Managed Detection and Response

Rapid7’s Managed Detection and Response (MDR) service offers a combination of expertise and technology to detect dynamic threats quickly across your entire ecosystem. Our MDR service provides hands-on, 24x7x365 threat monitoring and hunting customized to your business profile, powered by Rapid7’s purpose-built technology stack. This includes the Rapid7 Insight cloud and Threat Intelligence infrastructure, in addition to our Security Operations Center (SOC) experts who work to help you remediate risks quickly, so you can accelerate your security maturity.

At its core, Rapid7’s MDR service is a strategic partnership that allows your business to strengthen your security program maturity as it relates to threat detection and response. Rapid7 MDR extends your existing team to detect, investigate, report, and recommend response actions to threats in your network. We do this through 24x7x365 monitoring by a team of security experts, leveraging proven cloud SIEM technology, cutting-edge endpoint technology, and world-leading threat intelligence to stay ahead of attackers. When engaging with this service, you’ll gain a true security partner who can provide the mentorship and guidance necessary to simplify the complexities of cybersecurity and help you securely advance your business. Our focus on advancing your current maturity level in incident detection and response layers our industry experts, workflow processes, and technology to implement our three-pronged approach:

People

Your environment is monitored 24x7x365 by world-class SOC analysts, each with years of experience building detection and response programs, and hunting for and validating threats.

SOC Analysts leverage specialized toolsets, malware analysis, tradecraft, and forward-looking collaboration with Rapid7’s Threat Intelligence researchers to make detection and remediation of threats possible. The Threat Intelligence researchers are constantly monitoring our MDR customer environments, as well as the global threat landscape to enhance the MDR team’s detection methodologies.

These teams are augmented by your Customer Advisor (CA), who is your interface with the Rapid7 SOC and Threat Intelligence teams. Your CA will provide suggestions on managing your technical environment while offering tailored guidance and recommendations specific for your business to accelerate your security maturity.

Technology

The Rapid7 Managed Detection and Response service is powered by the Rapid7 Insight cloud, with endpoint data collected from the Insight Agent, a lightweight yet powerful software you can install on any asset—whether in the cloud or on-premises—to collect endpoint data from critical and remote assets across your IT environment.

The data passed to the analyst team by the Insight Agent allows the MDR analysts to get as close to the attacker as possible and perform endpoint investigations and threat hunts with system-level visibility. Combined with our Gartner-ranked cloud SIEM, InsightIDR, this endpoint data is parsed against real-time threat intelligence insights from the Rapid7 customer base and sophisticated behavioral analytics (tuned with an in-depth understanding of your business) to uncover threats across your internal network and cloud services.

Additionally, InsightIDR allows the MDR SOC team to integrate feeds from your existing security infrastructure, giving the Rapid7 MDR team even greater visibility into possible threats across your environment. As a customer of Rapid7 MDR, you’ll have full access to InsightIDR, giving you visibility into the product and investigations and the ability to learn from the tool.

Process

Our expertise and technology reveals its true power when a threat is detected. Our MDR SOC analyst team uses a series of detection methodologies to validate each threat by gathering context related to the alert from your endpoints and logs to assess severity. Then we’ll only report the true, real threats and suspicious lateral movement, and provide prioritized recommendations (e.g. containment, remediation, and mitigation actions) for your team in the form of a Findings Report. The result: MDR customers quickly identify and respond to attacker activity without wasting time investigating a mountain of false alerts.

What You Can ExpectRapid7’s approach ensures that there is full visibility and an organized response to incidents that occur in your environment. This encompasses four areas of service delivery with Rapid7 MDR:

Incident Detection & Validation

• 24/7/365 Monitoring
• Proactive Threat Hunting
• Initial Compromise Assessment
• Investigations of Threats and Alerts
• Alert Validation

Technology Access

• Full Access to InsightIDR Capabilities
• SIEM
• UBA
• ABA
• EDR
• Deception Technologies
• Deployment Assistance Included
• No Additional Data Charge

White Glove Service

• Named Customer Advisor
• Threat Intelligence Team
• Custom Threat Profile
• As-it-happens Findings Reports
• Monthly Hunt Reports
• Monthly State of Service Reports
• As-it-happens Proactive Threat Reports

Incident Response & Escalations

• Process for Containment, Remediation and Mitigation of Threats
• Two Incident Escalations Included
• Slas for Threat Notification

• Read more
• Your Advantages With Rapid7 MDR