Managed Extended Detection and Response (MXDR)

Rapid7 offers a broad range of security solution capabilities. MXDR, one of Rapid7’s global managed services (see Figure 1), leverages the company’s solutions to provide service across the NIST Cybersecurity Framework’s five areas of functional requirements for managing risk: Identify, Protect, Detect, Respond, and Recover.

For any organization, managing its own staff to resource this range of requirements is a complex undertaking, which needs a variety of high-value operational and oversight skills – capabilities that are difficult to retain, and to keep up-to-date. MXDR enables organizations to have Rapid7 manage the complexity involved, and manage the skills and resources that requires, in a framework that allows the customer organization to tailor how its own security team will interact with the Rapid7 teams working on its behalf. For example, customers own tools can gain insight via integration with the native telemetry within Rapid7’s solutions, while only being alerted when a certain level or type of risk is encountered. Also, MXDR’s advanced features can enable customers to significantly and measurably reduce the risk from cybersecurity threats.

As Rapid7 has acquired or developed security products it has ensured that they are integrated, matching the customer need to operate without barriers between the areas of protection they require, including over multiple methods of attack over the more diverse attack surface of today’s organization. The solutions share a data platform (Rapid7 Command Platform – see Figure 1), which normalizes and stores security data from Rapid7 solutions as well as third-party sources and solutions. The resulting analysis of pre-integrated data, helped by Rapid7’s AI Engine, can deliver improved diagnosis and more accurate assessment of the response that is necessary.

Rapid7 claims that 99.6% of customers protected by MXDR avoid the effects of ransomware, as well as experiencing a 90% reduction in the likelihood of a data breach, and saving over 97% of time that would be spent on dealing with threats without the use of the service.

Customer Quotes

“Rapid7 MDR was selected due to it native integrations and ability to aggregate and correlate alerts across multiple sources to provide a stronger defense-in-depth strategy and a robust, layered security approach.”
A telemedicine firm

“…the ability to close security gaps, and to save money, specific features such as Rapid7’s unlimited log ingestion which offered long-term scalability and more cost benefits, were behind the company’s decision to work with Rapid7.”
A leading technology company

“The Rapid7 MDR became the 24/7 eyes and ears we needed.”
A leading law firm that represents 15 industries

MXDR is operated svia four Rapid7 SOCs in Arlington (USA), Dublin (Ireland), Prague (Czech Republic), and Australia, situated to provide distributed ‘follow-the-sun’ service. Rapid7 employs highly-experienced cyber-advisors, some of whom are ex-CISOs.

Fig 2 – Breadth and depth within Rapid7’s detection strategy

Many MDR competitors do not provide equivalent depth of functionality to Rapid7 in the areas of Identify, Protect, and Detect. The range of telemetry data analysed to inform these functions is shown in Figure 2. Rapid7’s Exposure Management capabilities integrate vulnerability management with the management of security posture across the organization’s attack surface. Threats that represent risk above tolerance levels can be identified and highlighted for higher-priority treatment.

Rapid7 AI Engine is used for an increasing number of new features in MXDR. Most recently these include chat-bot support for querying data in Command Platform, and for producing regular or bespoke reports (including incident response case analysis).

Asset awareness (e.g. attack surface elements) is consumed from Rapid7 agents, as well as general tools across the data sources of telemetry. The frequency of telemetry gathering keeps asset data up-to-date.

The company highlights particular value from MXDR due to the availability of unlimited vulnerability scanning, data ingestion, and incident response action without any additional costs. Telemetry data is stored for 13 months as standard (accessible by the customer), to support any long-term investigations, and remains in use by Rapid7’s analysis throughout this period for context. Rapid7 does offer the following optional service elements:

• Managed Digital Risk Protection (DRP), which extends the analysis of early threat signals to include data from deep and dark web sources.
• SOC support for 3rd party detection and response tools specified by the customer.
• Use of hosted Velociraptor (open source detection tool) for deep forensic hunts across endpoints, within Insight IDR.
• Surface Command, which boosts visualization of the attack surface via continuous external scanning.
• Next-gen anti-virus for endpoints to disrupt malicious activity and attacks.
• Vector Command, which focuses on attack surface exposures, tested with continuous Red Team operations.

Customers can choose between three package options for MXDR, each branded ‘Managed Threat Complete’ with an Essential, Advanced, and Ultimate suffix. As well as very large-scale organizations, MXDR is also relevant for small and medium-sized organizations.

MDR services are increasingly popular, and perhaps imperative as a secure foundation for business growth, which can involve an expanded need for risk protection. Rapid7’s flexibility entry points provide a helpful adoption path if required, for new MDR customers.

Most predictions for MDR market growth in coming years estimate a CGR of over 20%. In such market conditions, there is inevitably more market consolidation to come, which can involve disruption for customers. Rapid7 is well placed to avoid negative effects of consolidation, as it has already invested and integrated to expand its security solution and MDR services capabilities in recent years, and is one of the more well-established MDR providers.

The bottom line

Rapid7 has been one of the most active buyers in cybersecurity in recent years, deals which have direct relevance to its MDR strategy. Investment in establishing services with the right customer experiences is also very evident, with continued commitment in 2025.

Bloor Research would advise any potential MDR customer to consider how MXDR fits its needs.