

Rapid7 Managed Detection and Response
Platform vendor requiring Rapid7 Insight Agent on 80%+ of assets, with one key differentiator: you keep full query access to your SIEM data. Analyst pods learn your environment over time rather than treating you as a ticket queue. Active Response with Velociraptor (launched April 2025) lets analysts take direct remediation actions on your endpoints.
Buyer fit
Good fit when
- ✓Mid-market to enterprise organizations (500+ assets) wanting full SIEM data transparency alongside MDR
- ✓Security teams wanting active remediation via Velociraptor without a fully outsourced model
- ✓Organizations that value analyst pod continuity and environment familiarity over time
Watch out when
- ×Organizations with fewer than 500 assets (minimum requirement)
- ×Companies unwilling to deploy Rapid7 Insight Agent across 80%+ of their environment
- ×Organizations needing OT/ICS coverage or fully technology-agnostic MDR
Coverage
Platform
Additional capabilities
Incident response
Pricing
What costs extra
- –MDR for Microsoft Defender (dedicated service launched Jan 2026)
- –Vulnerability Management (InsightVM, separate product)
- –Application Security (InsightAppSec, separate product)
- –Custom event source integration (Advanced/Ultimate tiers only)
- –InsightConnect SOAR (unlimited in MTC, separate otherwise)
Cost caveats
- –Requires Rapid7 Insight Agent on 80%+ of supported assets, minimum 500 assets
- –Breach warranty and unlimited DFIR only available on Ultimate tier
- –Essential tier has no dedicated cybersecurity advisors (Support Center only)
- –Custom event sources and custom detections only on Advanced/Ultimate tiers
Breach warranty up to $1,000,000.
Pricing compiled from public sources. Verify directly with the provider.
Team and access
Certifications
Reputation
PeerSpot 8.6/10 (MDR). Gartner SIEM MQ recognized 7th year (2025). MITRE 2023: all 19 Turla attack phases detected. Praised for data transparency and analyst pod familiarity. Company underwent 18% layoffs in Aug 2023, explored PE sale in Q4 2024 (no deal), Jana Partners activist investor added 3 board seats in 2025. Revenue $860M (FY2025), guidance for 2026 slightly lower ($835-843M).
What customers praise
- ✓Full SIEM query access to 13 months of data with no black box
- ✓Analyst pod model provides environment familiarity and partnership feel over time
- ✓Active Response with Velociraptor for direct endpoint remediation without reimaging
Common complaints
- ×Requires Rapid7 Insight Agent on 80%+ of assets, significant platform lock-in
- ×Pricing opacity and unexpected overage charges reported in reviews
- ×Company instability: 18% layoffs (2023), activist investor, PE interest, declining 2026 guidance
Limited recent discussion. One 2024 r/ITManagers review praised 24/7 monitoring and no overage charges for log ingestion. Data transparency positioning resonates with practitioners.
Questions to ask
- 1.
What is the exact per-asset pricing for our environment size (minimum 500 assets), and how does cost scale?
- 2.
How does the analyst pod assignment work, and how many customers does our pod serve?
- 3.
What specific Active Response actions can analysts take via Velociraptor, and how do we configure the Slack ChatOps approval workflow?
- 4.
How does the breach warranty qualification work, and what best-practice requirements must we meet?
- 5.
How does Managed Threat Complete Ultimate differ from MDR Elite in terms of included services?
- 6.
What happens to our 13 months of SIEM data if we don't renew, and can we export it?
Evidence
Sources reviewed
Main public source used for the provider profile.
Technical documentation for Active Response threat containment capabilities
Official terms and conditions for Managed Detection and Response services
Comprehensive compliance certifications including SOC 2, ISO 27001, and GDPR
Public-data caveats
- –No public contractual response-time SLA is recorded for this profile.
- –Response authority may depend on pre-approval and contract scope.
Also consider
Information compiled from public sources. Verify details directly with the provider before making decisions.