Tag Archives: Managed Threat Complete

What’s New in Rapid7 Products & Services: 2023 Year in Review

Post Syndicated from Margaret Wei original https://blog.rapid7.com/2023/12/21/whats-new-in-rapid7-products-services-2023-year-in-review/

What’s New in Rapid7 Products & Services: 2023 Year in Review

Throughout 2023 Rapid7 has made investments across the Insight Platform to further our mission of providing security teams with the tools to proactively anticipate imminent risk, prevent breaches earlier, and respond faster to threats. In this blog you’ll find a review of our top releases from this past year, all of which were purpose-built to bring your team a holistic, unified approach to security operations and command of your attack surface.

Proactively secure your environment

Endpoint protection with next-gen antivirus in Managed Threat Complete

To provide protection against both known and unknown threats, we released multilayered prevention with Next-Gen Antivirus in Managed Threat Complete. Available through the Insight Agent, you’re immediately able to:

  • Block known and unknown threats early in the kill chain
  • Halt malware that’s built to bypass existing security controls
  • Maximize your security stack and ROI with existing Insight Agent
  • Leverage the expertise of our MDR team to triage and investigate these alerts

New capabilities to help prioritize risk in your cloud and on-premise environments and effectively communicate risk posture

As the attack surface expands, we know it’s critical for you to have visibility into vulnerabilities across your hybrid environments and communicate it with your executive and remediation stakeholders. This year we made a series of investments in this area to help customers better visualize, prioritize, and communicate risk.

What’s New in Rapid7 Products & Services: 2023 Year in Review
  • Executive Risk View, available as a part of Cloud Risk Complete, provides security leaders with the visibility and context needed to track total risk across cloud and on-premises assets to better understand organizational risk posture and trends.
  • Active Risk, our new vulnerability risk-scoring methodology, helps security teams prioritize vulnerabilities that are actively exploited or most likely to be exploited in the wild. Our approach enriches the latest version of the Common Vulnerability Scoring System (CVSS) with multiple threat intelligence feeds, including intelligence from proprietary Rapid7 Labs research. Active Risk normalizes risk scores across cloud and on-premises environments within InsightVM, InsightCloudSec, and Executive Risk View.
  • The new risk score in InsightCloudSec’s Layered Context makes it easier for you to understand the riskiest resources within your cloud environment. Much like Layered Context, the new risk score combines a variety of risk signals – including Active Risk – and assigns a higher risk score to resources that suffer from toxic combinations or multiple risk vectors that present an increased likelihood or impact of compromise.
  • Two new dashboard cards in InsightVM to help security teams communicate risk posture cross-functionally and provide context on asset and vulnerability prioritization:
  • Vulnerability Findings by Active Risk Score Severity – ideal for executive reporting, this dashboard card indicates total number of vulnerabilities across the Active Risk severity levels and number of affected assets and instances.
  • Vulnerability Findings by Active Risk Score Severity and Publish Age – ideal for sharing with remediation stakeholders to assist with prioritizing vulnerabilities for the next patch cycle, or identifying critical vulnerabilities that may have been missed.

Coverage and expert analysis for critical vulnerabilities with Rapid7 Labs

Rapid7 Labs provides easy-to-use threat intelligence and guidance, curated by our industry-leading attack experts, to the security teams.

Emergent Threat Response (ETR) program, part of Rapid7 Labs, provides teams with accelerated visibility, alerting, and guidance on high-priority threats. Over this past year we provided coverage and expert analysis within 24 hours for over 30 emergent threats, including Progress Software’s MOVEit Transfer solution where our security research team was one of the first to detect exploitation—four days before the vendor issued public advisory. Keep up with future ETRs on our blog here.

Detect and prioritize threats anywhere, from the endpoint to the cloud

Enhanced alert details in InsightIDR Investigations

An updated evidence panel for attacker behavior analytics (ABA) alerts gives you a description of the alert and recommendations for triage, rule logic that generated the alert and associated data, and a process tree (for MDR customers) to show details about what occurred before, during, and after the alert was generated.

