  • Vulnerability Findings by Active Risk Score Severity and Publish Age - ideal for sharing with remediation stakeholders to assist with prioritizing vulnerabilities for the next patch cycle, or identifying critical vulnerabilities that may have been missed.

Coverage and expert analysis for critical vulnerabilities with Rapid7 Labs

Rapid7 Labs provides easy-to-use threat intelligence and guidance, curated by our industry-leading attack experts, to the security teams.

Emergent Threat Response (ETR) program, part of Rapid7 Labs, provides teams with accelerated visibility, alerting, and guidance on high-priority threats. Over this past year we provided coverage and expert analysis within 24 hours for over 30 emergent threats, including Progress Software’s MOVEit Transfer solution where our security research team was one of the first to detect exploitation—four days before the vendor issued public advisory. Keep up with future ETRs on our blog here.

Detect and prioritize threats anywhere, from the endpoint to the cloud

Enhanced alert details in InsightIDR Investigations

An updated evidence panel for attacker behavior analytics (ABA) alerts gives you a description of the alert and recommendations for triage, rule logic that generated the alert and associated data, and a process tree (for MDR customers) to show details about what occurred before, during, and after the alert was generated.

What’s New in Rapid7 Products & Services: 2023 Year in Review
Process tree details within alert details in InsightIDR

AI-driven detection of anomalous activity with Cloud Anomaly Detection

Cloud Anomaly Detection provides AI-driven detection of anomalous activity occurring across your cloud environments, with automated prioritization to assess the likelihood that activity is malicious. With Cloud Anomaly Detection, your team will benefit from:

  • A consolidated view that aggregates threat detections from CSP-native detection engines and Rapid7’s AI-driven proprietary detections.
  • Automated prioritization to focus on the activity that is most likely to be malicious.
  • The ability to detect and respond to cloud threats using the same processes and tools your SOC teams are using today with easy API-based ingestion into XDR/SIEM tools for threat investigations and prioritizing remediation efforts.

Detailed views into risks across your cloud environment with Identity Analysis and Attack Path Analysis

We’re constantly working to improve the ways with which we provide a real-time and comprehensive view of your current cloud risk posture. This year, we made some major strides in this area, headlined by two exciting new features:

  • Identity Analysis provides a unified view into identity-related risk across your cloud environments, allowing you to achieve least privileged access (LPA) at scale. By utilizing machine learning (ML), Identity Analysis builds a baseline of access patterns and permissions usage, and then correlates the baseline against assigned permissions and privileges. This enables your team to identify overly-permissive roles or unused access so you can automatically right-size permissions in accordance with LPA.
  • Attack Path Analysis enables you to analyze relationships between resources and quickly identify potential avenues bad actors could navigate within your cloud environment to exploit a vulnerable resource and/or access sensitive information. This visualization helps teams communicate risk across the organization, particularly for non-technical stakeholders that may find it difficult to understand why a compromised resource presents a potentially larger risk to the business.
What’s New in Rapid7 Products & Services: 2023 Year in Review

More flexible alerting with Custom Detection Rules

Every environment, industry, and organization can have differing needs when it comes to detections. With custom detection rules in InsightIDR, you can detect threats specific to your needs while take advantage of the same capabilities that are available for out-of-the-box detection rules, including:

  • The ability to set a rule action and rule priority to choose how you are alerted when your rule detects suspicious activity.
  • The ability to add exceptions to your rule for specific key-value pairs.

A growing library of actionable detections in InsightIDR

In 2023 we added over 3,000 new detection rules. See them in-product or visit the Detection Library for descriptions and recommendations.

Agent-Based Policy supports custom policy assessment in InsightVM

Guidelines from Center for Internet Security (CIS) and Security Technical Implementation Guides (STIG) are widely used industry benchmarks for configuration assessment. However, a benchmark or guideline as-is may not meet the unique needs of every business.

Agent-Based Policy assessment now supports Custom Policies. Global Administrators can customize built-in policies, upload policies, or enable a copy of existing custom policies for agent-based assessments. Learn more here.

