As attackers evolve and new threats are discovered, our Threat Intelligence team develops signatures and analytic detections for existing and emerging threats. This data is combined with sourced threat intelligence feeds to enrich the data and deepen our contextual knowledge. All detections ensure coverage for various indicators of compromise (IOCs) that malicious actors use in the wild mapped to the MITRE ATT&CK™ framework.
The MDR service is powered by Rapid7’s Insight cloud platform. Data from our endpoint agent and other event sources provide network- and system-level visibility across your environment. This data is crunched by our Gartner-leading cloud SIEM, InsightIDR, to analyze user, endpoint, and network data, leveraging analytics to uncover threats across your internal network and cloud services to detect advanced attacks early. And as an MDR service customer, you’ll have full access to InsightIDR to search logs or run your own investigations.
Our MDR SOC employs a multi-layered approach to detect malicious activity across the attack chain for both known and unknown threats. Each detection offered through InsightIDR is validated by our SOC analysts to ensure we only pass true threats in our reports.
Our world-class SOC analysts monitor your environment 24x7x365, each bringing years of experience building detection and response programs, and hunting for and validating threats. They’ll act as an extension of your team for tactical detection and analysis to validate threats in your environment.
These analysts are augmented by your Security Advisor, who acts as your point of contact to the Rapid7 SOC and Threat Intelligence teams. They’ll be a trusted security resource, offering suggestions and guidance to mature your security program. Feel free to reach out to them whenever you have a question.
Let our experts handle investigation, validation, and response. Anytime there’s an alert, our SOC Pods perform forensic analysis to validate each alert based on endpoint and log data to eliminate false positives and document the entire attack storyboard. If it’s a true threat, our team can take action using our Active Response service to stop attackers in their tracks. We’ll provide you with a written summary of the incident, including prioritized recommendations and clear guidance for what to do next.
Our MDR service is designed to help any and every security team, regardless of size, maturity, or existing technology stack. Our goal is to ensure we align your investment in MDR with long-term security improvements across all 20 CIS critical controls.
Our team is your team. From SOC analysts to your Security Advisors, we take the time to understand your business processes, environment, and industry so we can provide customized guidance and clear direction for your team. Between regularly scheduled meetings and QBRs with your Security Advisor to ad-hoc questions for the SOC, you can rest assured you’ll have a partner in your success.