What’s New in Rapid7 Products & Services: 2023 Year in Review
Process tree details within alert details in InsightIDR

AI-driven detection of anomalous activity with Cloud Anomaly Detection

Cloud Anomaly Detection provides AI-driven detection of anomalous activity occurring across your cloud environments, with automated prioritization to assess the likelihood that activity is malicious. With Cloud Anomaly Detection, your team will benefit from:

  • A consolidated view that aggregates threat detections from CSP-native detection engines and Rapid7’s AI-driven proprietary detections.
  • Automated prioritization to focus on the activity that is most likely to be malicious.
  • The ability to detect and respond to cloud threats using the same processes and tools your SOC teams are using today with easy API-based ingestion into XDR/SIEM tools for threat investigations and prioritizing remediation efforts.

Detailed views into risks across your cloud environment with Identity Analysis and Attack Path Analysis

We’re constantly working to improve the ways with which we provide a real-time and comprehensive view of your current cloud risk posture. This year, we made some major strides in this area, headlined by two exciting new features:

  • Identity Analysis provides a unified view into identity-related risk across your cloud environments, allowing you to achieve least privileged access (LPA) at scale. By utilizing machine learning (ML), Identity Analysis builds a baseline of access patterns and permissions usage, and then correlates the baseline against assigned permissions and privileges. This enables your team to identify overly-permissive roles or unused access so you can automatically right-size permissions in accordance with LPA.
  • Attack Path Analysis enables you to analyze relationships between resources and quickly identify potential avenues bad actors could navigate within your cloud environment to exploit a vulnerable resource and/or access sensitive information. This visualization helps teams communicate risk across the organization, particularly for non-technical stakeholders that may find it difficult to understand why a compromised resource presents a potentially larger risk to the business.
What’s New in Rapid7 Products & Services: 2023 Year in Review

More flexible alerting with Custom Detection Rules

Every environment, industry, and organization can have differing needs when it comes to detections. With custom detection rules in InsightIDR, you can detect threats specific to your needs while take advantage of the same capabilities that are available for out-of-the-box detection rules, including:

  • The ability to set a rule action and rule priority to choose how you are alerted when your rule detects suspicious activity.
  • The ability to add exceptions to your rule for specific key-value pairs.

A growing library of actionable detections in InsightIDR

In 2023 we added over 3,000 new detection rules. See them in-product or visit the Detection Library for descriptions and recommendations.

Agent-Based Policy supports custom policy assessment in InsightVM

Guidelines from Center for Internet Security (CIS) and Security Technical Implementation Guides (STIG) are widely used industry benchmarks for configuration assessment. However, a benchmark or guideline as-is may not meet the unique needs of every business.

Agent-Based Policy assessment now supports Custom Policies. Global Administrators can customize built-in policies, upload policies, or enable a copy of existing custom policies for agent-based assessments. Learn more here.

Investigate and respond with confidence

Faster containment and remediation of threats with expansion of Active Response for Managed Detection and Response customers

Attackers work quickly and every second you wait to take action can have detrimental impacts on your environment. Enter automation—Active Response enables Rapid7 SOC analysts to immediately quarantine assets and users in a customer’s environment with response actions powered by InsightConnect, Rapid7’s SOAR solution.

Active Response has you covered to quarantine via our Insight Agent, as well as a variety of third-party providers—including Crowdstrike and SentinelOne. And with MDR analyst actions logged directly in InsightIDR, you have more expansive, collaborative detection and response faster than ever before. Read what Active Response can do for your organization—and how it stopped malware in a recent MDR Investigation—here.

What’s New in Rapid7 Products & Services: 2023 Year in Review
Active Response in action: Rapid7 MDR analyst activity logged within InsightIDR Investigations timeline

Velociraptor integrates with InsightIDR for broader DFIR coverage

The attack surface is continually expanding, and so should your visibility into potential threats across it. This year we integrated Velociraptor, Rapid7’s open-source DFIR framework, with our Insight Platform to bring the data you need for daily threat monitoring and hunting into InsightIDR for investigation via our Insight Agent.

This integration brings you faster identification and remediation, always-on monitoring for threat activity across your endpoint fleet, and expanded threat detection capabilities. Read more about what this integration unlocks here.

