Rapid7 Managed Threat Complete

Rapid7 MDR  serves as our endpoint security solution. When we receive an alert from Rapid7 MDR , we check the logs of the endpoints that are managed on the client side, which provides us with richer information for the tickets. The enrichment that Rapid7 MDR generates for the client is greater than with other tools, and this has had a big impact.

Everything works very well with Rapid7 MDR. One day we had an incident related to an attack where Rapid7 MDR detected social engineering in a Teams chat, for which we received a notification by email. By correlating the events in Rapid7 MDR, we identified that it was a call from an unauthorized tenant within the organization.

Being able to list the vulnerabilities of the machines, being able to correlate alerts with the respective users who managed them, and having the artificial intelligence for creating query searches in the logs is crucial. The artificial intelligence for creating queries in the logs with Rapid7 MDR has been a great help because normally we use another platform called CrowdStrike, and the queries there are very different. This ultimately helps us create queries faster and more efficiently.

Rapid7 MDR has had a big impact when handling tickets by enriching them with information for the client. The client has been very pleased when handling tickets with Rapid7 MDR, unlike with other platforms, and this has had a positive impact.

It has helped with the ease and speed of detections and event correlations. Rapid7 MDR is very transparent. Investigations and detections are always identified normally, and they enrich the tickets.

I do not feel there is any improvement needed at the moment; all the features, the tools within it, and their functions are satisfactory. Because it is very good, there are always areas to improve, though I cannot point out specific ones at this moment.

I have been using Rapid7 MDR for almost a year.

I have not experienced any stability issues.

We used CrowdStrike previously. We still use CrowdStrike, and we have not moved 100% to Rapid7 MDR; we have a 50/50 split with both tools.

The setup was very good. You just install a sensor for Rapid7 MDR and that is it.

I have not used the implementation team.

I recommend reading the documentation, requesting a demo, and comparing Rapid7 MDR with other tools to see which is best for your organization.

I can describe many use cases for Rapid7 MDR , as there are multiple times when a person's PC gets compromised. There is an attacker behavior analysis, ABA, which is already part of the specific Rapid7 MDR  XDR  solution. We define a specific set of built-in rules in the MDR services and remap those rules according to our infrastructure for specific use cases.

We also deal with multiple phishing emails that we receive, and Rapid7 MDR is effective in identifying those specific use cases. In the Fintech sector, we encounter many anomalies from different servers that are publicly exposed on the internet, and Rapid7 MDR provides very beneficial use cases that eliminate the need to write custom use cases. We can define the logic in predefined use cases such as Attacker Behavior Analysis and User Behavior Analytics .

Additionally, when onboarding any log sources, there is a RegEx parser designed for parsing every log source on the built-in platform, making it quite user-friendly.

The best features in Rapid7 MDR are their team, which is made up of professionals. I interact with them whenever we face issues, even though we are running our own SOC, but we sometimes rely on Rapid7. It is having a human eye on everything. The MDR AI platform they recently transformed into is very helpful for defining use cases, real-time detections from a dashboard, and the reporting mechanism they have created within Rapid7 MDR.

Even the orchestrator platform they introduced for playbook creation is very helpful, as I create playbooks on Rapid7 using their predefined orchestrator platform.

Having a dedicated cybersecurity advisor through Rapid7 MDR significantly impacts aligning our security program with business needs because it approaches MDR better for big organizations such as mine. My first organization, Afiniti, was a significant AI-based company where I introduced Rapid7 MDR. The MDR is beneficial for both small and large organizations, unlike Splunk, which has more conditional formatting in their product.

Rapid7 MDR has positively impacted my organization by providing us with very effective management tools. Once we introduced Rapid7 MDR along with their vulnerability assessment tool, IVM, we transitioned from using Qualys and Tenable, which are top-tier tools in the market. The management tool from Rapid7 allows us to access a variety of vulnerabilities in real time to fix them effectively. How we tackle that specific MDR is indicative of its market quality. We analyzed the tool during our POC before purchasing.

We deployed endpoints on a specific server and attacked that machine using different methods, such as Metasploit , conducting DDoS attempts, and generating alerts for every anomaly from Rapid7. While a competitor's solution failed to detect many attacks, Rapid7 identified them in real time, which effectively pushed my management towards choosing Rapid7 MDR.

My experience with detection and response capabilities for Microsoft-centric environments has been positive. While API integration can be challenging with some third-party tools, Microsoft's built-in features facilitate seamless communication. I have found it relatively easy to triage and integrate Microsoft systems with Rapid7 MDR.

In terms of digital forensics and incident response included in the MDR service, my experience is that it is not very robust. We lack a dedicated forensic team, which is essential for thorough investigation. Rapid7 has introduced honeypots, which is an encouraging feature, but it is not a comprehensive solution such as those offered by competitors, such as Palo Alto's Unit 42.