Investigate and respond with confidence

Faster containment and remediation of threats with expansion of Active Response for Managed Detection and Response customers

Attackers work quickly and every second you wait to take action can have detrimental impacts on your environment. Enter automation—Active Response enables Rapid7 SOC analysts to immediately quarantine assets and users in a customer’s environment with response actions powered by InsightConnect, Rapid7’s SOAR solution.

Active Response has you covered to quarantine via our Insight Agent, as well as a variety of third-party providers—including Crowdstrike and SentinelOne. And with MDR analyst actions logged directly in InsightIDR, you have more expansive, collaborative detection and response faster than ever before. Read what Active Response can do for your organization—and how it stopped malware in a recent MDR Investigation—here.

What’s New in Rapid7 Products & Services: 2023 Year in Review
Active Response in action: Rapid7 MDR analyst activity logged within InsightIDR Investigations timeline

Velociraptor integrates with InsightIDR for broader DFIR coverage

The attack surface is continually expanding, and so should your visibility into potential threats across it. This year we integrated Velociraptor, Rapid7’s open-source DFIR framework, with our Insight Platform to bring the data you need for daily threat monitoring and hunting into InsightIDR for investigation via our Insight Agent.

This integration brings you faster identification and remediation, always-on monitoring for threat activity across your endpoint fleet, and expanded threat detection capabilities. Read more about what this integration unlocks here.

What’s New in Rapid7 Products & Services: 2023 Year in Review
Velociraptor alert details in InsightIDR

Stay tuned!

As always, we’re continuing to work on exciting product enhancements and releases throughout the year. Keep an eye on our blog and release notes as we continue to highlight the latest in product and service investments at Rapid7. See you in 2024!

Proactively Prevent Breaches with Expanded Endpoint Protection in Rapid7 MDR

Working with thousands of security and risk professionals across the globe, we know that complexity is the top challenge SOCs are facing today. As the attack surface rapidly expands, security teams need more effective ways to keep pace with digital transformation and get out of the cycle of constant reactive fire drills.

So, we have expanded endpoint protection within our leading MDR service, Managed Threat Complete, to include native next-generation antivirus (NGAV) and DFIR powered by our universal Insight Agent.

Building on the powerful vulnerability scanning, high efficacy threat detections, and rapid containment we deliver on the endpoint today, these new capabilities help unlock critical efficiency and consolidation teams need to gain control over their dynamic attack surface.

We’re also excited to integrate Velociraptor directly into InsightIDR. The integration empowers security teams to easily collect, query, and monitor virtually any aspect of their endpoint fleets with leading digital forensics and incident response (DFIR) technology and playbooks. Already a key tool used by our Incident Response consultants in every single Incident Response engagement, customers can now experience the power and insight Velociraptor brings on the endpoint, directly in the product.

Plus, Velociraptor now uses an expressive query language (rather than code), which makes it faster and easier to share custom detections with the open source community. This helps SOC teams root out new threats more quickly, while demonstrating our continued support to open source.

Rapid7 MDR: Full coverage, single trusted partner

A Gartner study found that 75% of organizations pursued security vendor consolidation in 2022, up from 29% in 2020. And we understand why. Rapid environment expansion and constantly escalating threats—combined with a growing skills gap—have left security professionals on their heels and over-indexed on reactive measures alone. Adoption of point solutions to keep up change has resulted in more noise, inefficiency, and burnout. Previous SecOp approaches are broken - there has to be change.

Rapid7 tackles complexity head-on with a more proactive approach to security operations. By unifying relevant exposure management, external threat intelligence, and now prevention capabilities we are able to get ahead of risk and eliminate breaches earlier. This also reduces the noise and alerts downstream, enabling high efficacy threat detection, and accelerated response. With Rapid7, customers can feel confident they are covered from endpoint to the cloud, across both known and unknown threats.

While the attack surface grows, endpoints remain a critical foot in the door and target for attackers. Rapid7 delivers full threat lifecycle coverage on the endpoint via our lightweight agent, including:

  • Anticipate threats to prevent breaches earlier with leading vulnerability management and Next-Gen Antivirus.
  • Rich telemetry, unique intelligence, and curated content drives high efficacy detections.
  • Full kill chain visibility and streamlined automation contain threats faster than ever.
  • Robust forensic insights for expedited investigations and advanced hunting powered by Velociraptor.

