At Rapid7, we take a different approach to disrupt the status quo, moving away from the typical MSSP model to one that empowers security teams to mature faster. Our offering goes far beyond managing existing tool sets, hiding behind proprietary methodologies, and failing to provide expertise—all issues that still plague traditional MSSPs.
That’s why we’re proud to be recognized in the Forrester Wave as the leader in the “Strong Performer” category and to score second highest overall current offering for our Managed Security Services, which include:
- Managed Detection and Response for 24/7/365 threat detection, response, and proactive hunting for known and unknown threats.
- Managed Vulnerability Management for endpoint and network vulnerability scanning and detection that embodies the attacker mindset.
- Managed Application Security for dynamic testing of web applications to identify and prioritize application vulnerabilities.
We feel this recognition validates our mission to become a strategic security partner for our customers, acting as an extension of their teams and providing resources and expertise to power Security Operations (SecOps) without taking away control. Forrester highlighted our “smooth integration with customer ecosystems” to gain context to attacks, and our focus on helping customers “improve security maturity across the organization” to move from risk to remediation.
We’ve flipped MSSP on its head by offering both “do it with you” and “do it for you” options to meet the needs of any security program at any maturity level. Customers love that they can offload the burden of staffing a 24/7 security team to secure everything from endpoints to apps, but still have deep visibility into the overall environment and can minimize their attack surface. Furthermore, they tell us that having Rapid7 managed services and trusted resources has helped them strengthen their organization’s security maturity and led to a faster time to value than seen in previous security investments.
Forrester’s analysis highlighted three critical areas that align directly to our overall Managed Security Services vision:
1. “Emerging MSSPs help strengthen their customers’ security maturity.”
If there were a tagline for Rapid7’s Managed Service, this would be it. Our mission has always been to help customers evolve their security programs through industry-leading technology, security expertise, and the vision of SecOps as a business practice. We’ve realized that protection and proactive management alone won’t aid in the long-term development of our customers’ security posture. With our MDR offering, our reporting capabilities go far beyond alerting that “something happened.” Rather, we identify everything you need to know—including attack vector, context of the attacker, and how to resolve the situation—with instructions that security teams can pass to IT counterparts explaining suggested actions to close attack loopholes.
2. “Emerging MSSPs know their customers.”
Instead of being the proverbial Wizard of Oz behind the curtains of security SOWs and technologies, we pride ourselves on becoming a true extension of customer teams through attentive service, visibility into our backend systems, and a named resource you can reach out to for all things related to security at Rapid7 and beyond.
For instance, our customer advisors are called on for everything security related, from helping customers prioritize high-impact fixes exposed through managed vulnerability scans to acting as an intermediary between security and development teams to prioritize application security vulnerabilities. As such, we place extreme emphasis on understanding each customer’s environment landscape, applications, and typical user behaviors via User Behavior Analytics (UBA) for context so we can provide better, more personalized service for each customer environment. This encompasses everything from understanding your applications to baselining user behavior and engaging in proactive threat hunting.
3. “Emerging MSSPs put cyber risk at the forefront.”
Cyber risk strategy isn’t only a security team initiative anymore; data and endpoint security is becoming more of a consideration across the organization, from compliance to the boardroom. For example, managed application security grants companies access to security experts who validate each vulnerability finding to eliminate false positives, allowing teams to focus on what matters while also understanding the “why” behind each alert. These experts also act as trusted advisers when helping security teams prioritize and gain buy-in across internal business units, helping promote shift left testing in the software development lifecycle (SDLC) by looking for vulnerabilities as an integral part of the development process.
At Rapid7, we’re proud to be at the forefront of powering the practice of SecOps—a shared alliance between security, IT, and DevOps to make security an outcome of all innovation—and helping our customers to minimize security risk across their entire business. And due to the inherent business risk of a breach, data theft, and reputation damage, our MDR approach helps customers put security risk into context with detailed reporting and customer advisors who help move the business from risk to remediation.
For more on Forrester’s take on the emerging MSSP market and how Rapid7 placed, read the the full report here.