Apart from forensics, I believe Rapid7 MDR should introduce more forensic services. Another area to improve is the active platform's handling of on-premises tools versus cloud-based tools. We prefer on-premises options for data security, and we find limitations in features compared to cloud-based tools, concerning data access and privacy controls.

I have been working with Rapid7 MDR for the last five to six years.

Regarding stability and scalability, I have had no significant issues. Stability is good, and I have not experienced delays, even with on-premises deployments. I did encounter minor latency during a scheduled upgrade but was informed that it would occur.

Evaluating the customer service and technical support teams of Rapid7 MDR, I would rate them a six out of ten. I have previous experience with IBM support, which was excellent and proactive. In contrast, Rapid7 MDR support often takes longer to respond to issues. Despite their large customer base, this highlights a need for enhancement in their support team.

I decided to switch from those products because, while Qualys is a good vulnerability scanner, it is not very user-friendly. When scanning two machines, one with Rapid7 having an agent deployed for a level three scan and another with Qualys, the results were different. Rapid7 MDR indicated more vulnerabilities that were accurate upon verification, whereas Qualys missed many of them. This highlighted that IVM, Rapid7 MDR, and MDR stand out as top products in the market, especially for our financial sector.

The deployment setup process for Rapid7 MDR is straightforward. I have deployed both the cloud environment and on-premises Nexpose service. Their services, whether on-premises or cloud-based, are easy to deploy, and the endpoints are lightweight and compatible with other tools in our environment.

I bought Rapid7 MDR directly from the vendor, which is uncommon for sectors such as Fintech that usually work through intermediaries. I have had direct interactions with the Rapid7 team, specifically with someone named Nikola, and I find that beneficial.

I have seen a positive return on investment concerning Rapid7 MDR, as we have invested wisely, yielding results in detection mechanisms. I can confidently say that investing in Rapid7 MDR has been worthwhile, despite acknowledging that every tool has its flaws. Overall, the category is very good.

Regarding pricing, I manage everything with Rapid7 MDR, and I find their pricing very reasonable compared to the market. They negotiate well with us on various aspects of MDR, and we have received great rates for services such as IVM, including Threat Command.

I am taking advantage of the expanded ecosystem telemetry support in Rapid7 MDR. We have enhanced the logging mechanism within Rapid7 MDR, allowing us to assign projects to different teams with visibility only of their specific assets. This approach supports various vulnerability assessments and compliance achievements. My management is overall pleased as we have managed to meet compliance standards such as ISO 27001 and NIST due to features provided by Rapid7 MDR.

I utilize AI-assisted Risk-Aware Investigation workflows, integrating both our on-prem and cloud infrastructure. By using APIs in our environment, we gain enhanced visibility, giving us detailed insights that greatly assist in real-time monitoring.

This approach impacts my alert triage and prioritization processes since Active Directory is a crucial element in our industry. Rapid7 MDR improves the alerting mechanism for Active Directories and all connected user activities. Previously used SIEM  solutions did not adequately capture anomalies on ADs. With Rapid7 MDR, any anomaly triggers escalated alerts in real time.

I am using the Integrated MDR for Microsoft Environments feature, having integrated Microsoft 365 with our MDR and endpoints from Microsoft Active Directory  and Azure . This integration provides us with comprehensive visibility into our infrastructure.

Regarding transparency in detection and investigations with Rapid7 MDR, we receive metrics such as MTTR and MTTD (Mean Time to Detect and Mean Time to Respond). We monitor how quickly the tool detects anomalies and how long it takes to respond, which shows improvement due to the specific MDR product. My overall review rating for Rapid7 MDR is 8.5 out of 10.

The typical use case for Rapid7 MDR  is that it is highly valued. It is not so bad, but competition with EDR is tough. Rapid7 MDR  does not position itself as EDR or XDR , so it is rather a SIEM  type solution, which makes it different from CrowdStrike, SentinelOne, or Microsoft. They are not in the competition listing of EDR products.

The features of Rapid7 MDR that I find most effective for threat detection are the threat intelligence capabilities because it already collects many vulnerabilities and exploitations, as well as the configuration of network devices. They integrate everything into one solution. The other solutions such as CrowdStrike or SentinelOne don't collect all the vulnerabilities or threat intelligence except within their product itself, making Rapid7 MDR very strong in this aspect.

I have seen an ROI from this solution in terms of time savings. Because it includes everything, including SIEM , EDR, and vulnerability control, other solutions require integration of every module and vendor. It is easier to implement once they start, as the modules of the EDR can be challenging to implement and may require consulting.

