Skip to main content

Help us improve the Digital Marketplace - send your feedback

ITHQ LTD

Rapid7 Cloud Risk Complete: Hybrid Security and Risk Management

Rapid7 Cloud Risk Complete is an integrated security platform that manages risks across cloud, on-premises infrastructure, and web applications. It provides comprehensive vulnerability management, dynamic application security testing, and automated workflows to enhance security postures efficiently.

Features

  • Centralised risk management across diverse environments.
  • Automated security assessment tools for quick risk identification.
  • Real-time visibility into cloud assets and their vulnerabilities.
  • Integration with existing systems to streamline workflows.
  • Customisable reporting for tailored security insights.
  • Enhanced detection capabilities for web application vulnerabilities.
  • Proactive threat intelligence to anticipate security risks.
  • Efficient incident response with automated workflows.
  • Compliance support to meet regulatory requirements.
  • Cloud Security Posture Management CSPM

Benefits

  • Automate compliance checks to streamline security and regulatory workflows.
  • Prioritise risks intelligently for efficient resource allocation.
  • Centralise security management to simplify oversight across environments.
  • Enhance visibility into assets for better control and decision-making.
  • Deploy scalable security solutions to adapt to changing business needs.
  • Integrate seamlessly with existing tools to maintain productivity.
  • Accelerate incident response with automated processes.
  • Continuously monitor threats to minimise potential disruptions.
  • Facilitate proactive security planning with predictive analytics.
  • Support remote management to safeguard assets from anywhere.

Pricing

£150 an instance

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ithq.pro. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

7 9 4 3 8 0 7 9 5 5 2 5 3 6 6

Contact

ITHQ LTD Dale Nursten
Telephone: 02039977979
Email: bidteam@ithq.pro

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Hybrid cloud
Service constraints
N/A
System requirements
  • Windows desktop 10 v1507 to Windows 11 23H2
  • MacOS Big Sur 11 to macOS Sonoma 14
  • Ubuntu Linux versions 18.04 LTS to 22.04 LTS
  • Amazon Web Services (AWS)
  • Google Cloud Platform (GCP)
  • Microsoft Azure
  • Oracle Cloud
  • Alibaba Cloud

User support

Email or online ticketing support
Email or online ticketing
Support response times
Vendor response times are dependent on support contracts.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Full details of Rapid7 support levels can be found at: https://www.rapid7.com/globalassets/_pdfs/whitepaperguide/rapid7-customer-support-guidebook.pdf
Support available to third parties
Yes

Onboarding and offboarding

Getting started
ITHQ will support the on-boarding of the solution with an agreed Scope of Works document customised to meet the customers' requirements.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data export tools within the platform.
End-of-contract process
At the end of the contract the customer will be offered the option of extending their subscription or ceasing to use the platform.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
No
Service interface
No
User support accessibility
None or don’t know
API
Yes
What users can and can't do using the API
Rapid7 Cloud Risk Complete offers an API. The Insight Platform provides a unified API that facilitates interaction with various Rapid7 Insight products, including Cloud Risk Complete. This API uses RESTful principles and supports common operations across different product APIs within the platform. It requires the use of an API key for authentication and supports features like pagination, rate limiting, and versioning to manage API interactions effectively.

More details can be found at https://docs.rapid7.com/insight/api-overview/
API documentation
Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
What: Security Policies and Configurations: Users can tailor security policies and rules to fit specific operational needs and threat models.
Dashboards and Reports: Customisable dashboards allow users to focus on metrics that matter most to their security posture.
Alerts and Notifications: Alerts can be configured to ensure the right personnel are notified about critical issues in real-time.
Integrations: The service integrates with other tools like SIEMs, compliance systems, or other IT management tools, enhancing existing workflows.

How:
User Interface (UI): Through the UI, users can easily adjust settings, configure policies, and manage alerts without technical expertise.
API Usage: For deeper integration and automation, technical users can use the provided API to develop custom scripts or applications that interact with the service.

Who:
Security Administrators and IT Teams: These users typically have the access rights to modify security settings and configurations.
Developers: They can utilize the API for creating custom integrations and automations.

Scaling

Independence of resources
The infrastructure supporting Rapid7's services is designed to be highly scalable. This allows the system to handle increases in demand without a degradation in performance. Rapid7 guarantees that user demands do not affect each other's service by implementing scalable cloud infrastructure, resource isolation, and load balancing. These systems automatically adjust to user loads and isolate processes, ensuring consistent service levels. Additionally, continuous performance monitoring and predictive resource allocation help manage and mitigate potential impacts from surges in demand, maintaining service reliability and speed for every user.

