MDRCost.comMDR pricing intel

Vendor briefing / Rapid7

Rapid7 MDR pricing / 2026

Managed Threat Complete prices per asset and bundles the InsightIDR SIEM plus InsightVM vulnerability management into one contract. Per-asset cost, the three tiers, what's actually included, and how it compares to Red Canary.

How much does Rapid7 MDR cost?

Rapid7 Managed Threat Complete is buyer-reported at $15 to $22 per asset per month, with roughly $17 per asset per month a common mid-point and a 500-asset minimum typical before volume discounts. The per-asset price decreases across tiers above 500 assets.

AssetsPer asset / mo (est.)Indicative annual
500 (typical minimum)~$17-22~$102K-132K
1,000~$15-18~$180K-216K
2,500+Below $15Custom enterprise

Source: Rapid7 official pricing page (model, tiers, asset definition) plus buyer-reported per-asset rates, checked June 2026. Rapid7 publishes no list price: every Managed Threat Complete solution is custom-quoted. The per-asset figures are buyer estimates, not vendor-quoted rates, and the annual columns are indicative arithmetic on those estimates.

Buyer-reported pricing

$15-22

per asset per month

~$17/asset/mo typical, 500-asset minimum, volume break above 500 assets. Custom-quoted only. The per-asset price bundles InsightIDR SIEM/XDR and unlimited InsightVM vulnerability management, so it covers more than detection alone.

Quick facts

ProductManaged Threat Complete
TiersEssentials, Advanced, Ultimate
Min. assets~500 typical
Bundled SIEMInsightIDR included
Bundled VMInsightVM unlimited
Log retention13 months
Coverage24x7x365 SOC
Pricing modelPer asset, custom quote

Tier comparison

Essentials vs Advanced vs Ultimate

CapabilityEssentialsAdvancedUltimate
24/7 SOC monitoringYesYesYes
InsightIDR SIEM/XDRYesYesYes
InsightVM vulnerability mgmtYesYesYes
Dedicated advisor + monthly reviewsNoYesYes
Breach protection warrantyNoPartialYes
Remediation guidance depthStandardExpandedFull

All three tiers share the same foundation: 24/7 SOC, the InsightIDR SIEM, and unlimited InsightVM vulnerability management. Moving up the tiers buys advisory depth (a dedicated advisor, monthly reviews) and risk-transfer features (breach protection warranty) rather than a different detection engine. Tier placement matters most for organisations that want a named advisor relationship.

What you're paying for

The bundle is the differentiator

Rapid7's per-asset price covers more than managed detection. Bundled at every tier:

  • InsightIDR (SIEM/XDR). Unlimited log ingestion with 13 months of retention. For buyers who would otherwise license a standalone SIEM, this is a large folded-in cost.
  • InsightVM. Unlimited vulnerability management scanning. A separate VM platform would normally be its own contract.
  • Unlimited SOAR. Automation and orchestration to action detections faster.
  • 24/7/365 SOC. Monitoring, triage, investigation, and response by Rapid7 analysts across endpoint, cloud, network, and third-party tools (MXDR).

Why the per-asset rate looks higher

A detection-only MDR can quote a lower per-endpoint headline because you supply the SIEM and vulnerability tooling separately. Rapid7's per-asset rate looks higher precisely because InsightIDR and InsightVM are inside it. When you compare, normalise for the SIEM and VM licences you would otherwise buy on their own.

Fit profile

Who Rapid7 MDR suits and who should look elsewhere

Best fit: mid-market and enterprise teams that want SIEM, vulnerability management, and managed detection consolidated under one vendor, compliance-driven buyers who need long log retention (13 months) bundled, and organisations above the 500-asset minimum that can use the volume break.

Poor fit: small businesses below the typical 500-asset minimum (Huntress is far cheaper for 50-250 seats), teams that already own a SIEM and don't want to pay for InsightIDR again, and buyers who only want a thin analyst layer on an existing EDR (Red Canary is leaner there).

Comparing Rapid7's SIEM separately?

For a deep dive on the InsightIDR SIEM platform pricing on its own, see Rapid7 InsightIDR pricing on siemcostcalculator.com. The MDR price above includes that licence.

Tool

Cost calculator

Model your MDR spend.

Vendor

Red Canary pricing

The EDR-agnostic alternative.

Compare

Rapid7 vs Red Canary

Side-by-side breakdown.

FAQ

Rapid7 MDR pricing questions

How much does Rapid7 MDR cost in 2026?
Rapid7 does not publish list prices for Managed Threat Complete; each deal is custom-quoted. Buyer-reported pricing runs roughly $15 to $22 per asset per month, with about $17 per asset per month cited as a typical mid-point and a 500-asset minimum commonly applied before volume discounts. That figure includes the underlying InsightIDR SIEM/XDR licence plus 24/7 SOC monitoring, so the per-asset rate covers more than detection alone (checked June 2026).
What is an 'asset' in Rapid7's pricing model?
Rapid7 defines an asset as a host running a workstation or server operating system to which data has been attributed in the last 30 days. Pricing is based on the number of endpoints, servers, and networks protected, not on data volume ingested into the SIEM and not per incident. The per-asset rate decreases across tiers once you exceed 500 assets.
What are the Rapid7 Managed Threat Complete tiers?
Three service levels. Essentials is for lean teams establishing protection. Advanced is for growing programmes expanding coverage and adds dedicated advisors and monthly reviews. Ultimate is for mature operations managing complex risk and adds breach protection warranties and vulnerability remediation guidance. All three include 24/7/365 SOC monitoring, unlimited log ingestion with 13 months of retention, full InsightIDR access, and unlimited InsightVM vulnerability management.
Does Rapid7 MDR include a SIEM?
Yes. This is the key structural difference from EDR-agnostic providers. Managed Threat Complete bundles InsightIDR (Rapid7's SIEM/XDR platform) plus InsightVM unlimited vulnerability management and unlimited SOAR automation into the per-asset price. For buyers who would otherwise license a SIEM and a vulnerability scanner separately, this consolidates several tools into one MDR contract, which changes the true cost comparison against a detection-only MDR.
Rapid7 MDR vs Red Canary: which is right for me?
Rapid7 bundles its own SIEM and vulnerability management and prices per asset, so it consolidates the most tooling into one contract. Red Canary is EDR-agnostic, runs on the endpoint agent you already own, and prices by endpoint, user, and cloud resource. If you want SIEM plus vulnerability management folded into your MDR, Rapid7 usually consolidates more spend. If you already own a strong EDR and just want a top-tier analyst layer, Red Canary can be leaner. See our Rapid7 vs Red Canary comparison for the full side-by-side.

Disclaimer

MDRCost.com is an independent pricing guide. We are not affiliated with any MDR vendor. Pricing data is compiled from public sources, partner channels, Vendr transaction data, and verified buyer reports. Always request a direct quote for your environment.