There are areas of Rapid7 MDR that have room for improvement. The market is now changing very quickly towards artificial intelligence, and all the SIEM, EDR, and XDR  vendors are moving to apply artificial intelligence in their solutions. Rapid7 MDR is currently weak in AI solutions and intelligence, which is concerning. It is also somewhat delayed compared to many vendors such as CrowdStrike, SentinelOne, or Microsoft, who are heading in such directions.

I have worked with Rapid7 MDR for approximately three years.

I would rate the stability of Rapid7 MDR rather high, approximately six or eight out of ten.

I would rate the scalability of Rapid7 MDR very high on a scale of one to 10, approximately eight.

The technical support from Rapid7 MDR is adequate, rating approximately six out of ten. The lower tier support is not very good. Additionally, Japanese customers require Japanese representatives as the support is primarily in English.

The initial setup of Rapid7 MDR is relatively easy because it integrates everything. However, the complete setup process is challenging due to the numerous modules involved. This includes cloud deployment, on-premises implementation of network devices, data collection, and agent installation. Implementation is manageable for existing Rapid7 customers, but it can be very challenging for new customers.

I have knowledge of CrowdStrike solutions as a competitor, though not direct experience.

I would recommend Rapid7 MDR to others, but this market is changing quickly due to artificial intelligence. I cannot say it is the best solution for customers as the market is evolving, with new solutions emerging and existing vendors improving their offerings in the near future.

Overall, I would rate Rapid7 MDR a seven out of ten. Once customers can implement it, it becomes a good solution for them, though implementation remains a significant consideration.

My company is also implementing Rapid7 MDR for database security. When comparing it with other solutions like ductless systems, Rapid7 stands out specifically for MDR network protection and response.

Rapid7's MDR service offers several strong points. Firstly, it excels in incident response. Rapid7 focuses not only on incident detection but also on response, aiming to minimize false positives effectively. This capability is crucial for reducing unnecessary alerts and ensuring that responses are targeted and efficient.

Additionally, Rapid7's MDR service extends beyond just incident response. It includes features for vulnerability assessment and vulnerability management, which are essential for proactive security measures. These features help in identifying and managing potential risks before they can be exploited.

I have been using Rapid7 MDR for three years. We are the vendor of this solution.

The product is stable. I rate the solution’s stability a nine out of ten.

The scalability is high. It is suitable for enterprise businesses. I rate the solution’s scalability a seven out of ten.

Support is excellent.

The initial setup is straightforward. To install the Rapid7, sensor and pull off kit, we only need less than a day.

I rate the initial setup an eight or nine out of ten, where one is difficult, and ten is easy.

We have a very nice pricing. It is flexible.

Rapid7 MDR leverage AI highly to enhance threat detection and response capabilities.

Overall, I rate the solution an eight out of ten.

We use it for our security and virtual center security. It helps us investigate incidents and physical issues.

We've filled in crucial gaps we had with our previous solution. This was a key factor in choosing Rapid7 during the selection process. The ROI is already starting to show, too.

We saw specific cost reductions. We used to pay extra for external user insight and availability management in our old setup. Now, that's all included in Rapid7, which saves us money and simplifies management.

The integrations are a big plus. We can easily onboard log sources and transition from our previous MSSP without any hassle. We don't have any major issues and it has good ease of use for resource onboarding a breeze.

There are potential improvements in reports and dashboards.

We have been using it for a couple of months. It replaced SecureWorks in my current environment. We used SecureWorks MDR in my previous role.

It is a stable solution.

Our previous solution was limited by events per second or other load restrictions. With Rapid7, we can send as many logs as we want. We're not limited by any event or check numbers. It's very flexible and scalable, unlike our previous setup.

The support is quite responsive. We often jump on calls for onboarding assets and custom configurations like log forwarding. We haven't needed much beyond that.

The setup was definitely straightforward. Onboarding and integrations were a breeze.

We started by selecting a vendor, in this case, External Call.com. They handled a lot of the initial and out-of-box configuration and setup, and their consultants took care of the rest of the process. Everything was smooth and efficient in the business sense. The deployment took about six months.

As long as the collectors are running in the cloud, there's not much maintenance required. We decided to keep the programming on-premise, but that's a separate decision.

We saw an ROI. We saw specific cost reductions. We used to pay extra for external user insight and vulnerability management in our old setup. Now, that's all included in Rapid7, which saves us money and simplifies vulnerability management.

It's reasonable compared to our previous solution. We conducted a cost-benefit analysis and based on that it met our needs and usage, so we are satisfied with the price.

Rapid7 works well for us and meets our current needs. It's a solid eight out of ten. However, it depends on your organization's cybersecurity roadmap.

For example, if your long-term plan is to have an on-premise security team, then Rapid7 might not be the best fit.

We don't have on-premise capabilities and rely solely on the cloud, so it works for us. But other organizations might need that on-premise option. So, it really depends on their cybersecurity roadmap.