Rapid7 Managed Threat Complete

Rapid7 MDR is our managed service that serves as our SOC and represents our starting point in utilizing a solution for cybersecurity. Rapid7 MDR is the primary use case for our company's SOC.

The consulting and monthly consulting and reporting are very useful features that we find most valuable.

Having a dedicated cybersecurity advisor through Rapid7 MDR helps us align our cybersecurity strategy to the up-to-date measurements and controls that we can take, which impacts how we align our security program with business needs.

With a very small IT operations team, we have experienced a positive impact from Rapid7 MDR. In the past, we had much effort to handle incidents, and now with the SOC on our side, the process is more streamlined, and we are much faster than before.

My impression of the Risk-Aware Detection features is positive; they work well for us.

We are starting to get into the AI solutions from Rapid7 MDR for our SIEM, but we are in the very beginning stages, focusing on AI-assisted Risk-Aware Investigation workflows.

We are using the integrated MDR for Microsoft environments feature. Up to now, it works well regarding its detection and response capabilities for Microsoft-centric environments.

Now we have a clear view of what has happened in our tenant, which has impacted our incident recovery process positively; before, we did not have this view. We have many signals, so we can control them and check if we are on the right path or if it is just a false incident, and it works very well. In the last several months, we have seen more than we have seen in the previous two years.

AI is present, and I think Rapid7 MDR could add good reporting, more reporting, and perhaps more templates in the future to make the product even better.

Since the beginning of the year, we have been using this tool.

Rapid7 MDR works really well; we are completely satisfied with it. It is a nice service and I believe we have everything we need. From my perspective, I have no improvements to suggest. There is much more we have to discover.

I do not think there are scalability issues regarding extending usage in the future.

When ten is the best, I would rate their technical support at a ten.

We have Rapid7 IVM and SIEM, and we are still using them. We have now added Rapid7 MDR as a service, which reflects our previous positive experience with Rapid7 solutions.

I cannot speak to how the initial setup was because we had Rapid7 IVM and SIEM before, and that setup occurred before my time. The setup for Rapid7 MDR was very simple because we already had half of the infrastructure in place.

We evaluated many other solutions for various situations, but ultimately we chose Rapid7 MDR because of the price and the service, which were perfect for us.

I find the pricing reasonable and competitive.

Rapid7 MDR is hybrid regarding whether it is on-premises, cloud-based, or hybrid.

I purchased Rapid7 MDR through our IT supplier.

Five people, at most, are working with the product in our company, indicating the usage is currently pretty limited.

The interface is very handy and user-friendly.

I would say Rapid7 MDR is popular; Rapid7 is a well-known name in my region.

I would rate this product a ten out of ten.

Our primary use cases focus on threat detection and network-related security concerns, with an emphasis on cybersecurity-related areas.

My team is satisfied with the current capabilities, though there are certainly areas for improvement. Rapid7 MDR has not covered all the areas we need, which is why we also utilize Zscaler. For personalized security for developers, testers, and other audiences who are exposing their network to risk, we definitely need very micro-level monitoring of requests and network activity.

All stakeholders claim that Rapid7 MDR is very effective at identifying threats in today's AI era. It is quite difficult for all of us to identify what type of code or requests are coming through. This improvement is very important to the product itself and its realignment. We raised a request, and Rapid7 MDR has made changes to their product by conducting extensive research and development with thorough testing.

There are multiple areas for improvement, especially regarding generative AI-related threats. Secondly, proxy communication happens through agentic AI, making it very difficult to identify whether it is agentic AI, a human, or a hacker. That filtering and identification will need to be improved in Rapid7 MDR. Many products still do not make that effort, but Rapid7 MDR has started to address this; however, this remains a drawback at the moment. We moved our own artificial intelligence product, and our developers and testers are using it, but we still restrict its use to inside our Fujitsu premises. We cannot allow it to go outside because we do not have that level of trust at the moment.

