Author: Mikayla Wyman

Unlock 24/7 SOC Coverage: Rapid7 MXDR Now Supports with Microsoft Security Products

In today’s complex threat landscape, organizations need every advantage at their disposal to stay secure–starting with maximizing the tools they already have within their ecosystem. With the launch of Rapid7 MXDR’s SOC support for key Microsoft security products, we’re making it possible for organizations to layer security defenses and amplify outcomes by combining their existing Microsoft telemetry with the 24x7 coverage, broad security ecosystem telemetry and in-depth expertise of Rapid7’s MXDR service.

By connecting directly to key Microsoft event sources—like Microsoft O365, Defender for Cloud, Defender for Endpoint, Defender for Vulnerability Management, Defender for Identity, and Entra Identity—MXDR amplifies detection, visibility, and response capabilities across the technology you rely on, without needing additional infrastructure or complex setups. From uncovering hidden threats to responding to incidents faster, this integration leverages Microsoft’s event data to help security teams achieve 24x7 comprehensive Microsoft coverage throughout their tool stack.

Organizations of every size can now harness the best of both worlds: the familiarity and depth of their Microsoft environment and the advanced detection, correlation, automation, and forensic response capabilities of Rapid7’s MXDR service.

Importance of Microsoft Event Sources in Today’s Threat Landscape

Microsoft tools are foundational in many organizations’ tech stacks, and help teams collect  security-critical data that can enhance threat detection and incident response. Without an integrated technology stack and 24x7 SOC triage, investigation, and response coverage across the Microsoft tools that teams already rely on, normalizing inputs and pinpointing real signs of attacker behavior can be nearly impossible for teams of all sizes.

By supporting Microsoft event sources as a layer on top of native telemetry provided through the Rapid7 Detection Engine, we’re making it easier for security teams to correlate data across their environment from key areas in their Microsoft toolset.

Teams can now customize their Rapid7 MXDR support to cover triage, investigation, and response to threats across key Microsoft Security tools, including:

  • Microsoft Entra Identity Protection
  • Microsoft Defender for Identity
  • Microsoft Defender for Cloud
  • Microsoft Defender for Endpoint
  • Microsoft Defender for O365
  • Microsoft Defender for Vulnerability Management

By incorporating support for Microsoft security tools, Rapid7 MXDR maximizes your existing Microsoft investment, helping your security team stay agile and resilient in the face of an ever-evolving threat landscape.

Maintaining our Commitment to Securing Your Attack Surface

We’re on a mission for our MDR service to bring unified visibility to the attack surface and comprehensive defense capabilities to your security program. By extending 24x7 expert SOC coverage to Microsoft Security tools, we’re bringing:

  • Customization through integrating the tools you already rely on with Rapid7’s native telemetry to create a tailored service that layers alert data and accelerates response.
  • Visibility from both native and existing tool telemetry, to eliminate blind spots and respond rapidly to abnormal and malicious activity across your entire attack surface​.
  • Broader response capabilities by extending the insights for the Rapid7 SOC to respond to and contain malicious behavior before it can cause harm to your environment, business, and brand.

Getting Started

As we extend our MXDR service with more comprehensive coverage to meet security teams where they are, we’re excited to partner with you to secure your extended ecosystem. If you’re a Rapid7 MDR customer, reach out to your account team to learn more about our extended coverage. If you’re not a Rapid7 MDR customer yet, request a demo here.

Expanding the Security Horizon: Introducing Rapid7 MDR for the Extended Ecosystem

As the cybersecurity landscape gets more complex, the stakes for keeping organizations safe have never been higher. Security teams are tasked with keeping ahead of new ransomware groups, rapidly evolving adversary tactics, and their dynamic attack surface as their business grows. Security organizations' scope of responsibility has swelled as their tech ecosystem has sprawled, with the average team now managing 45 security tools in their environment.

Managed detection and response (MDR) services can be a life raft for many teams looking to extend their team with expert support and 24x7 coverage. But traditional MDR needs to evolve to accommodate the widening attack surface and security scope.

Our Rapid7 MXDR service has always been built on InsightIDR, our native SIEM and XDR technology, operationalizing telemetry across the customer environment —endpoint, cloud, identity, and network. This multi-layered approach is critical in today’s environment, where advanced threats require rapid identification and response across the entire ecosystem.

Introducing: MDR for the extended ecosystem

We are proud to announce the launch of Rapid7 MDR for the extended ecosystem, extending our MXDR service to triage, investigate, and respond to alerts from third-party tools already in use within your organization. These investments will extend Rapid7’s foundational native telemetry, layering alerts from customers’ third-party point solutions like cloud service providers (CSPs), identity and access management (IAM) platforms, and endpoint protection platforms (EPPs).

