Rapid7 integrates generative AI to enhance threat detection

Rapid7 has integrated new generative artificial intelligence capabilities into its Rapid7 AI Engine, which powers the company’s Managed Detection and Response (MDR) services. This development aims to transform the delivery of Rapid7's security operations, enhancing the speed and accuracy of threat detection and response.

The Rapid7 AI Engine functions as the core analytics engine within the Insight Platform, supporting the company's global security operations centre (SOC) teams throughout the lifecycle of a cyberattack. The engine utilises a large and varied set of risk and threat data to automatically differentiate between malicious and benign alerts, a process which includes both traditional machine learning (ML) and generative AI models. This multi-faceted approach ensures that new security alerts are accurately labelled, enabling analysts to focus more on investigating significant security signals rather than sorting through false positives.

Laura Ellis, Vice President of Data and AI at Rapid7, commented on the company's ongoing innovation in the field. “For years, we’ve pioneered the application of AI technologies, establishing patented models and incorporating them into our technologies to better and more efficiently solve customer challenges,” she said. “We remain at the forefront with generative AI, enhancing our world-class MDR services, ensuring that we continue to deliver unparalleled results for our customers.”

The enhanced AI Engine aims to provide Rapid7's SOC experts with instant access to relevant and actionable information for complex security events. According to Rapid7, this will result in quicker and more effective resolution of security incidents, offering customers improved outcomes. The engine is also integral to the company's AI-native SOC assistant, which aids MDR analysts in responding to threats more efficiently and proactively mitigating risks.

Jeremiah Dewey, Senior Vice President of Managed Services and Product Delivery at Rapid7, highlighted the significance of the AI Engine’s SOC assistant. “Our AI Engine’s SOC assistant is a powerful tool for our expert teams,” Dewey said. “They are now exponentially more effective, due to the increased efficiency and speed in which they can respond to threats and mitigate risks, a significant advantage for our MDR customers and partners.”

The company emphasises that its AI models undergo rigorous internal testing before being deployed to customers. By releasing AI models to internal SOC teams first, Rapid7 creates a continuous feedback loop between frontline analysts and the AI and data science teams. This ensures that the models provide accurate and actionable information.

Rapid7's AI Engine is bolstered by an extensive range of event data sources, proprietary security datasets, and emergent threat intelligence, which encompass modern environments and attack surfaces. The company captures over 4.8 trillion security events each week, creating a powerful learning environment for its AI models. Rapid7 has a history of incorporating AI approaches into its technology, starting with expert systems in its first product, Nexpose, launched in 2001. The company has since secured numerous patents for AI and ML innovations and established an AI Centre of Excellence.

The AI Engine supports Rapid7's broader Managed Threat Complete service, a comprehensive offering aiming to unify cloud risk management with threat detection and response. This integration of generative AI intends to enhance the speed, accuracy, and overall efficacy of the company’s security solutions.