It is quite difficult to specify all areas at the moment, but there are multiple features needed. Based on our transformation with a combination of cloud technology and artificial intelligence, we are using co-pilot and multiple AI models will require many enhancements aligned with new technology trends in the market. I cannot articulate or name all of them, but we are still not confident in asking customers to use AI in their environment. They are reluctant at the moment because of security concerns and other myths around AI. There should definitely be a tool that gives us the confidence that whatever AI model we are using is secured through that tool. That tool should assure customers that there is a 90% or 98% guarantee that their code or utilization of AI technology will meet the mark. Currently, customers are not flexible in beginning to utilize AI, especially for financial institutions, research and development institutes, or places where sensitive business operations occur or large customer volumes exist. No one can risk it at the moment. People are using co-pilot, chatbots, or bot services, but they are still not confident in utilizing them without taking risks. No one can claim that they are 100% secure in providing those services. We are expecting that type of confidence from Rapid7 MDR and other technologies playing a role in the market.

We have been using this solution for more than four years.

Getting responses from any service industry is challenging. We have an SLA, especially those SLAs from which we really need support based on our customer expectations, particularly for our developers. Every machine has Rapid7 MDR installed. We have our own IT department that is enabled with all training. The thing is that we do not directly rely on Rapid7 MDR for support, but we have built up our own competency with Rapid7 MDR. Only for very urgent issues do we get support from Rapid7 MDR, but that also depends upon the contract. We do not have extensive experience where we frequently interact with Rapid7 MDR, but wherever there is a setting, configuration management, or something similar, we are getting support from their technical or non-technical staff. It is about how you build your relationship with them. We are training our employees and providing them with training, and once they are trained, we believe this is a common shared responsibility.

The setup cost is reasonable and not so expensive. It is simple and straightforward.

We are primarily on Microsoft with a platinum contract, so all products we evaluate are in line with Microsoft's technology stack. Rapid7 MDR and Zscaler are both well-equipped and support Microsoft technology. Since Microsoft has its own products like Defender and others, we still use them for our daily work. I would rate my overall experience with customer service as a 3 out of 10.

I am using Rapid7 MDR for all the devices in a single data center. We have different devices including Windows servers, firewalls, endpoints, and various Arista devices. All those devices log different incidents that are managed by Rapid7 MDR.

We are using a Microsoft environment for our endpoints. We are collecting syslog logs for that. We also use EDR, and the correlation is quite useful. We have been getting new kinds of alerts and more insight into the endpoints. This proved valuable because we integrated EDR with it.

We were using an in-house SIEM before with different use cases and analytics. However, it did not give us more insight into the logs that we were fetching. The benefits that came with Rapid7 MDR is the analysis we are getting now, which is quite useful. Apart from that, we also got user behavior analytics and EDR integration, which helped us considerably.

Regulatory compliance basically guides us at the moment. Our infrastructure is quite critical, so security posture needs to be well maintained. We are relying on Rapid7 MDR and have had a good experience. It is fulfilling our strategy. We have a risk matrix ourselves that maps with the risk posture we have. We are relying on our in-house risk matrix at the moment, but we also have a good feature with Rapid7 MDR.

We currently come across more false positives. The tool is a bit more aggressive than other tools. However, this can be fixed with tuning. We are working on tuning it better. Our infrastructure is expanding a lot, so we are getting lots of logs. The ingestion then becomes an issue from a cost perspective. These are the main areas for improvement.

I have been using the solution for one and a half years now.

If we talk about different vendors, there is competition, but the user interface of Rapid7 MDR is quite useful for us. The support is also good. There are different vendors which have more experienced staff. However, Rapid7 MDR has been the best in zero-day attacks and the vulnerabilities that come into picture. We prefer that.

We were using an in-house SIEM before with different use cases and analytics. It did not give us more insight into the logs that we were fetching. The benefits that came with Rapid7 MDR is the analysis we are getting now, which is quite useful.

It is very easy.

We have a team, though we do not have a segregated team for it at the moment. We have around fifty individuals in different places and different responsibilities.

The log ingestion is the main criteria that comes into picture. I would not say it is cheap, but it is more efficient. It is economical for us. We evaluated different tools and services before. If we check the functional requirement and financial perspective, this is the best service.