This initial release will bring support for major EPPs such as Microsoft Defender for Endpoint, CrowdStrike Falcon, and SentinelOne Singularity, with plans to extend coverage to more third-party tools across cloud, identity, and network in the coming months. By integrating third-party alerts, organizations can now customize their MDR coverage to cover the unique technology environment.

What sets Rapid7 MDR apart: customization, visibility, and Active Response

By extending the Rapid7 SOC’s coverage to include alerts from third parties, we’re bringing comprehensive, robust coverage to our customers through:

  • Customization: Integrate your existing tools with Rapid7’s native telemetry to create a customized service that matches your specific environment, tailoring your MDR service to your environment, layering alert data to speed up investigations across multiple layers of your ecosystem​.
  • Visibility: By synthesizing data from both native and third-party telemetry, we’re bringing complete visibility across endpoints, cloud, identity, and network layers. This eliminates blind spots, helping you detect and respond to abnormal and malicious activity across your entire attack surface​.
  • Response: By extending the MDR service to detect, triage, and investigate third party event sources, the Rapid7 SOC has more context and information to respond to and contain malicious behavior before it can cause harm to your environment, business, and brand.
“We have been using Rapid7 MDR for our organization's cyber security needs, and I must say, it has been a game-changer. From the moment we implemented the service, we experienced a significant improvement in our overall security posture and threat detection capabilities.”
Gartner Peer Review, 2024

The best is yet to come

As we extend our MDR service, we’re excited to partner with you as the command center for your security teams. This extended delivery model brings our MDR and Managed Threat Complete customers the ability to utilize the Rapid7 SOC to triage, investigate, and respond to events happening across supported providers in their wider ecosystem, helping them command their attack surface.

If you’re a Rapid7 MDR customer, reach out to your account team to learn more about our extended coverage. If you’re not a Rapid7 MDR customer yet, request a demo here.

5 key MDR differentiators to look for to build stronger security resilience

Organizations looking to address the skills gap and bring greater efficiency as their business grows and their attack surface sprawls are turning to MDR providers at an accelerated pace. We’ve seen predictions from top analyst firms signaling the rapid rate of adoption of an MDR provider by 2025.

This isn’t just a shift to more organizations using MDR providers — teams are asking their MDRs to do more. More scope, more response, and more coaching along the way.

But with added complexity, identifying the right MDR provider can be harder than ever. In this blog, we’ll explore the top service trends of the most effective MDR providers in the space, and what you should look for to bring increased value to your SOC.

Trend 1: Approach service like a partnership

No one knows your environment, your employees, and your business practices like you do. MDR providers who promote a hands-off service delivery are leaving a lot of critical components on the table.

An effective MDR provider should work as an extension of your team, with a unique understanding of your specific environment and who feel accountable for your security outcomes.

One size fits all isn’t an approach that’s scalable over time. A security team that will help you grow, will customize your service, and help guide you to your organization's specific goals is an essential choice.

Trend 2: Don’t stop when a breach is “too large” to be covered

The goal of any good MDR is to keep organizations safe from a breach. But breaches are so frequent and ominous, they’re now referred to as inevitable. So what happens when the worst happens, and there’s an active breach in your environment?

Many MDR providers in the space will say it’s time to call in an IR Consulting firm (or pay for theirs) to take over the investigation and breach response. Anyone else hearing the unwelcome chime of a 90s cash register?

The “R” in MDR is important. How will a provider actually respond if there is an active breach? Will they ask for more money to continue their investigation as breach response? Will they pawn you off to someone else? Or will they continue to investigate, providing deep forensic analysis to eradicate the attacker and mitigate data loss or stop ransomware as part of your existing service? We know what we’d choose.

Trend 3: Build on next-gen technology that allows users full access

Many MDR providers are built on top of technology. Some monitor the technology you bring to them, while others use a 3rd party tooling set that isn’t accessible to the end user.

When it comes to your organization's security posture, accessing the technology isn’t just a nice to have. Having transparency into your MDRs operations, and the ability to truly use the tech — building reports, searching logs, customization, and the ability to perform investigations — is an incredibly valuable feature.

Partners who use this model not only bring visibility and access to their customers, they allow their customers to grow their program with their service. Sure, you should be catching attacker behavior in your environment, but the partners who can help build resilience over time, and give access to the technology that they can take over should they want to build their program in-house, becomes another long-term asset.

Trend 4: Bring visibility into the internal and external attack surface

Knowing where your organization is vulnerable is imperative to keeping it secure. The more proactive you can be, the less you’ll have to respond to, shrinking your attack surface and keeping your team ready to react to the most critical attacker signals.