Looking Ahead: Proactive Ransomware Prevention

As Rapid7 continues to invest in the most complete endpoint solutions, it will be addressing one of the most pervasive threats organizations face today: ransomware. Leveraging a patented approach from the integrated Minerva technology, these future capabilities will be able to recognize the earliest signals and behaviors to identify and intercept headline-making attacks before they are able to execute.

Rapid7’s incident response team is currently using this technology in the field, and soon these powerful capabilities will be available to rapid7 MDR customers. You can learn more about how Rapid7 protects endpoints here.

What’s New in Rapid7 Detection & Response: Q2 2023 in Review

We are excited to share another quarter of new Detection & Response capabilities and improvements. As we continue to innovate across our platform, we thank our customers for continuous insight, engagement, and direction.

Keenly focused on our mission to deliver solutions for consolidated, end-to-end security operations and a practitioner-focused experience, Rapid7 recently introduced Managed Threat Complete (MTC), which brings together our leading MDR service and industry-leading vulnerability management technology, enabling customers to level up their detection and response programs with complete coverage and a team of Rapid7 experts.

At the core of MTC is InsightIDR (IDR), our cloud-native XDR technology that cuts through the noise and enables practitioners to focus on what matters most. Read on to learn about recent updates to MTC and IDR, including Log Search Open Preview, which is now the default experience for users, and support for AWS AppFabric.

New Faster and Streamlined Log Search Experience Is Live!

We are always striving to drive greater efficacy, productivity, and efficiency for our customers–and since querying data is such a huge part of security practitioners’ day-to-day, Log Search is always a significant area of focus. We are excited to officially introduce our new Log Search experience, which is now live and available for all InsightIDR and MDR customers.  This new experience delivers a faster and more simplified UI, while also unlocking more paths to build sophisticated queries and dashboards. Highlights include:

  • Easily Access Saved Queries: Identify, capture, edit, and share saved queries via the new Log Search interface. The “home page” gives you single-click access for all search-related activities.
  • Refine Detection Rules From Search: Refine existing or create new detection rules directly from queries.
  • Master Visualizations: Tweak and perfect visualizations before they are added to dashboards.

Expanded Partnership with Amazon Web Services (AWS) Improves Cloud D&R Efficiency

As part of our continued commitment to helping customers secure cloud infrastructure, InsightIDR now supports AWS AppFabric, which quickly connects SaaS applications for streamlined security management using a standard schema. By ingesting logs from AppFabric, customers have improved visibility into SaaS app activity and the ability to centralize security data within the Insight Platform—and ultimately, detect and respond to cloud threats faster. For additional information, see Rapid7’s recent press release and blog post on this exciting news.

More Flexibility for Detection Rule Exceptions

We take pride in the fidelity of our out-of-the-box Detection Library while recognizing our customers’ need for flexibility to prioritize threats, fine-tune alerts, and manage detection exceptions for their unique environments. InsightIDR users can now use exceptions to modify and prioritize detection rules for specific users and asset levels. When creating an exception, users can convert the key-value pair into Log Entry Query Language (LEQL) for more specificity. The ability to write exceptions with multiple conditions in a single query saves valuable time and allows analysts to fine-tune specific detections where applicable. To learn more about leveraging LEQL for more complex tuning capability, read the documentation.

What’s New in Rapid7 Detection & Response: Q2 2023 in Review

API Event Source for Palo Alto Cortex XDR Accelerates Triage

A new API integration enables customers to ingest alerts from Cortex XDR into InsightIDR, providing an easy and secure way to triage PAN alerts. Users can set up a new event source to request incidents from the Incidents API within Cortex XDR and generate third-party alerts. Find configuration details here.

Insight Agent Updates Improve Monitoring and Management

Velociraptor Version Release

Rapid7 is excited to announce version 0.6.9 of Velociraptor–the premier open-source DFIR platform. Enhancements include direct SMB support, improvements to the GUI and the VQL scripting language, and the introduction of “lock down” server mode. Learn more in the blog.