What’s New in Rapid7 Products & Services: 2023 Year in Review
Velociraptor alert details in InsightIDR

Stay tuned!

As always, we’re continuing to work on exciting product enhancements and releases throughout the year. Keep an eye on our blog and release notes as we continue to highlight the latest in product and service investments at Rapid7. See you in 2024!

Proactively Prevent Breaches with Expanded Endpoint Protection in Rapid7 MDR

Post Syndicated from Rapid7 original https://blog.rapid7.com/2023/10/02/proactively-prevent-breaches-with-expanded-endpoint-protection-in-rapid7-mdr/

Proactively Prevent Breaches with Expanded Endpoint Protection in Rapid7 MDR

Working with thousands of security and risk professionals across the globe, we know that complexity is the top challenge SOCs are facing today. As the attack surface rapidly expands, security teams need more effective ways to keep pace with digital transformation and get out of the cycle of constant reactive fire drills.

So, we have expanded endpoint protection within our leading MDR service, Managed Threat Complete, to include native next-generation antivirus (NGAV) and DFIR powered by our universal Insight Agent.

Building on the powerful vulnerability scanning, high efficacy threat detections, and rapid containment we deliver on the endpoint today, these new capabilities help unlock critical efficiency and consolidation teams need to gain control over their dynamic attack surface.

We’re also excited to integrate Velociraptor directly into InsightIDR. The integration empowers security teams to easily collect, query, and monitor virtually any aspect of their endpoint fleets with leading digital forensics and incident response (DFIR) technology and playbooks. Already a key tool used by our Incident Response consultants in every single Incident Response engagement, customers can now experience the power and insight Velociraptor brings on the endpoint, directly in the product.

Plus, Velociraptor now uses an expressive query language (rather than code), which makes it faster and easier to share custom detections with the open source community. This helps SOC teams root out new threats more quickly, while demonstrating our continued support to open source.

Rapid7 MDR: Full coverage, single trusted partner

A Gartner study found that 75% of organizations pursued security vendor consolidation in 2022, up from 29% in 2020. And we understand why. Rapid environment expansion and constantly escalating threats—combined with a growing skills gap—have left security professionals on their heels and over-indexed on reactive measures alone. Adoption of point solutions to keep up change has resulted in more noise, inefficiency, and burnout. Previous SecOp approaches are broken – there has to be change.

Rapid7 tackles complexity head-on with a more proactive approach to security operations. By unifying relevant exposure management, external threat intelligence, and now prevention capabilities we are able to get ahead of risk and eliminate breaches earlier. This also reduces the noise and alerts downstream, enabling high efficacy threat detection, and accelerated response. With Rapid7, customers can feel confident they are covered from endpoint to the cloud, across both known and unknown threats.

While the attack surface grows, endpoints remain a critical foot in the door and target for attackers. Rapid7 delivers full threat lifecycle coverage on the endpoint via our lightweight agent, including:

  • Anticipate threats to prevent breaches earlier with leading vulnerability management and Next-Gen Antivirus.
  • Rich telemetry, unique intelligence, and curated content drives high efficacy detections.
  • Full kill chain visibility and streamlined automation contain threats faster than ever.
  • Robust forensic insights for expedited investigations and advanced hunting powered by Velociraptor.

Looking Ahead: Proactive Ransomware Prevention

As Rapid7 continues to invest in the most complete endpoint solutions, it will be addressing one of the most pervasive threats organizations face today: ransomware. Leveraging a patented approach from the integrated Minerva technology, these future capabilities will be able to recognize the earliest signals and behaviors to identify and intercept headline-making attacks before they are able to execute.

Rapid7’s incident response team is currently using this technology in the field, and soon these powerful capabilities will be available to rapid7 MDR customers. You can learn more about how Rapid7 protects endpoints here.

What’s New in Rapid7 Detection & Response: Q2 2023 in Review

Post Syndicated from Stacy Moran original https://blog.rapid7.com/2023/07/11/whats-new-in-rapid7-detection-response-q2-2023-in-review/

What’s New in Rapid7 Detection & Response: Q2 2023 in Review

We are excited to share another quarter of new Detection & Response capabilities and improvements. As we continue to innovate across our platform, we thank our customers for continuous insight, engagement, and direction.