Analytics

Service usage metrics
Yes
Metrics types
Rapid7 Cloud Risk Complete does provide service usage metrics. These metrics can help organisations monitor their security posture, track service usage, and analyse trends over time to improve their overall security strategy. The platform includes dashboards and reporting features that allow users to view detailed analytics related to asset vulnerabilities, threat detections, and compliance status. These tools are designed to provide actionable insights that help users prioritise security tasks and manage their resources effectively. For more specific information on accessing and utilising these metrics, you can refer to the official Rapid7 documentation or support services
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Rapid7

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Less than once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
For offboarding or regular data management purposes, users have the option to export data such as asset details, account information, and mobile device data. Rapid7 supports exporting data in formats like CSV or PDF, allowing for flexibility in how data is saved or further processed outside of the platform. This feature is accessible through the dashboard settings, where users can select specific datasets for export​​.
These import export capabilities ensure that users can efficiently manage their security data, aligning with organisational changes or compliance needs. For more detailed guidance on using these features, you can refer to Rapid7's official documentation.
Data export formats
  • CSV
  • Other
Other data export formats
PDF
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Rapid7 guarantees a high level of availability for its Cloud Risk Complete service, typically outlined in their Service Level Agreements (SLAs). These SLAs usually specify the percentage of uptime guaranteed, often aiming for 99.9% availability. This level of service ensures that users experience minimal disruptions and consistent access to the service.
In cases where Rapid7 does not meet the guaranteed levels of availability, the SLA would typically include details on how users are compensated. This compensation might involve service credits that users can apply against future payments, providing a financial adjustment for the downtime experienced.

For exact details on the availability guarantees, SLA specifics, and compensation methods, users should refer to the specific SLA provided by Rapid7 upon subscribing to their services. This document will include all necessary details regarding uptime commitments and the procedures for claiming compensations if those commitments are not met.
Approach to resilience
Rapid7's Cloud Risk Complete service is designed for resilience to ensure continuous operation and availability. The service's resilience strategy includes multiple elements:

Data Center Redundancy: Rapid7 utilizes data centers that employ redundant power supplies, HVAC systems, and network connections, enhancing their ability to maintain service continuity amidst various failures.
Geographical Diversity: Services are hosted in multiple geographic locations to mitigate the impact of regional disruptions, natural disasters, or other localized problems. This geographical spread ensures that even if one location is affected, the service can still operate from other locations.
Failover Mechanisms: Automatic failover mechanisms are in place, allowing for quick switching to backup systems and data centers without service interruption in the event of a hardware or software failure.
Scalable Architecture: The infrastructure is built on a scalable cloud platform, designed to handle increases in load seamlessly. This scalability ensures that the system can adjust to spikes in demand without impacting user performance.
Continuous Monitoring: Rapid7 employs continuous monitoring of their systems to detect and respond to issues proactively. This includes performance monitoring and security monitoring to address potential security threats swiftly.
Outage reporting
Rapid7 reports service outages through a combination of methods to ensure users are promptly and effectively informed:

Public Dashboard: Rapid7 maintains a publicly accessible status dashboard that displays real-time information regarding system performance and any ongoing incidents or outages. This dashboard is regularly updated to reflect the current status of all services, including any active issues and expected resolution times.
API: For users integrating Rapid7 services into their own monitoring systems, an API is available that can provide real-time status updates. This allows users to programmatically check the operational status of different service components and automate their own alerting and response processes.
Email Alerts: Rapid7 also provides email alerts to notify users of significant incidents or outages. These alerts include details about the nature of the issue, the services affected, and any steps being taken to address the problem. Users can subscribe to these alerts to receive updates directly in their inbox.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Only authorised users or groups are able to access the management and support portals.
Access restriction testing frequency
Less than once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QMS International Ltd
ISO/IEC 27001 accreditation date
15/03/2022
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We are ISO27001 accredited and able to supply our Information Security Policies subject to a non-disclosure agreement being put in place with the receiving party.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Will be provided by ITHQ upon request.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Will be provided by ITHQ upon request.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Will be provided by ITHQ upon request.
Incident management type
Supplier-defined controls
Incident management approach
Will be provided by ITHQ upon request.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Tackling economic inequality
  • Equal opportunity

Tackling economic inequality

ITHQ runs a corporate social responsibility programme, Life In IT, in South East England. This initiative focuses on reconditioning tech devices, which are donated by businesses as they upgrade their infrastructure. By redistributing these devices to local non-profit organisations and schools, we prevent valuable technology from being wasted and facilitate access to digital education resources for underserved communities. This program not only extends the lifecycle of technology but also significantly reduces economic barriers to accessing necessary educational tools.

Equal opportunity

To specifically address equal opportunity, our Life In IT programme prioritises collaboration with schools that support students from diverse backgrounds, including low-income families, minorities, and those with disabilities. We provide customised technology solutions that cater to a wide range of learning needs and styles, thereby ensuring all students have the opportunity to succeed. By doing so, ITHQ is committed to creating a more inclusive educational environment where every student, regardless of their socioeconomic status or background, can benefit from equal access to high-quality digital education.

Pricing

Price
£150 an instance
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ithq.pro. Tell them what format you need. It will help if you say what assistive technology you use.