MSSP Multi-Customer Investigations Support Prioritization Efficiency

MSSPs now have access to an enhanced multi-customer investigation experience that improves the customer management workflow for analysts and increases the speed of investigations.

What’s New in Rapid7 Detection & Response: Q2 2023 in Review

The new interface enables MSSP analysts to manage customers at scale. They can see a list of all of their customers in a single view, click into each individual customer to manage their investigations, and switch between managed customers without leaving InsightIDR. Learn more in the documentation.

What’s New in Rapid7 Detection & Response: Q2 2023 in Review

Attacker Behavior Analytics (ABA) Detection Rules

In Q2, we added 1197 new ABA detection rules for threats. See them in-product or visit the Detection Library for actionable descriptions and recommendations.

Stay tuned!

We’re always working on new product enhancements and functionality to ensure teams can stay ahead of potential threats and respond to attacks as quickly as possible. Keep an eye on the Rapid7 blog and the InsightIDR release notes to keep up to date with the latest Detection and Response releases at Rapid7.

Standardizing SaaS Data to Drive Greater Cloud Security Efficacy

The way we do business has fundamentally changed, and as a result, so must security. Whether it’s legacy modernization initiatives, process improvements, or bridging the gap between physical and digital—most organizational strategies and initiatives involve embracing the cloud. However, investing in the cloud doesn’t come without its complexities.

When organizations adopt new technologies and applications, they inadvertently introduce new opportunities for attackers through vulnerabilities and points of entry. To stay ahead of potential security concerns, teams need to rely on data in order to get an overview of their environment—ensuring protection.

Where this becomes a bigger challenge is two fold:

  1. Security professionals need to secure SaaS applications, but each app has its own methodology for generating and storing vital security and usage data.
  2. Even if a security team puts in the work to centralize all this data, it must be normalized and standardized in order to be usable, which creates more work and visibility gaps.

Elevating Security Posture Around SaaS Applications

As part of our continued commitment to ensuring customers stay future-ready and secure through their cloud adoption, we’re excited to announce our work with AWS on their new service that will continue the effort around data standardization. AWS AppFabric quickly connects SaaS applications across the organization, so IT and security teams can easily manage and secure applications using a standard schema.

By using AppFabric to natively connect SaaS productivity and security applications to each other, security teams can automatically normalize application data (into the Open Cybersecurity Schema Framework (OCSF) format) for administrators to set common policies, standardize security alerts, and easily manage user access across multiple applications.

For Rapid7 customers, InsightIDR will be able to ingest logs from AppFabric so security teams have access to that data—stay tuned for more! This is just one in a series of investments we are making to help secure your cloud infrastructure.

To learn more about how customers are leveraging Rapid7's elite security expertise and practitioner first platform to elevate their security program, check out our Managed Threat Complete offer.

Healthcare Orgs: Do You Need an Outsourced SOC?

Gartner predicts that 50% of organizations will partner with an external MDR (Managed Detection and Response) service by 2025 for around-the-clock monitoring. What determines where healthcare organizations fall on that 50/50 split over using an outsourced SOC? It usually comes down to their ability to adapt to the current needs of the healthcare industry.

A growing demand for improved healthcare services means more healthcare providers are turning to the cloud. But for a world built on strict regulations and literal life-or-death situations, migrating too quickly to the cloud can be a serious challenge. When healthcare teams take on cloud adoption too fast, then run the risk of:

  • Accumulating cloud services that fall through security cracks—AKA shadow IT
  • Expanding their organization’s attack surface without a means of defense, opening up more opportunities for breaches and leaks

That’s where the help of an outsourced SOC comes in. With an extra team of experts on board, healthcare organizations can secure new ephemeral environments—without putting their security teams through resource strain or burnout.

Still, it can be tough for healthcare organizations to identify when it’s time to outsource, if ever at all. Here are some tell-tale signs that outsourcing a SOC and investing in managed services is the right call.

