Manage Endpoint Prevention

Endpoint Prevention is available to Managed Detection and Response and Managed Threat Complete customers who also have the Next-Generation Antivirus or Ransomware Prevention add-ons.

This documentation contains deployment and usage information that guides you through the complete process of setting up an Endpoint Prevention program for your organization.

Overview

Endpoint Prevention is a type of endpoint protection technology available as part of the Insight Agent.

Endpoint Prevention adds an extra layer of protection to the assets where the Insight Agent is installed, using Rapid7's prevention engines to detect an attack's signature at the time of initial access to your environment. Endpoint Prevention also offers endpoint detection and response (EDR) capabilities, by integrating with InsightIDR.

Offerings with access to Endpoint Prevention

To use Endpoint Prevention, your company must be a Rapid7 Managed Detection and Response customer or Managed Threat Complete customer with access to one of these add-on offerings:

  • Ransomware Prevention - Monitor your assets for evasive and suspicious behavior associated with ransomware attacks, and prevent those attacks from occurring. Ransomware Prevention grants access to all Rapid7 prevention engines, with the exception of On-Access Scanning (Antivirus). This offering allows you to use a third-party antivirus solution alongside Rapid7's Endpoint Prevention capabilities.
  • Next-Generation Antivirus - Monitor and prevent attacks on the endpoint, as well as detect, block, and disinfect assets against malicious files. Next-Generation Antivirus grants access to all Rapid7 prevention engines, including On-Access Scanning (Antivirus). With this offering, Rapid7 acts as your complete antivirus, Endpoint Protection Platform (EPP), and EDR solution.

We invite you to learn more about how the Endpoint Prevention feature works at a high level and familiarize yourself with key terms.

Insight Agent deployment

Review the requirements for deploying the Insight Agent with the Endpoint Prevention feature, including:

Once you're confident your environment meets these requirements, follow the installation guide to deploy the Insight Agent on the assets you intend to monitor.

Endpoint Prevention configuration

After deploying the Insight Agent on your assets, you're ready to configure your Endpoint Prevention program.

Endpoint Prevention in InsightIDR

The data produced by the Endpoint Prevention feature is designed to be consumed in Rapid7's InsightIDR offering. To get an overview of Endpoint Prevention's InsightIDR experience, read the investigations and alerts documentation.

How Endpoint Prevention works

Rapid7's Endpoint Prevention feature is a next-generation antivirus solution that monitors your assets for different kinds of threats and automatically responds according to a policy that you configure. These monitoring and response capabilities are delivered as part of the Insight Agent - the same software that runs silently on your assets and already powers several Rapid7 products like InsightIDR and InsightVM.

Endpoint Prevention implements its capabilities by way of configurable policies attached to exclusive groups of all eligible agents in an organization. Each policy has a one-to-one relationship with the group it's attached to and is composed of several prevention engines designed to detect specific types of threats. Your configuration of these policies determines what kind of behavior Endpoint Prevention will monitor, how it will respond when such behavior is detected, and how these events should be prioritized in InsightIDR for your security team.

All aspects of your Endpoint Prevention program are configurable on a per-organization basis by your users with Platform Administrator privileges in the Agent Management experience.