Keenly focused on our mission to deliver solutions for consolidated, end-to-end security operations and a practitioner-focused experience, Rapid7 recently introduced Managed Threat Complete (MTC), which brings together our leading MDR service and industry-leading vulnerability management technology, enabling customers to level up their detection and response programs with complete coverage and a team of Rapid7 experts.

At the core of MTC is InsightIDR (IDR), our cloud-native XDR technology that cuts through the noise and enables practitioners to focus on what matters most. Read on to learn about recent updates to MTC and IDR, including Log Search Open Preview, which is now the default experience for users, and support for AWS AppFabric.

New Faster and Streamlined Log Search Experience Is Live!

We are always striving to drive greater efficacy, productivity, and efficiency for our customers–and since querying data is such a huge part of security practitioners’ day-to-day, Log Search is always a significant area of focus. We are excited to officially introduce our new Log Search experience, which is now live and available for all InsightIDR and MDR customers.  This new experience delivers a faster and more simplified UI, while also unlocking more paths to build sophisticated queries and dashboards. Highlights include:

  • Easily Access Saved Queries: Identify, capture, edit, and share saved queries via the new Log Search interface. The “home page” gives you single-click access for all search-related activities.
  • Refine Detection Rules From Search: Refine existing or create new detection rules directly from queries.
  • Master Visualizations: Tweak and perfect visualizations before they are added to dashboards.

Expanded Partnership with Amazon Web Services (AWS) Improves Cloud D&R Efficiency

As part of our continued commitment to helping customers secure cloud infrastructure, InsightIDR now supports AWS AppFabric, which quickly connects SaaS applications for streamlined security management using a standard schema. By ingesting logs from AppFabric, customers have improved visibility into SaaS app activity and the ability to centralize security data within the Insight Platform—and ultimately, detect and respond to cloud threats faster. For additional information, see Rapid7’s recent press release and blog post on this exciting news.

More Flexibility for Detection Rule Exceptions

We take pride in the fidelity of our out-of-the-box Detection Library while recognizing our customers’ need for flexibility to prioritize threats, fine-tune alerts, and manage detection exceptions for their unique environments. InsightIDR users can now use exceptions to modify and prioritize detection rules for specific users and asset levels. When creating an exception, users can convert the key-value pair into Log Entry Query Language (LEQL) for more specificity. The ability to write exceptions with multiple conditions in a single query saves valuable time and allows analysts to fine-tune specific detections where applicable. To learn more about leveraging LEQL for more complex tuning capability, read the documentation.

What’s New in Rapid7 Detection & Response: Q2 2023 in Review

API Event Source for Palo Alto Cortex XDR Accelerates Triage

A new API integration enables customers to ingest alerts from Cortex XDR into InsightIDR, providing an easy and secure way to triage PAN alerts. Users can set up a new event source to request incidents from the Incidents API within Cortex XDR and generate third-party alerts. Find configuration details here.

Insight Agent Updates Improve Monitoring and Management

Velociraptor Version Release

Rapid7 is excited to announce version 0.6.9 of Velociraptor–the premier open-source DFIR platform. Enhancements include direct SMB support, improvements to the GUI and the VQL scripting language, and the introduction of “lock down” server mode. Learn more in the blog.

MSSP Multi-Customer Investigations Support Prioritization Efficiency

MSSPs now have access to an enhanced multi-customer investigation experience that improves the customer management workflow for analysts and increases the speed of investigations.

What’s New in Rapid7 Detection & Response: Q2 2023 in Review

The new interface enables MSSP analysts to manage customers at scale. They can see a list of all of their customers in a single view, click into each individual customer to manage their investigations, and switch between managed customers without leaving InsightIDR. Learn more in the documentation.

What’s New in Rapid7 Detection & Response: Q2 2023 in Review

Attacker Behavior Analytics (ABA) Detection Rules

In Q2, we added 1197 new ABA detection rules for threats. See them in-product or visit the Detection Library for actionable descriptions and recommendations.