Your Teams Are Already Overwhelmed

While most healthcare organizations have a trusted team of a few security experts, they’re usually smaller than most security teams in tech enterprises, snappy startups, or other more cyber-savvy industries. That leads to a tricky cycle of needing to do more with fewer resources.

A day in the life of a security engineer in healthcare is marked by a seemingly endless game of catchup—one that doesn’t support speed, efficiency, or a successful migration to the cloud.

If your organization’s security teams are:

  • Struggling to find qualified talent
  • Overwhelmed by firefighting every single incident on their plate
  • Tired of combing through seas of alerts—some of which are false positives
  • Burned out by carrying out repetitive and mundane tasks that could be automated

You’re Super New to the Cloud

Healthcare security teams are typically IT or network pros who are well-acquainted and well-trained to defend traditional environments. However, there may be knowledge gaps when it comes to healthcare’s approach to cloud security. But with global cyber attacks on healthcare organizations rising 74% per week in 2022, security teams have no time to waste learning how to protect cloud environments.

Investing in the right education and training for healthcare’s traditional security pros simply takes time and effort that many organizations can’t afford to waste. But with an external SOC, security teams can:

  • Rely on cloud security experts to handle the trickiest parts of the process
  • Learn as they go with the guidance of seasoned professionals
  • Gain strategic guidance and insights to help take their security program to the next level

You’d Benefit From Automated Processes but Struggle To Implement Them

Automation is the key to boosting your cloud security program and iterating it at scale. For healthcare, automation provides the biggest benefit in ensuring that strict compliance regulations—like HIPAA—are met. That spells good news for stakeholders, who are typically most concerned with meeting standards and maintaining compliance.

With automation, security teams in healthcare can:

  • Configure guardrails ensuring new assets and environments adhere to regulations and compliance standards
  • Set up automated alerts that indicate when standards are not met

However, implementing automation, especially if your organization’s new at it, can seem like a hefty investment and a daunting task to accomplish. It’s time to enlist the help of an outsourced SOC if your security teams:

  • Have limited or no experience with automation
  • Are still manually handling a lot of rote but necessary tasks
  • Know where duties get repetitive but don’t know what to do about it

That way, external cyber experts can set up automated guardrails, teach your teams how they work, and eliminate tedious, manual work.

Next Steps With Outsourced SOCs

Organizations with limited resources and novice knowledge of the cloud can significantly benefit from teaming up with managed services. But in a sea of possible partners, knowing which experts to go with can be tough—especially when healthcare organizations have various security needs.

That’s why we built Managed Threat Complete, an always-on MDR with vulnerability management in a single subscription. Consolidate your investment in external SOCs by teaming up with our seasoned security pros today.

Learn More

For more information about healthcare cybersecurity, download our new ebook: In Healthcare (and Security) Early Detection is Key

In this eBook, you’ll learn:

  • The current state of threats in the healthcare industry
  • The top challenges in addressing those threats
  • How to overcome those challenges and implement defense strategies

Download it now!

Rapid7 Recognized as a Strong Performer in The Forrester WaveTM for MDR, Q2 2023

Rapid7 recognized amongst the top MDR providers in the industry.

As security teams try to do more with less, addressing the sprawling attack surface and monitoring the escalating threat and risk landscape, it inherently leaves them at a disadvantage. Rapid7 Managed Threat Complete empowers organizations to tip the scale back in their favor to achieve stronger security programs, end-to-end.

We are proud to be recognized amongst the top 13 vendors, as a Strong Performer, in The Forrester WaveTM: Managed Detection and Response, Q2 2023. Our goal is to build-upon and break the traditional views of MDR by uniting risk and threat detection and response with Managed Threat Complete to drive superior outcomes for our customers.

Complete Coverage. Single Solution. End-to-End.

Since day one, we’ve continuously been looking for new ways to support organizations in their effort to find and eliminate threats faster and more reliably. While traditional MDR services flooded organizations with noisy alerts and put resolution back on the customer, we saw a better path. Rapid7 is committed to being a true partner for our customers, detecting and responding to any threat, end-to-end, no matter how large or complex.

