Rapid7 rolls out MDR product for Microsoft environments

Cybersecurity vendor Rapid7 has launched a managed detection and response product, designed to operationalise and protect Microsoft environments at scale.

Rapid7 MDR for Microsoft integrates with Microsoft Defender to pair enterprise vulnerability risk management with analysis of live threat activity, proactively identifying the attack paths most likely to be exploited.

Remote containment, endpoint forensics powered by Rapid7's open-source DFIR framework  and unlimited incident response also aim to ensure threats are stopped quickly, fully investigated and neutralised.

Rapid7's Asia Pacific and Japan channel director David Quist told techpartner.news that the service has been designed for cases where a customer is asking their Microsoft partner about security options, but that partner may not have Microsoft security capabilities.

“(It) starts to help with some of those conversations that customers do want to have around tool consolidation, greater visibility, predictability of cost, data retention - all those things that start to have that multiplier effect in terms of the customers bottom line” he said.

MDR for Microsoft doesn’t require specialist knowledge or certifications for Microsoft Defender or Sentinel security services, which Quist said can mitigate issues with finding or upskilling staff.

“There's a lot for partners to do - I think in some ways, you could almost suggest that it'd be a full time job for partners to be certified in the vendors they represent, [so] the opportunity cost of doing that is you actually end up with no customers,” he said.

But, he added, it’s not about partners purely being salespeople for Rapid7’s products.

“It's taking the best things that our partners have in terms of relationship capability [and] combining that with what Rapid7 brings as well, and saying ‘let's understand clearly what the customer wants to achieve and how we can go about doing that together’,” Quist explained.

As part of the offering, a dedicated cybersecurity advisor from Rapid7 leverages their experience to provide partners with regular threat briefings, environment-hardening advice, program governance, and health checks.

Endpoint alerts and analyst actions stay synchronised between Rapid7 and Microsoft consoles,  laying the foundation for broader integrations across additional Microsoft security vectors, while the company's 24x7x365 global SOC continuously monitors and investigates activity across Microsoft and non-Microsoft environments.

Additional value-drivers included in the service are unlimited SOAR automation, standard 13-month data retention with the ability to extend, proactive threat hunting, and AI-assisted investigation workflows, delivering a comprehensive MDR experience that scales with your environment and outpaces attackers.

Beyond the Microsoft integration, Quist said that Rapid7’s MDR solutions are continuing to evolve as expectations of security solution capabilities are changing.

He said there is increasingly a call for the integration of exposure response information, resulting in what he called “prevention, detection and response” products.

“The prediction from Gartner is that is where the market will shift to, so it's now about making sure that partners are in a good space to tell that story and that customers are well aligned to 'this is the next evolution of what you're doing and here's what the value proposition from Rapid7 is around doing that'," he said.