From Reactive to Resilient: How Paddle Strengthened Security and Gained Clarity with Rapid7
Secure by design: Supporting global SaaS billing with confidence
Paddle helps SaaS and digital product companies scale faster by acting as their Merchant of Record (MoR), taking on the complexities of payments, tax, and compliance so they don’t have to. The company manages transactions for customers in over 200 countries and territories, removing friction and reducing risk so businesses can stay focused on growth.
That mission depends on trust. For Colin Barr, Head of InfoSec and IT, securing Paddle’s infrastructure means enabling global operations without adding unnecessary complexity or slowing the business down. With a lean team and a modern, cloud-native stack, Colin’s focus has been on building a proactive, integrated security program that scales with the business.
We’re not paying for a product, a service, or a tool. It’s the whole thing. Rapid7 has sold us a solution.
Staying ahead of threats without losing focus
As the company has matured, Colin looked to shift away from reactive security operations. Like many other organizations, his team was overwhelmed by the sheer volume of alerts coming their way – resulting in context switching, missed signals, and increased risk.The goal was to reduce alert fatigue and spend more time on projects that directly improved Paddle’s security posture. But fully outsourcing wasn’t the answer.
“We didn’t want the burden of managing alerts 24/7 to sit on the team’s shoulders,” Colin said. “But completely handing over responsibility wasn’t the right fit for us either. We needed a strategic partner, not just a provider.”
Tool sprawl was another concern. “Instead of pulling together a patchwork of point solutions, we chose Rapid7,” he said. “The different components actually work together – not only in terms of user experience, but also connecting vulnerability data and attack surface visibility with detection and response. We’re not stuck integrating tools from multiple different vendors.”
One platform, no patchwork
After a deliberate evaluation process, Paddle selected Managed Threat Complete Ultimate - a fully integrated solution that includes:
- Rapid7’s AI-powered next-gen SIEM and XDR technology for detection, investigation, and response
- Managed Detection and Response (MDR) for 24/7 monitoring and expert-led response
- InsightVM and Managed Vulnerability Management (MVM) for risk-based visibility
In addition to MTC Ultimate, Paddle also adopted Rapid7’s Managed Digital Risk Protection service. This add-on enhances their managed security program by extending visibility to the external threat landscape, including dark web intelligence and domain takedown support.
Deployment was fast. Within days, Paddle had deployed Rapid7’s lightweight agent and connected key log sources from its existing tool stack – delivering native and third party telemetry directly to the SIEM and XDR technology for monitoring by the SOC. “The rollout was fast and flexible,” Colin said. “We were able to get telemetry flowing before our onboarding calls even began and we had the option to self-start or lean on the Rapid7 team as needed.”
That balance of autonomy and support helped Paddle achieve time to value within days, with key log sources connected and agents deployed almost immediately.
Less firefighting, more fortifying
Rapid7’s SOC now handles real-time triage and alert validation. Paddle’s internal team maintains visibility and control, with access to the same tools and data used by the SOC. This level of transparency not only provides clarity around the logic used by both analysts and AI over the course of alert triage, investigation, and response – but also provides unique upskilling opportunities for Paddle’s in-house team.
“We’re co-owning the data,” Colin said. “We can be as involved as we want. When something doesn’t look right, we get that immediate escalation.”
That clarity has also freed the team to focus on engineering. From tuning detections to improving visibility across apps and OSs, they’re now spending more time strengthening controls and less time chasing noise.
“InsightIDR’s dashboards and APIs give us a clear view of alerts, investigations, and platform activity,” Colin said. “We’re using that data not just to monitor risk, but to integrate with our internal reporting workflows.”
Spoof, spotted, solved
Rapid7’s Managed Digital Risk Protection service has proven especially valuable. During evaluation, the team identified a domain impersonating Paddle. With Rapid7’s help, they launched a takedown process and resolved the issue swiftly – protecting them from potential reputational damage amongst their customers
“We’ve done this in-house through legal channels in the past. It’s time-consuming and inconsistent,” Colin said. “Now we have a defined process. If something poses a risk to Paddle, we can take action immediately, and have seen Rapid7 deliver results within hours.”
The threat intelligence team has also been highly responsive. “I’ve raised requests late at night and had a full reply waiting by morning.”
Stronger together: Security that connects
For Paddle, the biggest benefit hasn’t just been technology, it’s the combination of smart tooling, shared visibility, and strong relationships.
“We’re not buying tools. We’re buying outcomes,” Colin said. “And we’re not just outsourcing the work, we’re partnering with a team that knows our environment and shares our goals.”
That partnership includes a dedicated Cybersecurity Advisor and regular engagement with solutions engineers. With a macOS-based, cloud-native environment, Paddle doesn’t always follow the traditional IT mold, but Rapid7 adapted.
“We’ve had productive and engaging conversations about creative ways to make the tools work for us,” Colin said. “It’s not just about using the platform as-is. It’s about making it fit our needs now, and in the future.”
Scaling security, not stress
As Paddle continues to grow, their focus is shifting toward deepening end-to-end visibility across systems and driving security improvements through automation. The team is continuing to, on the Rapid7 platform, streamline how information flows between cloud services and internal tools - making it easier to track, report, and act on key risks.
Long term, Colin sees connected context across the Rapid7 platform as a key advantage. “The context sharing between these layers is what lets us make better, faster decisions,” he said.
With Rapid7, Paddle isn’t just reacting to threats, they’re building a security program that supports growth, empowers their team, and builds trust across the business. Rapid7 is there for that.
