For urgent Incident Response help, call your number below or get in touch via the link.
US IR Hotline: 1-844-RAPID-IR
UK IR Hotline - 0-800-069-8753
Switzerland IR Hotline - 0800-838-238
Australia IR Hotline - 1-800-145-596
We built our MDR service to be unlike any other, providing you with a true Incident Response partner when you need it. That means that for any security incident – minor or major – our MDR team delivers the same level of Incident Response expertise you’d get with an IR Retainer, at no additional cost, and without limits.
Incident Response relies on multiple sources of telemetry to retrieve forensic artifacts and analyze data. If breached, we can pivot directly into IR, utilizing technology already deployed in your environment.
Unlimited Incident Response means no cap to hours worked, DFIR Consultant engagement, size of breach, or complexity. If you’re an in-scope MDR customer, you’re covered.
Faster response and round-the-clock investigation. The outcome is less of a risk to business continuity and customer trust. We’re all about keeping your outcomes our priority.
When a security team detects a threat, its essential organizations are ready for what comes next. That requires having a tightly coordinated incident response plan (IRP) and sequence of actions and events assigned to specific stakeholders on a dedicated incident response team. Some businesses may have their own in-house team, some may outsource their incident response services, while others might take a hybrid approach where they outsource technical analysis but manage the rest of the IRP in-house. Either way, this team should train and plan for these incident response events well before any trouble rears its head.
An incident response plan delineates steps to be taken, and by whom, when a breach or security crisis occurs in an organization. A robust response plan should empower teams to leap into action and mitigate damage as quickly as possible. Emergency responders go through regular training simulations and process checks, so when a situation arises they know how to act almost by muscle memory. Information security teams would be wise to follow their example: When an emergency occurs, you don’t want to waste time figuring out incident response processes and procedures while precious minutes are ticking away. Having a plan in place becomes paramount.
There’s a great deal of groundwork that can be done ahead of time to reduce complexity and risk during an emergency. An incident response plan should include:
The key here is “quick.” If you don’t have the internal expertise or resources to conduct a quick response, or your toolset isn’t giving you the information as quickly as you need it, then you may want to look into external incident response services to help address these gaps and speed up your incident response times. (Make sure to include this external team in any drills you conduct!)
Remediation and cleanup: Detailed recommendations to get you back to normal including how to remove all attacker remote access capabilities, restore prioritized business processes and systems, and secure compromised user accounts.
The team of Incident Response Consultants at Rapid7 hold many certifications and are at the front line of defense for thousands of customers.
The ‘in-scope environment’ refers to the assets (and supporting infrastructure) you have licensed for MDR or MTC. Incidents eligible for incident response are compromises of customer’s in-scope systems or data, as confirmed or reasonably suspected by Rapid7. Rapid7 will not respond to an incident that occurs in an environment that is not in-scope. All incident response services will be provided remotely.
After successfully responding to an incident, it's not time to rest just yet. The incident response team should conduct a post-mortem to learn from the experience—both to fine-tune their incident response program specifically, and also to re-tune their overall security program. What worked, what didn't work, and what could work better or faster? There's no better teacher than experience, so it’ll be important to glean as many lessons as possible from responding to a real incident.
IR Program Development
Attackers are constantly evolving. To ensure you’re always prepared, you need a plan, and you need to review it regularly. Our experts will evaluate your environment—from technology and assets to people, processes, and policy—to rate your current capabilities and offer relevant, business-based recommendations to help you meet (and exceed) your IR program goals. Need to build your program from the ground-up? We can help with that, too. Our IR Program Development offering can be customized to help build or improve your aptitude in any facet of incident response.
From verifying compromise to validating remediation efforts, a Compromise Assessment can confirm your house is clean (or not). By applying threat intelligence and behavioral analytics with innovative hunting techniques, our experts assess your environment to identify malware and evidence of attacker activity and report on misconfigurations, significant risks, and potential vulnerabilities.
Detection and Response Workshop
This program puts your detection and response capabilities to the test against a live, simulated attack within your environment. The goal of this workshop is to evaluate how well your unique detection and response capabilities and current IR plan work to ensure your team can recognize and properly respond to an attack. Our experts will help your team understand how current security measures and controls handle the breach while providing coaching to strengthen your approach to incident response.
Tabletop exercises simulate threats on-site to evaluate your detection and response capabilities in a controlled environment. We work with you to create and deliver a meaningful scenario, analyze the results, and provide a list of actionable improvements you can apply to your incident response program.
Need immediate help with a breach? Call us at 1-844-RAPID-IR (1-844-727-4347). Our incident response team is ready to collaborate closely with your in-house team to investigate incidents, document findings, and recommend the right remediation activities to help ensure attackers are out and can’t find their way back in. Our incident response consultants can collaborate with your critical stakeholders, ensuring various parts of the business are making key considerations throughout the response process.
An incident response retainer is an easy way to keep IR experts on standby. In the event of a compromise, retainer customers alert the Rapid7 team, who respond within one hour to gather details and discuss planned incident response activities. All technical investigations are done remotely, and are ready to begin as soon as our InsightAgent can be deployed (or access given to detection and response systems).
Retainers are available in 40 hour blocks, and in the (hopeful) event they’re not needed for breach response, can be repurposed into a variety of other Rapid7 professional services. Give us a call, and we’ll set you up with a project manager who can help assess which services are right for your organization. We can then connect you with the best consultants to get you started on the path to stronger incident response.
Our team helps you build an incident response plan and IR Runbook for engaging with the Rapid7 MTC service.
An abbreviated list includes: