Managed Detection and Response
Rapid7’s Managed Detection and Response (MDR) service offers a combination of expertise and technology to detect dynamic threats quickly across your entire ecosystem. Our MDR service provides hands-on, 24x7x365 threat monitoring and hunting customized to your business profile, powered by Rapid7’s purpose-built technology stack. This includes the Rapid7 Insight cloud and Threat Intelligence infrastructure, in addition to our Security Operations Center (SOC) experts who work to help you remediate risks quickly, so you can accelerate your security maturity.
At its core, Rapid7’s MDR service is a strategic partnership that allows your business to strengthen your security program maturity as it relates to threat detection and response. Rapid7 MDR extends your existing team to detect, investigate, report, and recommend response actions to threats in your network. We do this through 24x7x365 monitoring by a team of security experts, leveraging proven cloud SIEM technology, cutting-edge endpoint technology, and world-leading threat intelligence to stay ahead of attackers. When engaging with this service, you’ll gain a true security partner who can provide the mentorship and guidance necessary to simplify the complexities of cybersecurity and help you securely advance your business. Our focus on advancing your current maturity level in incident detection and response layers our industry experts, workflow processes, and technology to implement our three-pronged approach:
People
Your environment is monitored 24x7x365 by world-class SOC analysts, each with years of experience building detection and response programs, and hunting for and validating threats.
SOC Analysts leverage specialized toolsets, malware analysis, tradecraft, and forward-looking collaboration with Rapid7’s Threat Intelligence researchers to make detection and remediation of threats possible. The Threat Intelligence researchers are constantly monitoring our MDR customer environments, as well as the global threat landscape to enhance the MDR team’s detection methodologies.
These teams are augmented by your Customer Advisor (CA), who is your interface with the Rapid7 SOC and Threat Intelligence teams. Your CA will provide suggestions on managing your technical environment while offering tailored guidance and recommendations specific for your business to accelerate your security maturity.
Technology
The Rapid7 Managed Detection and Response service is powered by the Rapid7 Insight cloud, with endpoint data collected from the Insight Agent, a lightweight yet powerful software you can install on any asset—whether in the cloud or on-premises—to collect endpoint data from critical and remote assets across your IT environment.
The data passed to the analyst team by the Insight Agent allows the MDR analysts to get as close to the attacker as possible and perform endpoint investigations and threat hunts with system-level visibility. Combined with our Gartner-ranked cloud SIEM, InsightIDR, this endpoint data is parsed against real-time threat intelligence insights from the Rapid7 customer base and sophisticated behavioral analytics (tuned with an in-depth understanding of your business) to uncover threats across your internal network and cloud services.
Additionally, InsightIDR allows the MDR SOC team to integrate feeds from your existing security infrastructure, giving the Rapid7 MDR team even greater visibility into possible threats across your environment. As a customer of Rapid7 MDR, you’ll have full access to InsightIDR, giving you visibility into the product and investigations and the ability to learn from the tool.
Process
Our expertise and technology reveals its true power when a threat is detected. Our MDR SOC analyst team uses a series of detection methodologies to validate each threat by gathering context related to the alert from your endpoints and logs to assess severity. Then we’ll only report the true, real threats and suspicious lateral movement, and provide prioritized recommendations (e.g. containment, remediation, and mitigation actions) for your team in the form of a Findings Report. The result: MDR customers quickly identify and respond to attacker activity without wasting time investigating a mountain of false alerts.
