Managed Detection and Response

Service Overview

Our focus on advancing your current maturity level in incident detection and response layers our industry experts, workflow processes, and technology to implement our three-pronged approach: people, technology, and process.

rapid7-mdr-people-process-tech-image.jpg

 

People

Your environment is monitored 24x7x365 by world-class SOC analysts, each with years of experience building detection and response programs, and hunting for and validating threats.

mdr-people-graphic.jpgSOC Analysts leverage specialized toolsets, malware analysis, tradecraft, and collaboration with Rapid7’s Threat Intelligence researchers to detect and remediate threats. Our Threat Intelligence researchers constantly monitor our customer environments and the global threat landscape to enhance our MDR team’s detection methodologies.

These teams are augmented by your Customer Advisor (CA), who acts as your point of contact to the Rapid7 SOC and Threat Intelligence teams. Your CA is your trusted security resource, offering suggestions and guidance to mature your security program.

Technology

The Rapid7 Managed Detection and Response service is powered by the Rapid7 Insight cloud, with endpoint data collected from the lightweight, Insight Agent installed on any of your assets—whether in the cloud or on-premises—to collect endpoint data across your IT environment. The Insight Agent data allows our MDR SOC to get as close to the attacker as possible and perform endpoint investigations and threat hunts with system-level visibility.

Combined with our Gartner-ranked cloud SIEM, InsightIDR, this endpoint data is parsed against real-time threat intelligence insights from the Rapid7 customer base and sophisticated behavioral analytics (tuned with an in-depth understanding of your business) to uncover threats across your internal network and cloud services. Additionally, InsightIDR integrates feeds from your existing security infrastructure, giving the Rapid7 MDR team even greater visibility into possible threats across your environment. As a customer of Rapid7 MDR, you’ll have full access to InsightIDR, giving you visibility into the product and investigations and the ability to learn from the tool.

Process

Our expertise and technology reveals its true power when a threat is detected. Our MDR SOC analyst team uses a series of detection methodologies to validate each threat by gathering context related to the alert from your endpoints and logs to assess severity. Then we’ll only report the true, real threats and suspicious lateral movement, and provide prioritized recommendations (e.g. containment, remediation, and mitigation actions) for your team in the form of a Findings Report. The result: MDR customers quickly identify and respond to attacker activity without wasting time investigating a mountain of false alerts.

Ready to see what MDR can do for your security program?

Contact Us