We generally do not get into the telemetry part of it, and that is impacting a few things that align with our strategy at the moment. However, we should use it more. We will be contacting the support team for that.

Regarding scalability, I would rate it a nine. If an organization is looking for an edge in security and they have any kind of on-prem, hybrid, or cloud solution, I think they should go for Rapid7 MDR. Based on my experience, I have evaluated different vendors and this came out to be the better solution for us. I would recommend this. My overall rating for this product is nine.

Our use case is to measure our compliance score. We measure our compliance status with CIS benchmarks implemented via Intune and Defender, which was a request from management.

I think the best feature of Rapid7 MDR is that it is silent and easy to use. Sometimes I had some problems with it, but I believe that was caused by Microsoft and their policies. It was really fast to measure our compliance.

Rapid7 MDR helped us find some gaps and vulnerabilities in our policies. It helped to make sure that we did not miss anything in our implementation.

It helped us to establish possible outcomes and what might happen if we want to implement something.

I did not use all features, so I am not sure what is already implemented or what would be good to implement. However, I think the best area for improvement is pricing.

I have been using Rapid7 MDR for half of the year, a few months.

There were no problems, so I think stability is nine out of ten.

I cannot compare Rapid7 MDR with other solutions because I did not use other detectors. If we are talking about Defender, I think it is really popular. I would say it is in the top five, and that is a really reasonable place for them.

The setup was really quick and easy.

Three people use Rapid7 MDR to manage and verify our compliance status. Three people was enough.

I did not use the Risk-Aware Detection feature at all, so unfortunately I cannot answer questions about that.

Regarding Intune, I have been using it for six years and Defender for two and a half years. Those are the two products I use the most. I also use some admin center, Exchange admin center, and other tools.

I am not sure about certain features because I did not use them all. However, as I have been in a support role, I think I should rate that at eight out of ten.

From my perspective, Rapid7 MDR is a really good product that is easy to implement and use. I achieved everything I needed, prepared the whole report, and it took me a few days. That is pretty fast and awesome.

My overall review rating for this product is seven out of ten.

Rapid7 MDR serves as our endpoint security solution. When we receive an alert from Rapid7 MDR, we check the logs of the endpoints that are managed on the client side, which provides us with richer information for the tickets. The enrichment that Rapid7 MDR generates for the client is greater than with other tools, and this has had a big impact.

Everything works very well with Rapid7 MDR. One day we had an incident related to an attack where Rapid7 MDR detected social engineering in a Teams chat, for which we received a notification by email. By correlating the events in Rapid7 MDR, we identified that it was a call from an unauthorized tenant within the organization.

Being able to list the vulnerabilities of the machines, being able to correlate alerts with the respective users who managed them, and having the artificial intelligence for creating query searches in the logs is crucial. The artificial intelligence for creating queries in the logs with Rapid7 MDR has been a great help because normally we use another platform called CrowdStrike, and the queries there are very different. This ultimately helps us create queries faster and more efficiently.

Rapid7 MDR has had a big impact when handling tickets by enriching them with information for the client. The client has been very pleased when handling tickets with Rapid7 MDR, unlike with other platforms, and this has had a positive impact.

It has helped with the ease and speed of detections and event correlations. Rapid7 MDR is very transparent. Investigations and detections are always identified normally, and they enrich the tickets.

I do not feel there is any improvement needed at the moment; all the features, the tools within it, and their functions are satisfactory. Because it is very good, there are always areas to improve, though I cannot point out specific ones at this moment.

I have been using Rapid7 MDR for almost a year.

I have not experienced any stability issues.

We used CrowdStrike previously. We still use CrowdStrike, and we have not moved 100% to Rapid7 MDR; we have a 50/50 split with both tools.

The setup was very good. You just install a sensor for Rapid7 MDR and that is it.

I have not used the implementation team.

I recommend reading the documentation, requesting a demo, and comparing Rapid7 MDR with other tools to see which is best for your organization.

I can describe many use cases for Rapid7 MDR, as there are multiple times when a person's PC gets compromised. There is an attacker behavior analysis, ABA, which is already part of the specific Rapid7 MDR XDR solution. We define a specific set of built-in rules in the MDR services and remap those rules according to our infrastructure for specific use cases.