Including exposure management, by way of vulnerability risk management (VRM) or similar tool sets, provides your team the ability to harden defenses and identify the attacker signals early to prevent a breach before it can execute.

MDR that’s able to strengthen your security posture by staying ahead of emerging threats is going to be the most effective at helping to build your security resilience through its service delivery.

Trend 5: Deliver more ROI through consolidation of security tools

MDR providers who deliver expertise in a multitude of security areas will always be a value driver. All provide D&R capabilities and some provide D&R technology. Others include these components alongside technology and capabilities that traditionally lie outside of the D&R space.

It’s important to evaluate MDRs on the primary use cases they’re able to address within your specific environment. Do you need the ability to automate across security tools and functions? It’d be great if they could include a SOAR solution. Do you want to understand your vulnerability and risk posture across your environment and better arm your D&R program? Having a VRM program as a component of their MDR service becomes a differentiator. Do you want to have the ability to perform forensic hunts and investigations from within the platform? Including a DFIR toolset would tick the box.

When a provider can deliver across your organization's needs with a connected solution layered with high caliber expertise, the value extends beyond the traditional scope of an MDR solution.

Go Inside Rapid7 MDR: Timelines and Tick Tocks

They say by 2025, half of all businesses will turn to a managed detection and response (MDR) service. Breaches are called “inevitable” now. And even with a blank check, most companies couldn’t hire their way to tight security: the expertise just isn’t out there.

In this new eBook you’ll find real life examples of common threats handled end-to-end by Rapid7 MDR. You can check out the speed and accuracy with which our global SOC experts identify, contain, and respond to attacks.

IBM says it takes an average of 287 days to identify a breach and about 75 to contain it. You can’t do that with the kind of attackers you’ll read about here, like the lethal More_Eggs malware. Or Solarmarker, which spawns hundreds of decoy files. Or EMOTET, finally disrupted in 2021 by international action coordinated by Europol.

We think that’s probably a good way to judge MDR: how well do you handle the worst?

Read the full eBook

Download now

6 Reasons Managed Detection and Response Is Hitting Its Stride

Cyber threats have risen to the #1 concern of CEOs, which means security teams — in the hot seat for years — are really feeling it now. Files and data live in the cloud. Work is hybrid or remote. There’s turmoil around the world. Cyberattacks are not just a distant boogieman – they’re here and happening every day.

As companies try to make sure their existing security infrastructure can keep up, they confront the skills gap, a 0% industry unemployment rate, and no room for mistakes. Managed Detection and Response (MDR) is having a moment.

According to a recent ESG study, MDR is one of the fastest growing areas of cybersecurity today. A whopping 85% of surveyed organizations currently use or plan to use managed services for their security operations. And 88% say they will increase their use of managed services in the next 1-2 years.

What’s driving this move to MDR? Let’s take a look at six main factors.

1. Focus

Augmenting an internal security team means internal security personnel can focus on more strategic security initiatives rather than day-to-day operational tasks. In fact, 55% of surveyed organizations want to focus their internal security teams on more strategic initiatives rather than spend time on daily basics, the ESG study found.

By partnering with an MDR provider, alert triaging and investigations are generally taken care of by the external team. Of course, your organization still has some things you’ll need to do – partnership is the name of the game. But by working with a MDR service, security teams suddenly have more time and bandwidth to work strategically.

2. Services

ESG reports that 52% of companies surveyed believe managed service providers can do a better job with security operations than they can.

What you would once have to train your detection and response team to do, MDR providers take over. That means they’re able to detect active attackers within your environment and contain threats. Analyze incidents and provide recommendations for remediation, and apply learnings from other environments they manage to your environment to make sure you're protected from the latest attacker behaviors. Finally, good MDR providers are able to pivot into breach response if an attacker is live within your network.

To learn more about how to evaluate MDR providers on eight core capabilities, read the MDR Buyers Guide here.

3. Augmentation

About half of organizations (49%) believe a service provider can augment their security operations center (SOC) team with additional support.

Most companies that are able to build internal SOCs are generally well-funded, can afford roughly 10-12 full-time personnel, have a large array of security tools at their disposal, and have extensive processes already outlined. Sound doable? Great! If not, augmentation by way of an MDR provider is your tall glass of water.

Sign on with an MDR provider, get deployed, and your team is instantly extended. Benefits include time savings, cost savings, and experience level that most companies can't afford to hire at scale.

4. Skills

No surprise, 42% of surveyed organizations in the ESG study believe they don’t have adequate skills for security operations in-house.

MDR is more than outsourcing 24x7x365 monitoring. It’s a partnership that helps you move towards a more secure stature with guidance and expertise.