Stay tuned!

We’re always working on new product enhancements and functionality to ensure teams can stay ahead of potential threats and respond to attacks as quickly as possible. Keep an eye on the Rapid7 blog and the InsightIDR release notes to keep up to date with the latest Detection and Response releases at Rapid7.

Standardizing SaaS Data to Drive Greater Cloud Security Efficacy

Post Syndicated from Dina Durutlic original https://blog.rapid7.com/2023/06/27/standardizing-saas-data-to-drive-greater-cloud-security-efficacy/

Standardizing SaaS Data to Drive Greater Cloud Security Efficacy

The way we do business has fundamentally changed, and as a result, so must security. Whether it’s legacy modernization initiatives, process improvements, or bridging the gap between physical and digital—most organizational strategies and initiatives involve embracing the cloud. However, investing in the cloud doesn’t come without its complexities.

When organizations adopt new technologies and applications, they inadvertently introduce new opportunities for attackers through vulnerabilities and points of entry. To stay ahead of potential security concerns, teams need to rely on data in order to get an overview of their environment—ensuring protection.

Where this becomes a bigger challenge is two fold:

  1. Security professionals need to secure SaaS applications, but each app has its own methodology for generating and storing vital security and usage data.
  2. Even if a security team puts in the work to centralize all this data, it must be normalized and standardized in order to be usable, which creates more work and visibility gaps.

Elevating Security Posture Around SaaS Applications

As part of our continued commitment to ensuring customers stay future-ready and secure through their cloud adoption, we’re excited to announce our work with AWS on their new service that will continue the effort around data standardization. AWS AppFabric quickly connects SaaS applications across the organization, so IT and security teams can easily manage and secure applications using a standard schema.

By using AppFabric to natively connect SaaS productivity and security applications to each other, security teams can automatically normalize application data (into the Open Cybersecurity Schema Framework (OCSF) format) for administrators to set common policies, standardize security alerts, and easily manage user access across multiple applications.

For Rapid7 customers, InsightIDR will be able to ingest logs from AppFabric so security teams have access to that data—stay tuned for more! This is just one in a series of investments we are making to help secure your cloud infrastructure.

To learn more about how customers are leveraging Rapid7’s elite security expertise and practitioner first platform to elevate their security program, check out our Managed Threat Complete offer.

Healthcare Orgs: Do You Need an Outsourced SOC?

Post Syndicated from Rapid7 original https://blog.rapid7.com/2023/05/24/healthcare-orgs-do-you-need-an-outsourced-soc/

Healthcare Orgs: Do You Need an Outsourced SOC?

Gartner predicts that 50% of organizations will partner with an external MDR (Managed Detection and Response) service by 2025 for around-the-clock monitoring. What determines where healthcare organizations fall on that 50/50 split over using an outsourced SOC? It usually comes down to their ability to adapt to the current needs of the healthcare industry.

A growing demand for improved healthcare services means more healthcare providers are turning to the cloud. But for a world built on strict regulations and literal life-or-death situations, migrating too quickly to the cloud can be a serious challenge. When healthcare teams take on cloud adoption too fast, then run the risk of:

  • Accumulating cloud services that fall through security cracks—AKA shadow IT
  • Expanding their organization’s attack surface without a means of defense, opening up more opportunities for breaches and leaks

That’s where the help of an outsourced SOC comes in. With an extra team of experts on board, healthcare organizations can secure new ephemeral environments—without putting their security teams through resource strain or burnout.

Still, it can be tough for healthcare organizations to identify when it’s time to outsource, if ever at all. Here are some tell-tale signs that outsourcing a SOC and investing in managed services is the right call.

Your Teams Are Already Overwhelmed

While most healthcare organizations have a trusted team of a few security experts, they’re usually smaller than most security teams in tech enterprises, snappy startups, or other more cyber-savvy industries. That leads to a tricky cycle of needing to do more with fewer resources.

A day in the life of a security engineer in healthcare is marked by a seemingly endless game of catchup—one that doesn’t support speed, efficiency, or a successful migration to the cloud.