We also deal with multiple phishing emails that we receive, and Rapid7 MDR is effective in identifying those specific use cases. In the Fintech sector, we encounter many anomalies from different servers that are publicly exposed on the internet, and Rapid7 MDR provides very beneficial use cases that eliminate the need to write custom use cases. We can define the logic in predefined use cases such as Attacker Behavior Analysis and User Behavior Analytics.

Additionally, when onboarding any log sources, there is a RegEx parser designed for parsing every log source on the built-in platform, making it quite user-friendly.

The best features in Rapid7 MDR are their team, which is made up of professionals. I interact with them whenever we face issues, even though we are running our own SOC, but we sometimes rely on Rapid7. It is having a human eye on everything. The MDR AI platform they recently transformed into is very helpful for defining use cases, real-time detections from a dashboard, and the reporting mechanism they have created within Rapid7 MDR.

Even the orchestrator platform they introduced for playbook creation is very helpful, as I create playbooks on Rapid7 using their predefined orchestrator platform.

Having a dedicated cybersecurity advisor through Rapid7 MDR significantly impacts aligning our security program with business needs because it approaches MDR better for big organizations such as mine. My first organization, Afiniti, was a significant AI-based company where I introduced Rapid7 MDR. The MDR is beneficial for both small and large organizations, unlike Splunk, which has more conditional formatting in their product.

Rapid7 MDR has positively impacted my organization by providing us with very effective management tools. Once we introduced Rapid7 MDR along with their vulnerability assessment tool, IVM, we transitioned from using Qualys and Tenable, which are top-tier tools in the market. The management tool from Rapid7 allows us to access a variety of vulnerabilities in real time to fix them effectively. How we tackle that specific MDR is indicative of its market quality. We analyzed the tool during our POC before purchasing.

We deployed endpoints on a specific server and attacked that machine using different methods, such as Metasploit, conducting DDoS attempts, and generating alerts for every anomaly from Rapid7. While a competitor's solution failed to detect many attacks, Rapid7 identified them in real time, which effectively pushed my management towards choosing Rapid7 MDR.

My experience with detection and response capabilities for Microsoft-centric environments has been positive. While API integration can be challenging with some third-party tools, Microsoft's built-in features facilitate seamless communication. I have found it relatively easy to triage and integrate Microsoft systems with Rapid7 MDR.

In terms of digital forensics and incident response included in the MDR service, my experience is that it is not very robust. We lack a dedicated forensic team, which is essential for thorough investigation. Rapid7 has introduced honeypots, which is an encouraging feature, but it is not a comprehensive solution such as those offered by competitors, such as Palo Alto's Unit 42.

Apart from forensics, I believe Rapid7 MDR should introduce more forensic services. Another area to improve is the active platform's handling of on-premises tools versus cloud-based tools. We prefer on-premises options for data security, and we find limitations in features compared to cloud-based tools, concerning data access and privacy controls.

I have been working with Rapid7 MDR for the last five to six years.

Regarding stability and scalability, I have had no significant issues. Stability is good, and I have not experienced delays, even with on-premises deployments. I did encounter minor latency during a scheduled upgrade but was informed that it would occur.

Evaluating the customer service and technical support teams of Rapid7 MDR, I would rate them a six out of ten. I have previous experience with IBM support, which was excellent and proactive. In contrast, Rapid7 MDR support often takes longer to respond to issues. Despite their large customer base, this highlights a need for enhancement in their support team.

I decided to switch from those products because, while Qualys is a good vulnerability scanner, it is not very user-friendly. When scanning two machines, one with Rapid7 having an agent deployed for a level three scan and another with Qualys, the results were different. Rapid7 MDR indicated more vulnerabilities that were accurate upon verification, whereas Qualys missed many of them. This highlighted that IVM, Rapid7 MDR, and MDR stand out as top products in the market, especially for our financial sector.

