Security Analyst at a tech vendor with 10,001+ employees
Real User
Top 20
Mar 26, 2026
I do not feel there is any improvement needed at the moment; all the features, the tools within it, and their functions are satisfactory. Because it is very good, there are always areas to improve, though I cannot point out specific ones at this moment.
My experience with detection and response capabilities for Microsoft-centric environments has been positive. While API integration can be challenging with some third-party tools, Microsoft's built-in features facilitate seamless communication. I have found it relatively easy to triage and integrate Microsoft systems with Rapid7 MDR. In terms of digital forensics and incident response included in the MDR service, my experience is that it is not very robust. We lack a dedicated forensic team, which is essential for thorough investigation. Rapid7 has introduced honeypots, which is an encouraging feature, but it is not a comprehensive solution such as those offered by competitors, such as Palo Alto's Unit 42. Apart from forensics, I believe Rapid7 MDR should introduce more forensic services. Another area to improve is the active platform's handling of on-premises tools versus cloud-based tools. We prefer on-premises options for data security, and we find limitations in features compared to cloud-based tools, concerning data access and privacy controls.
There are areas of Rapid7 MDR that have room for improvement. The market is now changing very quickly towards artificial intelligence, and all the SIEM, EDR, and XDR vendors are moving to apply artificial intelligence in their solutions. Rapid7 MDR is currently weak in AI solutions and intelligence, which is concerning. It is also somewhat delayed compared to many vendors such as CrowdStrike, SentinelOne, or Microsoft, who are heading in such directions.
The product should provide full transparency in security operations. I want to see what's exactly going on on the other side. I want to know what is happening, what my security operations center is doing, and whether they are working for me.
Rapid7 MDR is a leading service offering transparency, integration, incident response, and proactive security. It is designed for efficient SIEM and EDR integration to facilitate threat detection, making it effective for organizations of all sizes.Renowned for robust threat detection, Rapid7 MDR combines transparency, automation, and integration. It provides excellent incident response, vulnerability management, AI-driven log queries, and significant time savings. Despite competitive...
I do not feel there is any improvement needed at the moment; all the features, the tools within it, and their functions are satisfactory. Because it is very good, there are always areas to improve, though I cannot point out specific ones at this moment.
My experience with detection and response capabilities for Microsoft-centric environments has been positive. While API integration can be challenging with some third-party tools, Microsoft's built-in features facilitate seamless communication. I have found it relatively easy to triage and integrate Microsoft systems with Rapid7 MDR. In terms of digital forensics and incident response included in the MDR service, my experience is that it is not very robust. We lack a dedicated forensic team, which is essential for thorough investigation. Rapid7 has introduced honeypots, which is an encouraging feature, but it is not a comprehensive solution such as those offered by competitors, such as Palo Alto's Unit 42. Apart from forensics, I believe Rapid7 MDR should introduce more forensic services. Another area to improve is the active platform's handling of on-premises tools versus cloud-based tools. We prefer on-premises options for data security, and we find limitations in features compared to cloud-based tools, concerning data access and privacy controls.
There are areas of Rapid7 MDR that have room for improvement. The market is now changing very quickly towards artificial intelligence, and all the SIEM, EDR, and XDR vendors are moving to apply artificial intelligence in their solutions. Rapid7 MDR is currently weak in AI solutions and intelligence, which is concerning. It is also somewhat delayed compared to many vendors such as CrowdStrike, SentinelOne, or Microsoft, who are heading in such directions.
There are potential improvements in reports and dashboards.
The product should provide full transparency in security operations. I want to see what's exactly going on on the other side. I want to know what is happening, what my security operations center is doing, and whether they are working for me.