If your organization’s security teams are:

  • Struggling to find qualified talent
  • Overwhelmed by firefighting every single incident on their plate
  • Tired of combing through seas of alerts—some of which are false positives
  • Burned out by carrying out repetitive and mundane tasks that could be automated

You’re Super New to the Cloud

Healthcare security teams are typically IT or network pros who are well-acquainted and well-trained to defend traditional environments. However, there may be knowledge gaps when it comes to healthcare’s approach to cloud security. But with global cyber attacks on healthcare organizations rising 74% per week in 2022, security teams have no time to waste learning how to protect cloud environments.

Investing in the right education and training for healthcare’s traditional security pros simply takes time and effort that many organizations can’t afford to waste. But with an external SOC, security teams can:

  • Rely on cloud security experts to handle the trickiest parts of the process
  • Learn as they go with the guidance of seasoned professionals
  • Gain strategic guidance and insights to help take their security program to the next level

You’d Benefit From Automated Processes but Struggle To Implement Them

Automation is the key to boosting your cloud security program and iterating it at scale. For healthcare, automation provides the biggest benefit in ensuring that strict compliance regulations—like HIPAA—are met. That spells good news for stakeholders, who are typically most concerned with meeting standards and maintaining compliance.

With automation, security teams in healthcare can:

  • Configure guardrails ensuring new assets and environments adhere to regulations and compliance standards
  • Set up automated alerts that indicate when standards are not met

However, implementing automation, especially if your organization’s new at it, can seem like a hefty investment and a daunting task to accomplish. It’s time to enlist the help of an outsourced SOC if your security teams:

  • Have limited or no experience with automation
  • Are still manually handling a lot of rote but necessary tasks
  • Know where duties get repetitive but don’t know what to do about it

That way, external cyber experts can set up automated guardrails, teach your teams how they work, and eliminate tedious, manual work.

Next Steps With Outsourced SOCs

Organizations with limited resources and novice knowledge of the cloud can significantly benefit from teaming up with managed services. But in a sea of possible partners, knowing which experts to go with can be tough—especially when healthcare organizations have various security needs.

That’s why we built Managed Threat Complete, an always-on MDR with vulnerability management in a single subscription. Consolidate your investment in external SOCs by teaming up with our seasoned security pros today.

Learn More

For more information about healthcare cybersecurity, download our new ebook: In Healthcare (and Security) Early Detection is Key

In this eBook, you’ll learn:

  • The current state of threats in the healthcare industry
  • The top challenges in addressing those threats
  • How to overcome those challenges and implement defense strategies

Download it now!

Rapid7 Recognized as a Strong Performer in The Forrester WaveTM for MDR, Q2 2023

Post Syndicated from Jeremiah Dewey original https://blog.rapid7.com/2023/05/18/rapid7-recognized-as-a-strong-performer-in-the-forrester-wavetm-for-mdr-q2-2023/

Rapid7 Recognized as a Strong Performer in The Forrester WaveTM for MDR, Q2 2023

Rapid7 recognized amongst the top MDR providers in the industry.

As security teams try to do more with less, addressing the sprawling attack surface and monitoring the escalating threat and risk landscape, it inherently leaves them at a disadvantage. Rapid7 Managed Threat Complete empowers organizations to tip the scale back in their favor to achieve stronger security programs, end-to-end.

We are proud to be recognized amongst the top 13 vendors, as a Strong Performer, in The Forrester WaveTM: Managed Detection and Response, Q2 2023. Our goal is to build-upon and break the traditional views of MDR by uniting risk and threat detection and response with Managed Threat Complete to drive superior outcomes for our customers.

Complete Coverage. Single Solution. End-to-End.

Since day one, we’ve continuously been looking for new ways to support organizations in their effort to find and eliminate threats faster and more reliably. While traditional MDR services flooded organizations with noisy alerts and put resolution back on the customer, we saw a better path. Rapid7 is committed to being a true partner for our customers, detecting and responding to any threat, end-to-end, no matter how large or complex.