This year, we focused on empowering all organizations to gain complete coverage, unlocking a holistic security program—one that covers proactive, responsive, and strategic aspects of detection and response. We’ve combined two historically siloed pieces of security (risk and threats) to give organizations the complete picture. By focusing on a security program that is proactive, responsive, and strategic, you get smarter and more resilient over time—continuously strengthening your security.

Like all Rapid7 products and services, Managed Threat Complete is built by practitioners for practitioners. We truly want to empower security teams to focus on strategic work while we focus on their environment 24/7/365. With complete coverage and end-to-end detection and response, teams can feel confident that they’re always ready for what comes next.

Unlimited Incident Response

Traditional approaches to MDR focus on the responsive element of detection and response and miss the opportunity to help organizations build resilience and strengthen their security posture over time. As the market evolved, MDR providers drew lines in the sand. They chose to respond to alerts of a certain size, leaving the burden of hands-on-keyboard incident response (IR) attacks for organizations to handle through expensive retainers or off the street contracts with IR consultants.  We knew our customers deserved better, and we had a unique opportunity to challenge the system and provide a fully end-to-end response program.

We’ve removed boundaries to traditional MDR programs, keeping your outcomes our top priority. Rapid7 Managed Threat Complete delivers unlimited data, unlimited incident response, unlimited intelligence, and unlimited potential. From incident response with no limits, meaning no line in the sand regardless of the size and complexity, to XDR technology at the core for complete coverage, threats across your entire modern environment are eliminated.

We believe that in addition to our approach to limitless security, our robust functionality accessibility by customers caused us to receive the highest score in the Platform Capabilities criterion from Forrester.

“This has greatly increased our visibility, detection, and response capabilities for on and off-hours. The UEBA functionality of the agent is amazing as well. Overall the service is extremely valuable and well worth the price.”—Security Administrator/Analyst, Medium Enterprise Insurance Company, TechValidate

Strategic Partnership & Guidance

When it comes to partnership, we truly mean it. Work alongside global SOC experts who seamlessly act as an extension of your team from initial threat detection through triage, investigation, and response. With a Customer Advisor at your fingertips, you can further accelerate your security maturity by working in lockstep to build a strong, resilient program through regular posture reviews and program assessments.

Our MDR SOC provides context and in-depth reporting with every incident. When a forensic analysis is performed, detailed remediation and mitigation recommendations are provided to make sure organizations improve their resilience against threats over time. If a breach becomes a full scope incident response engagement, Rapid7 Incident Response consultants work with the SOC for round the clock forensic investigation, delivering your team answers to remove attackers from your environment as quickly as possible.

Forrester gave Rapid7 the highest possible scores in the Managed Investigations and Threat Hunting criteria. When it comes to threat hunting, we believe in being thorough. Rapid7 performs threat hunting on a hypothesis-driven basis—meaning our analysts (not scripts), proactively perform an analysis as new attacker behavior techniques arise. With 13 months of data stored, we’re able to dig in deep, and ensure our customers aren’t affected by the newest attacker TTPs. If we find something, our team immediately pivots into Incident Response to remove the compromise and reduce negative outcomes.

“Our program has significantly improved and I am much more confident in our overall security posture. Having the Rapid7 Managed Detection and Response team augmenting my team allows us to sleep better at night and be able to leave work knowing that we are still covered and can respond quickly if we receive an alert from the team.”—Scott Chille, CIO or equivalent IT position, Bartlett Regional Hospital, TechValidate

Consolidation for Powerful ROI

When investments are scrutinized and teams are being asked to do more with less, proving the value of a managed detection and response partner is pivotal. Teams are strained, and practitioners need consolidation to drive the efficiency necessary to be successful in today’s modern threat landscape—without sacrificing sophisticated security outcomes and the high standard for their security program. With Managed Threat Complete, organizations can drive greater efficiency and consolidation by unifying vulnerability management and managed detection and response into a single, cohesive security service.

“First off, the IDR platform is solid; great insight into what is going on in our environment. The MDR service gives us great comfort in knowing we have security engineers keeping a watchful eye on your environment as well as a resource for our internal security group. Having our main advisor/POC for monthly check-in ensures we are getting the most value out of the MDR service.”—A CISO/CSO at a Medium Enterprise - Banking, TechValidate

The Future of Detection & Response

As attackers become more pervasive and sophisticated, Rapid7 strives to close the gap for practitioners and their organizations. Our vision is to improve efficiency, efficacy, and productivity to make more sophisticated security outcomes accessible for all teams. These are a few outcomes we are driving toward in the future:

  • Enhanced Partnership: frictionless access to experts and data where, when, and how customers need it.
  • More Transparency: Ensure confidence and readiness for the modern environment, including cloud.
  • Continued Investment in Leading Detections Coverage: Maximize coverage with the Insight Agent. Enhancing endpoint investigation and hunting experience.
  • Investigation and Response: Empower faster decision making via expanded capabilities and streamlined processes.

Thank you to our customers and partners who continue to be our guiding light for our investments in our service and product. We’re excited to keep pushing the bounds of “traditional” to further empower our customers. We’ll share more around these initiatives and investments throughout the year so keep an eye out.

Rapid7 MDR Program Overview
Rapid7 MDR Buyers Guide
Gartner Market Guide for MDR
MDR vs. The Inevitable

The Next Generation of Managed Detection and Response is Here

Humans are great at adapting to change—but objectively the pace of technological change has been way, way too fast.  

Security teams manage an average of 76 different tools. Breaches have gone from “s#&@!” to “inevitable.”  That’s why we built  Managed Threat Complete to address the reality of today’s threat environment. By 2025, Gartner says 50% of organizations will decide to partner with an MDR (Managed Detection and Response) service for 24x7 monitoring.

Now, one move can consolidate and rebalance your work

Managed Threat Complete: It’s always-on MDR plus unlimited vulnerability management with a single subscription.

Combine these two historically siloed pieces of a security program, and you have a complete picture of your risk profile and threat landscape. Since the service  combines proactive, responsive, and strategic support of your program, it gets smarter and more resilient over time: a continuously-improving, virtuous cycle.

Most importantly, Managed Threat Complete lets you prove you’re building measurable capacity to be effective at detection and response—and improve the definitions of success that matter most to you. We call it the R-factor, and it measures:

  • How ready you are to react to your sprawling attack surface
  • How responsive you can be when something inevitably gets through
  • How effectively you’re able to remediate after the fact
  • How you measure your results and show provable outcomes
The Next Generation of Managed Detection and Response is Here

Forrester Consulting did the math on Rapid7 MDR, and you win

Forrester’s June 2022 Total Economic Impact™ study commissioned by Rapid7 found that Rapid7 MDR produced extraordinary results:

  • 5.5x ROI over 3 years
  • <3 month payback
  • 90% reduction in the likelihood of a breach

While your team methodically reduces your risks with unlimited VRM scanning, Managed Threat Complete gives you a full team of SOC experts dealing with threats in your environment using advanced XDR technology. And that means really responding, remediating, and making your organization safe and secure—no matter what.

It’s MDR so different, think of it as MDR 2.0.

Typical MDR vendors will simply alert a CISO to a problem. If you’re breached, they’ll tell you to hire an outside Incident Response firm to take it the rest of the way.  Managed Threat Complete gives you unlimited Incident Response (the same level you’d get with an IR retainer) included, with DFIR professionals already embedded on your team.

Typical MDR vendors charge by data ingestion and retention. We prioritize visibility into your environment so our analysts can detect and respond without compromise.

Typical MDR vendors take a black box approach to their technology. But with Managed Threat Complete, we give customers unlimited access to our cloud-native XDR technology, sprawling detections library, all of it. See transparently into what your Rapid7 MDR partners are doing. Run your own investigations and threat hunting. Log in once a day or once a year, it’s at your fingertips.

Managed Threat Complete delivers a holistic approach to risk and threat management, so you can consolidate costs and be ready for whatever comes next.

Managed Threat Complete

Focus on proactive, strategic work, while our team delivers 24/7/365, end-to-end detection and response.

LEARN MORE