Managed Detection and Response

Detection Methodologies

Rapid7 MDR SOC employs a multi-layered approach to detect malicious activity across the attack chain for both known and unknown threats. Each detection through InsightIDR is validated by our SOC analysts to ensure we only pass true threats in our reports.mdr-detection-image.jpg

Analyst Validation

All events are validated by our SOC analyst team prior to reporting any alert to you. With human validation from our Spotters or Hunters, our MDR service removes benign, unnecessary, or redundant alerts from your Findings Reports.

Proactive Threat Hunting

Rapid7’s MDR team leverages Insight Agent data and specialized views to perform scheduled and ad-hoc threat hunts in your environment. The nature of the hunts varies over time and is based on trends in the threat landscape. The results of these hunts are sent to your team in the form of the monthly Hunt Reports.

Endpoint Detection and Visibility

Our SOC team is armed with high-fidelity endpoint data to identify novel variations of new attacker techniques from endpoint behavior. Our team has deep visibility across your network, including remote workers and cloud services, and can spot anomalous running processes, risky user behavior, and malicious activity—all in real time.

Learn more about endpoint detection and visibility

User Behavior Analytics (UBA)

User Behavior Analytics (UBA) enables our SOC team to determine if a potential threat is an attacker impersonating an employee or an employee who presents some kind of risk. Our SOC leverages these UBA indicators to dynamically prioritize and rank alert criticality based on the presence or absence of notable behaviors.

Learn more about User Behavior Analytics

Threat Intelligence-Based Detections

Rapid7 leverages proprietary threat intelligence derived from research, previous investigations, monitoring findings, and third-party sources. The MDR Threat Intelligence team is responsible for maintaining this intelligence and working alongside our SOC analysts to constantly apply these learnings across all MDR customer environments.

Learn more about research at Rapid7

Intruder Traps

Set up easy-to-deploy deception technologies like honeypots, honey users, honey credentials, and honey files to catch attackers earlier in the attack chain.

Learn more about deception technology

Ready to see what MDR can do for your security program?

Contact Us