This year, we focused on empowering all organizations to gain complete coverage, unlocking a holistic security program—one that covers proactive, responsive, and strategic aspects of detection and response. We’ve combined two historically siloed pieces of security (risk and threats) to give organizations the complete picture. By focusing on a security program that is proactive, responsive, and strategic, you get smarter and more resilient over time—continuously strengthening your security.

Like all Rapid7 products and services, Managed Threat Complete is built by practitioners for practitioners. We truly want to empower security teams to focus on strategic work while we focus on their environment 24/7/365. With complete coverage and end-to-end detection and response, teams can feel confident that they’re always ready for what comes next.

Unlimited Incident Response

Traditional approaches to MDR focus on the responsive element of detection and response and miss the opportunity to help organizations build resilience and strengthen their security posture over time. As the market evolved, MDR providers drew lines in the sand. They chose to respond to alerts of a certain size, leaving the burden of hands-on-keyboard incident response (IR) attacks for organizations to handle through expensive retainers or off the street contracts with IR consultants.  We knew our customers deserved better, and we had a unique opportunity to challenge the system and provide a fully end-to-end response program.

We’ve removed boundaries to traditional MDR programs, keeping your outcomes our top priority. Rapid7 Managed Threat Complete delivers unlimited data, unlimited incident response, unlimited intelligence, and unlimited potential. From incident response with no limits, meaning no line in the sand regardless of the size and complexity, to XDR technology at the core for complete coverage, threats across your entire modern environment are eliminated.

We believe that in addition to our approach to limitless security, our robust functionality accessibility by customers caused us to receive the highest score in the Platform Capabilities criterion from Forrester.

“This has greatly increased our visibility, detection, and response capabilities for on and off-hours. The UEBA functionality of the agent is amazing as well. Overall the service is extremely valuable and well worth the price.”—Security Administrator/Analyst, Medium Enterprise Insurance Company, TechValidate

Strategic Partnership & Guidance

When it comes to partnership, we truly mean it. Work alongside global SOC experts who seamlessly act as an extension of your team from initial threat detection through triage, investigation, and response. With a Customer Advisor at your fingertips, you can further accelerate your security maturity by working in lockstep to build a strong, resilient program through regular posture reviews and program assessments.

Our MDR SOC provides context and in-depth reporting with every incident. When a forensic analysis is performed, detailed remediation and mitigation recommendations are provided to make sure organizations improve their resilience against threats over time. If a breach becomes a full scope incident response engagement, Rapid7 Incident Response consultants work with the SOC for round the clock forensic investigation, delivering your team answers to remove attackers from your environment as quickly as possible.

Forrester gave Rapid7 the highest possible scores in the Managed Investigations and Threat Hunting criteria. When it comes to threat hunting, we believe in being thorough. Rapid7 performs threat hunting on a hypothesis-driven basis—meaning our analysts (not scripts), proactively perform an analysis as new attacker behavior techniques arise. With 13 months of data stored, we’re able to dig in deep, and ensure our customers aren’t affected by the newest attacker TTPs. If we find something, our team immediately pivots into Incident Response to remove the compromise and reduce negative outcomes.

“Our program has significantly improved and I am much more confident in our overall security posture. Having the Rapid7 Managed Detection and Response team augmenting my team allows us to sleep better at night and be able to leave work knowing that we are still covered and can respond quickly if we receive an alert from the team.”—Scott Chille, CIO or equivalent IT position, Bartlett Regional Hospital, TechValidate

Consolidation for Powerful ROI

When investments are scrutinized and teams are being asked to do more with less, proving the value of a managed detection and response partner is pivotal. Teams are strained, and practitioners need consolidation to drive the efficiency necessary to be successful in today’s modern threat landscape—without sacrificing sophisticated security outcomes and the high standard for their security program. With Managed Threat Complete, organizations can drive greater efficiency and consolidation by unifying vulnerability management and managed detection and response into a single, cohesive security service.