The deployment setup process for Rapid7 MDR is straightforward. I have deployed both the cloud environment and on-premises Nexpose service. Their services, whether on-premises or cloud-based, are easy to deploy, and the endpoints are lightweight and compatible with other tools in our environment.

I bought Rapid7 MDR directly from the vendor, which is uncommon for sectors such as Fintech that usually work through intermediaries. I have had direct interactions with the Rapid7 team, specifically with someone named Nikola, and I find that beneficial.

I have seen a positive return on investment concerning Rapid7 MDR, as we have invested wisely, yielding results in detection mechanisms. I can confidently say that investing in Rapid7 MDR has been worthwhile, despite acknowledging that every tool has its flaws. Overall, the category is very good.

Regarding pricing, I manage everything with Rapid7 MDR, and I find their pricing very reasonable compared to the market. They negotiate well with us on various aspects of MDR, and we have received great rates for services such as IVM, including Threat Command.

I am taking advantage of the expanded ecosystem telemetry support in Rapid7 MDR. We have enhanced the logging mechanism within Rapid7 MDR, allowing us to assign projects to different teams with visibility only of their specific assets. This approach supports various vulnerability assessments and compliance achievements. My management is overall pleased as we have managed to meet compliance standards such as ISO 27001 and NIST due to features provided by Rapid7 MDR.

I utilize AI-assisted Risk-Aware Investigation workflows, integrating both our on-prem and cloud infrastructure. By using APIs in our environment, we gain enhanced visibility, giving us detailed insights that greatly assist in real-time monitoring.

This approach impacts my alert triage and prioritization processes since Active Directory is a crucial element in our industry. Rapid7 MDR improves the alerting mechanism for Active Directories and all connected user activities. Previously used SIEM solutions did not adequately capture anomalies on ADs. With Rapid7 MDR, any anomaly triggers escalated alerts in real time.

I am using the Integrated MDR for Microsoft Environments feature, having integrated Microsoft 365 with our MDR and endpoints from Microsoft Active Directory and Azure. This integration provides us with comprehensive visibility into our infrastructure.

Regarding transparency in detection and investigations with Rapid7 MDR, we receive metrics such as MTTR and MTTD (Mean Time to Detect and Mean Time to Respond). We monitor how quickly the tool detects anomalies and how long it takes to respond, which shows improvement due to the specific MDR product. My overall review rating for Rapid7 MDR is 8.5 out of 10.

The typical use case for Rapid7 MDR is that it is highly valued. It is not so bad, but competition with EDR is tough. Rapid7 MDR does not position itself as EDR or XDR, so it is rather a SIEM type solution, which makes it different from CrowdStrike, SentinelOne, or Microsoft. They are not in the competition listing of EDR products.

The features of Rapid7 MDR that I find most effective for threat detection are the threat intelligence capabilities because it already collects many vulnerabilities and exploitations, as well as the configuration of network devices. They integrate everything into one solution. The other solutions such as CrowdStrike or SentinelOne don't collect all the vulnerabilities or threat intelligence except within their product itself, making Rapid7 MDR very strong in this aspect.

I have seen an ROI from this solution in terms of time savings. Because it includes everything, including SIEM, EDR, and vulnerability control, other solutions require integration of every module and vendor. It is easier to implement once they start, as the modules of the EDR can be challenging to implement and may require consulting.

There are areas of Rapid7 MDR that have room for improvement. The market is now changing very quickly towards artificial intelligence, and all the SIEM, EDR, and XDR vendors are moving to apply artificial intelligence in their solutions. Rapid7 MDR is currently weak in AI solutions and intelligence, which is concerning. It is also somewhat delayed compared to many vendors such as CrowdStrike, SentinelOne, or Microsoft, who are heading in such directions.

I have worked with Rapid7 MDR for approximately three years.

I would rate the stability of Rapid7 MDR rather high, approximately six or eight out of ten.

I would rate the scalability of Rapid7 MDR very high on a scale of one to 10, approximately eight.

The technical support from Rapid7 MDR is adequate, rating approximately six out of ten. The lower tier support is not very good. Additionally, Japanese customers require Japanese representatives as the support is primarily in English.

