Layer 1: Proprietary Threat Intelligence & Research
As attackers evolve and new threats are discovered, our Threat Intelligence team develops signatures and analytic detections for existing and emerging threats. This data is combined with sourced threat intelligence feeds to enrich the data and deepen our contextual knowledge. All detections ensure coverage for various indicators of compromise (IOCs) that malicious actors use in the wild mapped to the MITRE ATT&CK™ framework.
- Intel based on 1.2 Trillion weekly security events
- Constantly evolving detections as new TTPs emerge
- Tailored tuning and alert suppression
Layer 2: Industry-Leading SIEM Technology
The MDR service is powered by Rapid7’s Insight cloud platform. Data from our endpoint agent and other event sources provide network- and system-level visibility across your environment. This data is crunched by our Gartner-leading cloud SIEM, InsightIDR, to analyze user, endpoint, and network data, leveraging analytics to uncover threats across your internal network and cloud services to detect advanced attacks early. And as an MDR service customer, you’ll have full access to InsightIDR to search logs or run your own investigations.
- Unlimited data and event source connections
- Leverage and integrate your existing security investments across endpoint, network, infrastructure, and cloud solutions
- Fast deployment and exceptional time to value
Layer 3: Threat Detection Methodology
Our MDR SOC employs a multi-layered approach to detect malicious activity across the attack chain for both known and unknown threats. Each detection offered through InsightIDR is validated by our SOC analysts to ensure we only pass true threats in our reports.
- Behavioral detections for user and host anomalies
- IDS, DNS, DHCP, and network traffic and flow detections
- Monthly proactive human threat hunting from MDR analysts
- Threat intelligence-based detections
- Intruder trap technologies like honeypots, honey users, and honey files
Layer 4: Rapid7 SOC Operations
Our world-class SOC analysts monitor your environment 24x7x365, each bringing years of experience building detection and response programs, and hunting for and validating threats. They’ll act as an extension of your team for tactical detection and analysis to validate threats in your environment.
These analysts are augmented by your Security Advisor, who acts as your point of contact to the Rapid7 SOC and Threat Intelligence teams. They’ll be a trusted security resource, offering suggestions and guidance to mature your security program. Feel free to reach out to them whenever you have a question.
- Around-the-clock security operations delivered from multiple global SOCs
- Service delivery experts with an average of 5 years detection and response experience
- SOC experts with over 500 collective security certifications
Layer 5: Incident Investigations and Active Response
Let our experts handle investigation, validation, and response. Anytime there’s an alert, our SOC Pods perform forensic analysis to validate each alert based on endpoint and log data to eliminate false positives and document the entire attack storyboard. If it’s a true threat, our team can take action using our Active Response service to stop attackers in their tracks. We’ll provide you with a written summary of the incident, including prioritized recommendations and clear guidance for what to do next.
- 24x7 end-to-end MDR service, including Active Response to stop threats
- Full Investigations and Findings Reports on validated threats
- Prioritized containment, remediation, and mitigation recommendations
Layer 6: Threat Detection & Response Program Advancement
Our MDR service is designed to help any and every security team, regardless of size, maturity, or existing technology stack. Our goal is to ensure we align your investment in MDR with long-term security improvements across all 20 CIS critical controls.
Our team is your team. From SOC analysts to your Security Advisors, we take the time to understand your business processes, environment, and industry so we can provide customized guidance and clear direction for your team. Between regularly scheduled meetings and QBRs with your Security Advisor to ad-hoc questions for the SOC, you can rest assured you’ll have a partner in your success.
- Experts on call, whenever you need us
- Regularly scheduled meetings with your trusted Security Advisor
- Get prioritized recommendations to strengthen your security program