“First off, the IDR platform is solid; great insight into what is going on in our environment. The MDR service gives us great comfort in knowing we have security engineers keeping a watchful eye on your environment as well as a resource for our internal security group. Having our main advisor/POC for monthly check-in ensures we are getting the most value out of the MDR service.”—A CISO/CSO at a Medium Enterprise – Banking, TechValidate

The Future of Detection & Response

As attackers become more pervasive and sophisticated, Rapid7 strives to close the gap for practitioners and their organizations. Our vision is to improve efficiency, efficacy, and productivity to make more sophisticated security outcomes accessible for all teams. These are a few outcomes we are driving toward in the future:

  • Enhanced Partnership: frictionless access to experts and data where, when, and how customers need it.
  • More Transparency: Ensure confidence and readiness for the modern environment, including cloud.
  • Continued Investment in Leading Detections Coverage: Maximize coverage with the Insight Agent. Enhancing endpoint investigation and hunting experience.
  • Investigation and Response: Empower faster decision making via expanded capabilities and streamlined processes.

Thank you to our customers and partners who continue to be our guiding light for our investments in our service and product. We’re excited to keep pushing the bounds of “traditional” to further empower our customers. We’ll share more around these initiatives and investments throughout the year so keep an eye out.

Rapid7 MDR Program Overview
Rapid7 MDR Buyers Guide
Gartner Market Guide for MDR
MDR vs. The Inevitable

The Next Generation of Managed Detection and Response is Here

Post Syndicated from Jake Godgart original https://blog.rapid7.com/2023/02/22/the-next-generation-of-managed-detection-and-response-is-here/

The Next Generation of Managed Detection and Response is Here

Humans are great at adapting to change—but objectively the pace of technological change has been way, way too fast.  

Security teams manage an average of 76 different tools. Breaches have gone from “s#&@!” to “inevitable.”  That’s why we built  Managed Threat Complete to address the reality of today’s threat environment. By 2025, Gartner says 50% of organizations will decide to partner with an MDR (Managed Detection and Response) service for 24×7 monitoring.

Now, one move can consolidate and rebalance your work

Managed Threat Complete: It’s always-on MDR plus unlimited vulnerability management with a single subscription.

Combine these two historically siloed pieces of a security program, and you have a complete picture of your risk profile and threat landscape. Since the service  combines proactive, responsive, and strategic support of your program, it gets smarter and more resilient over time: a continuously-improving, virtuous cycle.

Most importantly, Managed Threat Complete lets you prove you’re building measurable capacity to be effective at detection and response—and improve the definitions of success that matter most to you. We call it the R-factor, and it measures:

  • How ready you are to react to your sprawling attack surface
  • How responsive you can be when something inevitably gets through
  • How effectively you’re able to remediate after the fact
  • How you measure your results and show provable outcomes
The Next Generation of Managed Detection and Response is Here

Forrester Consulting did the math on Rapid7 MDR, and you win

Forrester’s June 2022 Total Economic Impact™ study commissioned by Rapid7 found that Rapid7 MDR produced extraordinary results:

  • 5.5x ROI over 3 years
  • <3 month payback
  • 90% reduction in the likelihood of a breach

While your team methodically reduces your risks with unlimited VRM scanning, Managed Threat Complete gives you a full team of SOC experts dealing with threats in your environment using advanced XDR technology. And that means really responding, remediating, and making your organization safe and secure—no matter what.

It’s MDR so different, think of it as MDR 2.0.

Typical MDR vendors will simply alert a CISO to a problem. If you’re breached, they’ll tell you to hire an outside Incident Response firm to take it the rest of the way.  Managed Threat Complete gives you unlimited Incident Response (the same level you’d get with an IR retainer) included, with DFIR professionals already embedded on your team.

Typical MDR vendors charge by data ingestion and retention. We prioritize visibility into your environment so our analysts can detect and respond without compromise.

Typical MDR vendors take a black box approach to their technology. But with Managed Threat Complete, we give customers unlimited access to our cloud-native XDR technology, sprawling detections library, all of it. See transparently into what your Rapid7 MDR partners are doing. Run your own investigations and threat hunting. Log in once a day or once a year, it’s at your fingertips.

Managed Threat Complete delivers a holistic approach to risk and threat management, so you can consolidate costs and be ready for whatever comes next.

Managed Threat Complete

Focus on proactive, strategic work, while our team delivers 24/7/365, end-to-end detection and response.

LEARN MORE