The initial setup of Rapid7 MDR is relatively easy because it integrates everything. However, the complete setup process is challenging due to the numerous modules involved. This includes cloud deployment, on-premises implementation of network devices, data collection, and agent installation. Implementation is manageable for existing Rapid7 customers, but it can be very challenging for new customers.

I have knowledge of CrowdStrike solutions as a competitor, though not direct experience.

I would recommend Rapid7 MDR to others, but this market is changing quickly due to artificial intelligence. I cannot say it is the best solution for customers as the market is evolving, with new solutions emerging and existing vendors improving their offerings in the near future.

Overall, I would rate Rapid7 MDR a seven out of ten. Once customers can implement it, it becomes a good solution for them, though implementation remains a significant consideration.

My company is also implementing Rapid7 MDR for database security. When comparing it with other solutions like ductless systems, Rapid7 stands out specifically for MDR network protection and response.

Rapid7's MDR service offers several strong points. Firstly, it excels in incident response. Rapid7 focuses not only on incident detection but also on response, aiming to minimize false positives effectively. This capability is crucial for reducing unnecessary alerts and ensuring that responses are targeted and efficient.

Additionally, Rapid7's MDR service extends beyond just incident response. It includes features for vulnerability assessment and vulnerability management, which are essential for proactive security measures. These features help in identifying and managing potential risks before they can be exploited.

I have been using Rapid7 MDR for three years. We are the vendor of this solution.

The product is stable. I rate the solution’s stability a nine out of ten.

The scalability is high. It is suitable for enterprise businesses. I rate the solution’s scalability a seven out of ten.

Support is excellent.

The initial setup is straightforward. To install the Rapid7, sensor and pull off kit, we only need less than a day.

I rate the initial setup an eight or nine out of ten, where one is difficult, and ten is easy.

We have a very nice pricing. It is flexible.

Rapid7 MDR leverage AI highly to enhance threat detection and response capabilities.

Overall, I rate the solution an eight out of ten.

We use it for our security and virtual center security. It helps us investigate incidents and physical issues.

We've filled in crucial gaps we had with our previous solution. This was a key factor in choosing Rapid7 during the selection process. The ROI is already starting to show, too.

We saw specific cost reductions. We used to pay extra for external user insight and availability management in our old setup. Now, that's all included in Rapid7, which saves us money and simplifies management.

The integrations are a big plus. We can easily onboard log sources and transition from our previous MSSP without any hassle. We don't have any major issues and it has good ease of use for resource onboarding a breeze.

There are potential improvements in reports and dashboards.

We have been using it for a couple of months. It replaced SecureWorks in my current environment. We used SecureWorks MDR in my previous role.

It is a stable solution.

Our previous solution was limited by events per second or other load restrictions. With Rapid7, we can send as many logs as we want. We're not limited by any event or check numbers. It's very flexible and scalable, unlike our previous setup.

The support is quite responsive. We often jump on calls for onboarding assets and custom configurations like log forwarding. We haven't needed much beyond that.

The setup was definitely straightforward. Onboarding and integrations were a breeze.

We started by selecting a vendor, in this case, External Call.com. They handled a lot of the initial and out-of-box configuration and setup, and their consultants took care of the rest of the process. Everything was smooth and efficient in the business sense. The deployment took about six months.

As long as the collectors are running in the cloud, there's not much maintenance required. We decided to keep the programming on-premise, but that's a separate decision.

We saw an ROI. We saw specific cost reductions. We used to pay extra for external user insight and vulnerability management in our old setup. Now, that's all included in Rapid7, which saves us money and simplifies vulnerability management.

It's reasonable compared to our previous solution. We conducted a cost-benefit analysis and based on that it met our needs and usage, so we are satisfied with the price.

Rapid7 works well for us and meets our current needs. It's a solid eight out of ten. However, it depends on your organization's cybersecurity roadmap.

For example, if your long-term plan is to have an on-premise security team, then Rapid7 might not be the best fit.

We don't have on-premise capabilities and rely solely on the cloud, so it works for us. But other organizations might need that on-premise option. So, it really depends on their cybersecurity roadmap.