This type of partnership allows teams to contextualize metrics and reports, get a better understanding of investigations that take place within their environment, and have someone to walk through processes should an attack take place. You also have an expert in your corner during CISO, board, or executive meetings.

5. Price

40% of surveyed organizations did a cost analysis and found that it would cost less to use a service provider than to do it themselves.

We won’t sugar-coat it – partnering with an MDR service provider is expensive. But so is building out an internal team that can actually monitor and investigate within an organization’s environment round the clock.

The cost of partnering with an MDR provider pales in comparison to the cost of employing 10-12 security personnel that operate an around-the-clock SOC, and it can offer ROI much more quickly.

Check out this recent Forrester study to learn more about cost-saving outcomes of partnering with Rapid7’s MDR team.

6. Staff

Finally, ESG tells us that 35% of surveyed organizations don’t have an adequately sized staff for security operations.

Even with unlimited budget to hire a full team, it would be an incredibly labor-intensive and time-consuming process. It would be nearly impossible for most organizations to accomplish. Not only is finding qualified candidates and hiring a huge pain point, but the resources needed to onboard and train staff often aren't there.

Of course, all MDR services are not the same

Keep these three things in mind:

  • Forrester found Rapid7 MDR reduced breaches by 90%
  • Forrester found Rapid7 MDR delivered 549% ROI
  • In the event of a breach, Rapid7 MDR pivots to full-on digital forensics and incident response, no delay, no limits

Check out our full MDR Buyer's Guide for 2022 here.

Additional reading:

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.


Sharpen Your IR Capabilities With Rapid7’s Detection and Response Workshop

You’re tasked with protecting your environment, and you’ve invested significant time and resources into deploying and configuring your tools — but how do you know if the security controls you’ve put into place are effective? The challenge continues to grow as attacker tactics, techniques, and procedures (TTPs) constantly evolve. In today's landscape, a security breach is nearly inevitable.

Amid an ever-changing threat landscape, do you have confidence your tools are able to immediately detect threats when they occur? And more importantly, does your team know how to effectively respond to stop the attack, and do it fast?

While we don’t have a crystal ball to offer, we can help make sure your detection and response plan holds up against a breach.

Say hello to Rapid7’s newest incident response service: the Detection and Response Workshop.

Put your safeguards to the test with a guided attack simulation

The Detection and Response Workshop is a guided exercise led by Rapid7’s digital forensics and incident response (DFIR) experts to confirm that your team can quickly detect threats and evaluate your response procedures against a simulated attack within your environment.

This workshop isn’t a Tabletop Exercise (TTX), an IR Planning engagement, or a Purple Team exercise. We'll pit your organization's defenders against the latest attack campaigns, within the tools they use on a daily basis, to test your ability to respond when an incident happens under live conditions, without your company’s reputation at stake.

Each Workshop simulation is tailored to your specific needs and mapped to the MITRE ATT&CK Framework. Throughout the Workshop, our experts make recommendations to help strengthen your program – from existing configurations of tools, products, and devices to analysis processes and documentation.

The workshop itself is hands-on and doesn’t require current use of a Rapid7 product. Any security team can utilize this new service to understand what TTPs an adversary may use against them and make sure their program detects and responds accordingly.

Your team will leave the multi-day workshop feeling confident that you have an understanding of where and how to strengthen your existing IR process and detection and response program. You’ll receive a detailed report of the workshop, including our written assessment and recommendations to build resilience into your response program.

Rapid7 Incident Response consulting services

Security is the core of our business, and IR plays a huge role in the security landscape. Our team of DFIR experts — the same experts that respond to incidents for all 1,200+ of our MDR customers — have decades of experience under their belt that they utilize to analyze your security fit-up from all angles. Our team is complete with experts in threat analysis, forensics, and malware analysis, as well as a deep understanding of industry-leading technologies.

Knowing where your program stands is a crucial part of enhancing it, and our IR team has built specialized services to help your team build resiliency at each stage in the process. We now offer a full Incident Response Service Curriculum, allowing teams to engage in a single course for their IR goals or register for the entire curriculum.

From planning to full attack simulations, your team can level up its skills with tailored guidance and coaching through each course:

  • Course 101: Incident Response Program Development
  • Course 201: Tabletop Exercise (TTX)
  • Course 301: Detection & Response Workshop
  • Course 401: Purple Team Exercise

No matter what stage your team is in building your incident response program, our experts are able to help analyze and provide recommendations for improvement.

The Detection & Response Workshop is available now for all security teams. To learn more, talk to a Rapid7 sales representative by filling out this form today.

Additional reading:

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.