Rapid7
Managed Detection and Response
Unique combination of full SIEM data access with managed MDR, providing both transparency and active response. Analyst pod model ensures your SOC team knows your environment. AI triage accuracy and Active Remediation via Velociraptor are standout features.
Best For / Not Ideal For
Ideal for
- +Mid-market to enterprise organizations wanting full data transparency alongside MDR
- +Security teams that want to retain query access to their own data
- +Organizations needing active remediation without a fully outsourced model
- +Companies in complex environments needing custom detections (Enterprise tier)
- +Teams that value the analyst pod model for continuity and familiarity
Not ideal for
- −Small organizations with fewer than 100 assets seeking budget MDR
- −Companies unwilling to deploy Rapid7's Insight Agent across 80%+ of assets
- −Organizations looking for a fully technology-agnostic MDR
- −Companies needing OT/ICS coverage
What They Actually Do
Approval: Configurable — You choose which actions need approval
Incident Response: Included in contract
Response SLA: Not disclosed
Rapid7 MDR includes Active Response with Velociraptor, enabling analysts to directly execute approved remediation actions including malware removal, system restoration, endpoint isolation, and process termination. Unlimited DFIR is included with Managed Threat Complete Ultimate tier. Customers can choose to be hands-off or collaborate via ChatOps.
Stack Compatibility
EDR
SIEM
Cloud
Ticketing
Other Integrations
Attack Surface Coverage
Endpoint
included
Cloud Workloads
included
SaaS Apps
included
Identity
included
Network
included
OT/ICS
Not offered
Pricing & Total Cost
- Pricing Model
- Per-asset monthly pricing; three tiers (Essentials, Advanced, Ultimate)
- Price Range
- Starting ~$17/asset/month; $30,000-$150,000+/year for enterprise deployments
What costs extra
- $MDR for Enterprise tier (custom event sources, custom detections)
- $MDR for Microsoft Defender (separate service)
- $Vulnerability Management (InsightVM) — separate product
- $Application Security (InsightAppSec) — separate product
Hidden cost warnings
- Warning:Requires Rapid7 Insight Agent on at least 80% of supported assets
- Warning:Enterprise tier significantly more expensive than Essentials
- Warning:Breach warranty only available on Ultimate tier
- Warning:Custom event source integration only on Enterprise tier
✓Trial available (30 days (InsightIDR platform trial))
✓Proof of Value available
Breach Warranty — up to $1,000,000
Caveat: Only available with Managed Threat Complete Ultimate tier. Coverage amount based on environment size. Must meet best-practice security requirements.
Service Details
Contract Terms
Contact for specifics
Data Retention
13 months
Dedicated Analyst
Yes
Portal Access
Yes
Custom Reporting
Yes
Quarterly Reviews
Yes
Communication & Visibility
Communication Channels
Escalation Method
Cybersecurity Advisor team by phone and portal during business hours; 24/7 SOC analyst escalation for active incidents; ChatOps (Slack) for real-time collaboration on Active Response actions
Data Access
Full Query Access
You can query raw log data directly
What to Ask Rapid7
Based on common blind spots and real-world evaluation patterns
- 1.
What is the exact per-asset pricing for our environment size, and how does cost scale as we add assets?
- 2.
How does the analyst pod assignment work — how many customers does our pod serve?
- 3.
What specific Active Response actions can your analysts take autonomously, and how do we configure the approval workflow via ChatOps?
- 4.
How does the breach warranty qualification work — what best-practice requirements must we meet?
- 5.
What happens to our 13 months of SIEM data if we decide not to renew — can we export it?
- 6.
How does MDR for Enterprise differ from MDR Elite in terms of custom detections and event source integration?
- 7.
What is the deployment timeline to reach 80% Insight Agent coverage, and what support do you provide during rollout?
Compare With Similar Providers
Browse Related
Information compiled from public sources. Verify details directly with the provider before making decisions.