Rapid7 Active Response
Rapid7 Active Response is an optional add-on to our Managed Detection and Response (MDR) service that enables our expert SOC analysts to respond directly to validated threats in your environment. With Active Response, our analysts can isolate endpoints and disable compromised user accounts within minutes, limiting attacker dwell time and accelerating time to respond. To learn more about MDR Active Response, check out this video.
How it works
Here’s how Rapid7 Active Response works:
- During setup, you will install the required plugins, set up connections, import the required Active Response workflows, and provide a list of users and assets (such as critical servers, users, or devices) that you want excluded from quarantine actions. This way, we don’t treat your Domain Controller the same as a typical user.
- Active Response then uses the Rapid7 Insight Agent or VMware Carbon Black Response EDR to isolate threats by quarantining users or endpoints as early in the kill chain as possible, preventing malware propagation across your systems, lateral movement, or data exfiltration.
- The MDR team will send real-time updates to actions using your preferred communication methods: phone, email, Slack, and SMS.
- Throughout the containment process, you can accelerate or cancel containment actions from your mobile or desktop devices via Slack.