Rapid7 MDR SOC employs a multi-layered approach to detect malicious activity across the attack chain for both known and unknown threats. Each detection through InsightIDR is validated by our SOC analysts to ensure we only pass true threats in our reports.
Analyst Validation
All events are validated by our SOC analyst team prior to reporting any alert to you. With human validation from our Spotters or Hunters, our MDR service removes benign, unnecessary, or redundant alerts from your Findings Reports.
Proactive Threat Hunting
Rapid7’s MDR team leverages Insight Agent data and specialized views to perform scheduled and ad-hoc threat hunts in your environment. The nature of the hunts varies over time and is based on trends in the threat landscape. The results of these hunts are sent to your team in the form of the monthly Hunt Reports.
Endpoint Detection and Visibility
Our SOC team is armed with high-fidelity endpoint data to identify novel variations of new attacker techniques from endpoint behavior. Our team has deep visibility across your network, including remote workers and cloud services, and can spot anomalous running processes, risky user behavior, and malicious activity—all in real time.
User Behavior Analytics (UBA)
User Behavior Analytics (UBA) enables our SOC team to determine if a potential threat is an attacker impersonating an employee or an employee who presents some kind of risk. Our SOC leverages these UBA indicators to dynamically prioritize and rank alert criticality based on the presence or absence of notable behaviors.
Threat Intelligence-Based Detections
Rapid7 leverages proprietary threat intelligence derived from research, previous investigations, monitoring findings, and third-party sources. The MDR Threat Intelligence team is responsible for maintaining this intelligence and working alongside our SOC analysts to constantly apply these learnings across all MDR customer environments.
Intruder Traps
Set up easy-to-deploy deception technologies like honeypots, honey users, honey credentials, and honey files to catch attackers earlier in the attack chain.
