Rapid7 MDR
Vulnerability-informed MDR combining deep DFIR expertise with the InsightIDR platform
- Service
- MDR
- Response
- Contain threats
Best for
Mid-market organizations with 500-5,000 employeesUsually replaces
Separate SOC and vulnerability management programsCheck first
Platform is tightly coupled to the Rapid7 ecosystem; less flexibility for organizations using third-party SIEMsCoverage
Covers
- Managed Threat Complete bundles MDR with unlimited vulnerability management via InsightVM
- Active Response enables SOC analysts to contain endpoints and disable accounts on behalf of customers
- Unlimited DFIR with no retainer or hourly caps included for all MDR customers
Pros and limits
Works well
- Unique combination of MDR and vulnerability management provides risk-informed detection and prioritization
- Unlimited DFIR included at no extra cost eliminates breach response retainer concerns
- Strong offensive security heritage (Metasploit, Velociraptor) informs defensive detections
Watch out for
- UBA detection rules have limited customer tuning options with inconsistent change communication
- Container and runtime monitoring capabilities lag behind cloud-native competitors
- Lower-tier support experience can be lacking; enterprise-grade support requires higher spend
Pricing
- Starting price
- ~$17/asset/month
- Billing model
- Per-asset, Tiered, Custom
- Minimum contract
- 12 months
- Trial
- Available
- Proof of concept
- Available
- Onboarding
- 14-30 days
Managed Threat Complete bundles MDR with vulnerability management; Essential, Advanced, and Ultimate tiers available; enterprise pricing is custom-quoted
Connects with
- SIEM
- InsightIDR (proprietary cloud SIEM/XDR)
- EDR / Endpoint
- Rapid7 Insight Agent, CrowdStrike Falcon, SentinelOne Singularity, Microsoft Defender for Endpoint, Carbon Black
- Cloud
- AWS, Azure, GCP
- Other
- InsightVM (vulnerability management), InsightConnect (SOAR), Velociraptor (open-source DFIR), Metasploit (penetration testing), Microsoft Defender XDR, Okta, Active Directory, Palo Alto Networks
Questions
How much does Rapid7 MDR cost?
Rapid7 MDR pricing starts at approximately $17 per asset per month. The Managed Threat Complete bundle, which includes MDR plus InsightVM vulnerability management, typically costs $60,000-$80,000 per year for mid-sized organizations and $100,000+ for enterprise deployments with 5,000+ assets. Pricing is asset-based and varies by tier (Essential, Advanced, Ultimate) and environment size.
Does Rapid7 MDR include incident response?
Yes. Rapid7 MDR includes unlimited digital forensics and incident response (DFIR) at no additional cost for all MDR customers. There are no breach response hotlines, retainer hours, or caps. Rapid7 merged its IR consulting team with its MDR SOC to provide the same level of DFIR expertise as a core capability of the service.
What is the difference between Rapid7 MDR and Managed Threat Complete?
Managed Threat Complete is Rapid7's integrated bundle that combines MDR (detection and response via InsightIDR) with unlimited vulnerability management (InsightVM) and SOAR automation (InsightConnect) in a single subscription. MDR can be purchased standalone, but Managed Threat Complete provides a more comprehensive security operations package that ties vulnerability risk context directly into detection and response workflows.