What You Can ExpectRapid7’s approach ensures that there is full visibility and an organized response to incidents that occur in your environment. This encompasses four areas of service delivery with Rapid7 MDR:
Incident Detection & Validation
- 24/7/365 Monitoring
- Proactive Threat Hunting
- Initial Compromise Assessment
- Investigations of Threats and Alerts
- Alert Validation
Technology Access
- Full Access to InsightIDR Capabilities
- SIEM
- UBA
- ABA
- EDR
- Deception Technologies
- Deployment Assistance Included
- No Additional Data Charge
White Glove Service
- Named Customer Advisor
- Threat Intelligence Team
- Custom Threat Profile
- As-it-happens Findings Reports
- Monthly Hunt Reports
- Monthly State of Service Reports
- As-it-happens Proactive Threat Reports
Incident Response & Escalations
- Process for Containment, Remediation and Mitigation of Threats
- Two Incident Escalations Included
- Slas for Threat Notification
Your Advantages With Rapid7 MDR
Rapid7’s MDR offering goes far beyond the capabilities of traditional Managed Security Service Providers (MSSPs), who often provide incomplete technology solutions without the required expertise to manage the systems and provide guidance. Our belief in delivering the Rapid7 MDR service is to be more than a vendor, and for our team to do more than just alert you of threats. Counter to the Rapid7 MDR offering, the typical MSSP rarely offers threat hunting, and the experience is an impersonal one-size-fits-all approach that merely focuses on detection of malware and sending sterile tickets rather than a strict focus on advancing your security program. For more detailed analysis, please review our Rapid7 MDR vs. MSSP comparison brief.
Rapid7’s Managed Detection and Response (MDR) service provides customers with five key advantages
1. Improved Security Maturity
Rapid7 MDR is positioned to meet our customers at any level of security maturity and help accelerate that maturity, not just manage a SIEM. The team—from SOC analysts to your Customer Advisor—takes the time to truly understand your business processes, environment, and industry so they can provide customized guidance at each interaction point with the MDR service. This includes tailored reporting and recommendations, with remediation and mitigation strategies that align your investment in MDR with long-term security improvement across all 20 CIS critical controls. We go above simply looking at detection and response, with advice and mentorship from your Customer Advisor.
2. Powerful Agent and SIEM Technology
MDR is powered by the Rapid7 Insight cloud, with data fed from the Insight Agent to perform endpoint investigations and hunt for threats in your environment. This lightweight Agent unifies data collection for the MDR team to effectively view and correlate endpoint data, including: detailed asset information, Windows registry information, file version and package information, running processes, authentication information, local security and event logs, and more.
This is data is encrypted at rest and in transit as it’s sent to InsightIDR for log correlation and investigation. Combined, the Insight Agent and InsightIDR provide the MDR team system-level visibility to spot real-time detections on the endpoint—the closest point to the attacker. As a customer of the MDR service, your team will have direct access to your instance of InsightIDR, giving you full transparency into our service and the ability to interact with the MDR team. Customers and their teams now have a single provider for both MDR services and SIEM/EDR technology.
3. Leading Threat Intelligence
Customer defenses leverage Rapid7’s primary threat intelligence on attacker behaviors and common indicators of compromise, all powered by Rapid7’s Managed Threat Intelligence Engine, cybersecurity research projects, vulnerability disclosures, insights from our customer endpoints, and Rapid7 SecOps Services engagements. In addition, Rapid7 leverages top third-party threat intelligence from security partners in the community, most notably Rapid7’s involvement as an Affiliate member of the Cyber Threat Alliance (CTA) with Board and Committee seats.
4. World-Class Managed Services Team
The global MDR SOC teams are composed of security experts with unparalleled experience—both red team and blue team—with an assigned, primary high-tier analyst who becomes a subject matter expert in your user behavior, endpoints, and networks. Your analyst uses this in-depth knowledge of attacker tools, tactics, and procedures to catch malicious activity early in the attack lifecycle and validate each potential threat. Each of our SOC analysts acts as an extension of your security team and tailors the MDR service specifically to your industry and your business. This includes threat hunting, validation of threats, and guidance (e.g. containment, remediation, and mitigation recommendations) for only true threats.
5. Included Incident Escalation
Rapid7 offers two (2) Incident Escalations per year, giving MDR customers the ability to engage skilled personnel rapidly in the event of a compromise.
