Welcome to Managed Vulnerability Management (MVM)


The mission of Rapid7’s Managed Vulnerability Management (Managed VM) service is to leverage our security experts to programmatically deliver the people and processes our customers need to effectively manage and reduce their security risk.

By working as your partner to understand your business goals, network, and assets, our goal is to deliver the peace of mind, focus, and consistency that customers expect from a managed service while ensuring our customers maintain visibility into program activities and deliverables, enabling them to effectively communicate and report on their security posture internally.

Rapid7 Managed Vulnerability Management Track Cycle

Managed Vulnerability Management Service Overview

Rapid7’s ManagedVM Program provides a comprehensive picture of threat exposures and global criteria for risk prioritization to facilitate timely remediation across your environment.

Vulnerability scans will be configured on a monthly cadence for (up to) the number of IP addresses outlined on your order form. If intrusion detection/prevention systems (IPS/IDS) or web application firewalls (WAF) are in use, you must make exceptions to accept the originating IP address of the scanning tool/engine in order for Rapid7 to perform the scans. If this is not possible, then the scan should be originated from a network location that prevents IDS/IPS/WAF interference. Verification of the existence of or level of controls in place for IDS/IPS/WAF is outside the scope of the Rapid7 Managed VM service.

Scans will be configured in such a way as to minimize any interruption to the normal operation of the customer environment and will provide the depth of insight and risk context appropriate to your organization’s needs. This is accomplished by gathering relevant data via regular vulnerability scans and delivering detailed actionable reports.

The General Rapid7 Managed VM service includes the following:

Please keep in mind this is related to when the MONTHLY Managed Service is purchased.

  • Hosted, and operationally managed, InsightVM console
  • Scan configuration, continuous tuning, and scheduling for up to the contracted number of IP addresses
  • Monthly scanning of contracted IP addresses
  • Scan validation by our Managed Vulnerability Management Team to ensure successful scan completion with optimal coverage
  • Monthly service reports
  • Monthly Remediation prioritization and guidance
  • Recurring Monthly Meeting with Customer Advisor
  • Quarterly Business Review with Customer Advisor to discuss program trends, best practices, and recommendations for program advancement
  • Customer access to the InsightVM service management console, allowing full visibility and access to service features and reporting at any time

Rapid7 ManagedVM Track Cycle