Rapid7 Managed Threat Complete

The typical use case for Rapid7 MDR  is that it is highly valued. It is not so bad, but competition with EDR is tough. Rapid7 MDR  does not position itself as EDR or XDR , so it is rather a SIEM  type solution, which makes it different from CrowdStrike, SentinelOne, or Microsoft. They are not in the competition listing of EDR products.

The features of Rapid7 MDR that I find most effective for threat detection are the threat intelligence capabilities because it already collects many vulnerabilities and exploitations, as well as the configuration of network devices. They integrate everything into one solution. The other solutions such as CrowdStrike or SentinelOne don't collect all the vulnerabilities or threat intelligence except within their product itself, making Rapid7 MDR very strong in this aspect.

I have seen an ROI from this solution in terms of time savings. Because it includes everything, including SIEM , EDR, and vulnerability control, other solutions require integration of every module and vendor. It is easier to implement once they start, as the modules of the EDR can be challenging to implement and may require consulting.

There are areas of Rapid7 MDR that have room for improvement. The market is now changing very quickly towards artificial intelligence, and all the SIEM, EDR, and XDR  vendors are moving to apply artificial intelligence in their solutions. Rapid7 MDR is currently weak in AI solutions and intelligence, which is concerning. It is also somewhat delayed compared to many vendors such as CrowdStrike, SentinelOne, or Microsoft, who are heading in such directions.

I have worked with Rapid7 MDR for approximately three years.

I would rate the stability of Rapid7 MDR rather high, approximately six or eight out of ten.

I would rate the scalability of Rapid7 MDR very high on a scale of one to 10, approximately eight.

The technical support from Rapid7 MDR is adequate, rating approximately six out of ten. The lower tier support is not very good. Additionally, Japanese customers require Japanese representatives as the support is primarily in English.

Neutral

The initial setup of Rapid7 MDR is relatively easy because it integrates everything. However, the complete setup process is challenging due to the numerous modules involved. This includes cloud deployment, on-premises implementation of network devices, data collection, and agent installation. Implementation is manageable for existing Rapid7 customers, but it can be very challenging for new customers.

I have knowledge of CrowdStrike solutions as a competitor, though not direct experience.

I would recommend Rapid7 MDR to others, but this market is changing quickly due to artificial intelligence. I cannot say it is the best solution for customers as the market is evolving, with new solutions emerging and existing vendors improving their offerings in the near future.

Overall, I would rate Rapid7 MDR a seven out of ten. Once customers can implement it, it becomes a good solution for them, though implementation remains a significant consideration.

My company is also implementing Rapid7 MDR for database security. When comparing it with other solutions like ductless systems, Rapid7 stands out specifically for MDR network protection and response.

Rapid7's MDR service offers several strong points. Firstly, it excels in incident response. Rapid7 focuses not only on incident detection but also on response, aiming to minimize false positives effectively. This capability is crucial for reducing unnecessary alerts and ensuring that responses are targeted and efficient.

Additionally, Rapid7's MDR service extends beyond just incident response. It includes features for vulnerability assessment and vulnerability management, which are essential for proactive security measures. These features help in identifying and managing potential risks before they can be exploited.

I have been using Rapid7 MDR for three years. We are the vendor of this solution.

The product is stable. I rate the solution’s stability a nine out of ten.

The scalability is high. It is suitable for enterprise businesses. I rate the solution’s scalability a seven out of ten.

Support is excellent.

Positive

The initial setup is straightforward. To install the Rapid7, sensor and pull off kit, we only need less than a day.

I rate the initial setup an eight or nine out of ten, where one is difficult, and ten is easy.

We have a very nice pricing. It is flexible.

Rapid7 MDR leverage AI highly to enhance threat detection and response capabilities.

Overall, I rate the solution an eight out of ten.

We use it for our security and virtual center security. It helps us investigate incidents and physical issues.

We've filled in crucial gaps we had with our previous solution. This was a key factor in choosing Rapid7 during the selection process. The ROI is already starting to show, too.

We saw specific cost reductions. We used to pay extra for external user insight and availability management in our old setup. Now, that's all included in Rapid7, which saves us money and simplifies management.

The integrations are a big plus. We can easily onboard log sources and transition from our previous MSSP without any hassle. We don't have any major issues and it has good ease of use for resource onboarding a breeze.

There are potential improvements in reports and dashboards.

We have been using it for a couple of months. It replaced SecureWorks in my current environment. We used SecureWorks MDR in my previous role.

It is a stable solution.

Our previous solution was limited by events per second or other load restrictions. With Rapid7, we can send as many logs as we want. We're not limited by any event or check numbers. It's very flexible and scalable, unlike our previous setup.

The support is quite responsive. We often jump on calls for onboarding assets and custom configurations like log forwarding. We haven't needed much beyond that.

Positive

The setup was definitely straightforward. Onboarding and integrations were a breeze.

We started by selecting a vendor, in this case, External Call.com. They handled a lot of the initial and out-of-box configuration and setup, and their consultants took care of the rest of the process. Everything was smooth and efficient in the business sense. The deployment took about six months.

As long as the collectors are running in the cloud, there's not much maintenance required. We decided to keep the programming on-premise, but that's a separate decision.

We saw an ROI. We saw specific cost reductions. We used to pay extra for external user insight and vulnerability management in our old setup. Now, that's all included in Rapid7, which saves us money and simplifies vulnerability management.

It's reasonable compared to our previous solution. We conducted a cost-benefit analysis and based on that it met our needs and usage, so we are satisfied with the price. 

Rapid7 works well for us and meets our current needs. It's a solid eight out of ten. However, it depends on your organization's cybersecurity roadmap. 

For example, if your long-term plan is to have an on-premise security team, then Rapid7 might not be the best fit. 

We don't have on-premise capabilities and rely solely on the cloud, so it works for us. But other organizations might need that on-premise option. So, it really depends on their cybersecurity roadmap.

We use the solution in our security operation center. We use the tool to provide more visibility into the security operation center.

It is a good solution. It's not a black box. Our security operations center has similar access to the console that we have access to. It's very open. The product has automation workflows. It has around 5000 detections in it. I trust the solution.

The product is continuously developing. Whenever something new comes out, the product is upgraded. We can also bring in community threat feeds. The product allows us to customize our alerts. Log query searching has come a long way. It doesn’t require us to code anymore. We can just type in what we are looking for.

We can also deploy our agents. The good thing about agents is that we can use the automation workflow to disable user accounts. We can also make it disable and quarantine an asset. These features are provided right out of the box. The workflows do not cost us more money.

The product should provide full transparency in security operations. I want to see what's exactly going on on the other side. I want to know what is happening, what my security operations center is doing, and whether they are working for me.

I have been using the solution for four to five years for two to three different companies.

The nice thing about MDR is that we have a number to call. If there's something major or risky, we have a telephone number for that group.

Positive

I have used Arctic Wolf. We switched to Rapid7 MDR because we didn’t get a lot of insight from Arctic Wolf, and it provided a lot of false positives.

I rate the ease of setup a seven out of ten. It is not bad. It takes a little bit more time. It will probably take three weeks to get the product up and running, especially by the time we deploy all the agents.

We need four people to deploy the solution. It includes server, network, security, and desktop experts.

The product is not overly priced. We can buy products for a cheaper price, but we will not get as much technology.

I trust the tool with my network. Overall, I rate the product a nine out of ten.