Welcome to Managed Digital Risk Protection (Managed DRP)
This page outlines the Managed Digital Risk Protection information related to the MDR Service & the MTC Service.
Rapid7 Managed DRP
Rapid7’s Managed DRP is an add-on service offering for Managed Detection & Response (MDR) and Managed Threat Complete (MTC) customers (it is included as part of the MTC Ultimate tier). This service extends your MDR program to protect your critical digital assets and data from external threats, provides guidance and remediation where appropriate, and supports rapid triage and investigation if active threats are identified in your environment.
This Scope of Service will define the service delivery experience for Managed DRP.
Managed DRP Team
Managed DRP Onboarding Specialist
The Managed DRP Onboarding Specialist is responsible for helping you understand how the service operates, become familiar with the Threat Command technology, and get support and assistance when required. They will perform basic tuning, help you set up the required integrations with InsightIDR, and start your service. Once the technology is operational and all your initial contextual information has been collated and integrated into your Threat Command instance, you will be transitioned to your Customer Advisor.
Managed DRP Analyst
The primary function of the Managed DRP Analyst is to review and triage alerts in your Threat Command instance to ensure the alerts you receive are as accurate as we can make them and contain the minimum amount of noise, e.g., false positives. It is important to note that the accuracy of any threat/alert is heavily influenced by the uniqueness and clarity of your brands and the contextual information you provide, so some level of regular tuning and review will be required (your Customer Advisor will guide you as necessary).
The Managed DRP Analyst will also leverage your InsightIDR technology to validate that reported intelligence threats are not actively exploited in your environment. If we suspect that a reported intelligence threat, e.g. lookalike website, is actively being exploited by an attacker in your environment, the Managed DRP Analyst will escalate the incident to your MDR/MTC service team for investigation by the Rapid7 MDR SOC. If an active cyber threat is confirmed, your MDR team will notify you, as outlined in your MDR/MTC scope of service. The Managed DRP Analyst will monitor the Threat Command alert queue during standard business hours (CET local time) Monday through Friday, excluding nationally observed holidays.
‘Ask the Analyst’
Rapid7’s Threat Command "Ask the Analyst" Service team provides guidance, additional details, and context, recommends remediation steps, executes dark web purchases, or requests threat actor engagement on existing alerts. They will respond to your requests for information via the Ask-an-Analyst chat box and investigate them using every tool and technique at our disposal to uncover new information.
You can also open a case via our customer portal to request Information related to significant global cyber events, essential investigation of email addresses, dark web mentions on our database, or additional information on threat actors. Our ‘Ask an Analyst’ service is available 24/7.
Remediation Service Team
As organizations adopt new digital channels to reach customers, cybercriminals follow suit by impersonating popular brands, promoting scam campaigns, and profiting from unknowing consumers. Our remediation team services external enforcement to take down campaigns that impersonate your brand, infringe on trademarks and copyrights, and threaten customers. Threat Command’s in-house automated Remediation Services can help you expedite takedowns of malicious and harmful web content targeting your brand.
Customer Advisor Engagement
During your Managed DRP service, you will regularly engage with your CA. Your CA will be available to answer any questions and advise you on how to get the most from your Managed DRP service. Your CA can offer guidance on how to leverage the Threat Command platform best, when and how to engage with the Rapid7 Threat Command Team, advise you when collecting evidence to support remediation actions and leverage dark web purchases. Your CA will also work with you to periodically review and tune noisy alerts created in the Threat Command platform, configure and maintain appropriate notification settings, and help you understand how to schedule Executive and technical reports via user dashboards.
Your CA team will be available by phone and via the Customer Portal as outlined in your MDR/MTC scope of service. Please note the MTC Essential tier does not include a dedicated CA.
In-Scope Service Components
Managed DRP is built around our Threat Command platform, which delivers proactive defense by transforming threat intelligence into security actions and actionable alerts.
Threat Command leverages ground-breaking data-mining algorithms and unique cyber reconnaissance capabilities to continuously scan the surface, deep, and dark web to deliver actionable, contextual reconnaissance about potential threats to your organization, employees, executives, and board members. It integrates with our existing security solutions to highlight operational vulnerabilities, secure data, and protect your resources.
Managed DRP incorporates the following components of Threat Command.
Service Deliverables
Monthly Service Review
In line with your existing MDR deliverables, your Customer Advisor will include a summary and overview of your Managed DRP service status in your planned monthly meeting.
Technology
The Rapid7 Managed DRP service is powered by Threat Command (Intel) and InsightIDR (Next-Gen SIEM).
Threat Command Instance
Your Managed DRP subscription will include a single instance of Threat Command for your entire organization. All of your security team users will be assigned to and will have access to all data stored within this single instance, be able to access our expansive Threat Library, make requests to our ‘Ask an Analyst’ team, initiate takedowns, approve Dark Web purchases, and access any other offering under this Appendix.
Threat Command is Rapid7’s Intel solution. It monitors thousands of sources across the clear, deep, and dark web to identify threats targeting your unique digital footprint. This helps you make informed decisions and act quickly on critical threats posing the greatest risk to your business. Supported use cases include dark web monitoring, threat hunting, phishing protection, data/credential leakage, ransomware disclosure monitoring, fraud, and malware detection.
Threat Command supports user-based access controls so that each feature can be restricted per user as required.
Not all alerts will be subject to triage by your Managed DRP Analyst. For example, where we use automation, machine learning, or artificial intelligence to confirm the validity of an alert, we will report these directly to minimize notification delays. Also in cases where triage by your Managed DRP Analysts would delay the reporting of an active risk to the MDR Service team, such as a public breach disclosure by a ransomware group. We will report these threats directly and subsequently work with you to validate and respond so that timely remediation steps can be taken.
Both scenarios introduce the risk of lower efficacy alerts appearing on your platform. Your Customer Advisor and Managed DRP analyst team will work with you to minimize any impact that direct reported alerts may have as we strive to reduce notification delays and enable you to take timely, thoughtful actions when needed.