Rapid7 InsightIDR pricing in 2026: per-asset, bundles, real cost
The independent Rapid7 InsightIDR pricing reference. Per-asset/month list rates, Insight Platform bundle economics, MDR upsell math, real cost scenarios from 100 to 30,000-plus assets, and where Rapid7 wins on cloud-native simplicity. Updated May 2026.
List rates from rapid7.com/products/insightidr and AWS Marketplace listings as of Q2 2026.
How Rapid7 InsightIDR pricing actually works
Rapid7 InsightIDR prices on a per-asset-per-month meter, with log ingestion, EDR (Insight Agent), UEBA, deception, and basic correlation bundled in. The asset definition is broad: physical servers, virtual machines, cloud workloads, network devices, and user endpoints all count. The meter simplicity is the largest structural difference from per-GB SIEMs and the largest reason mid-market SOCs choose Rapid7: budget forecasting becomes a function of headcount and IT estate growth rather than log volume volatility.
The per-asset rate of approximately $5.61 per asset per month is the headline list. Volume discounts compress this band toward $4.20-$4.80 at meaningful scale (5,000+ assets) and multi-year commits push the floor toward $3.50-$4.00 at large enterprise commits. Quarter-end pressure produces real discount outcomes; transactional list-rate purchases leave value on the table.
The asset count is the cost-discipline lever that matters most. Ephemeral cloud workloads count when the Insight Agent is installed; decommissioned-but-not-cleaned-up assets in CMDB count if Rapid7 last scanned them within retention window; shadow-IT cloud accounts count if discovered. Quarterly asset audits routinely remove 20-30 percent of the meter without losing real coverage. The cleanup discipline is the single highest-leverage Rapid7 optimisation and the one most customers do not invest in.
The Insight Platform bundle combines InsightIDR (SIEM/EDR), InsightVM (vulnerability management), and InsightConnect (SOAR/automation) at a 15-25 percent combined discount versus standalone licensing. For organisations that genuinely run vulnerability management as an active discipline, the bundle math is decisive. For SIEM-only buyers, standalone InsightIDR is the right purchase; the bundle becomes economical only when InsightVM is genuinely used.
Rapid7 MDR is the co-managed upsell path. MDR pricing at $15-$22 per asset per month typically includes the underlying InsightIDR licence and adds 24/7 SOC coverage with triage, investigation, and response. For organisations without internal SOC capacity or with limited 24/7 coverage, MDR is the genuine path. For organisations with internal SOC capability, MDR scoped to crown-jewel assets (production, payment processing, regulated data) while running self-service InsightIDR on the rest typically delivers better unit economics than full-estate MDR coverage.
The 2026 competitive environment for Rapid7 is unusually favourable. The vendor's historical positioning as a vulnerability management leader has expanded into a credible SIEM/XDR/MDR consolidator, and pricing aggression against Sentinel, Sumo Logic, and CrowdStrike Falcon for SMB and mid-market buyers is producing 20-25 percent discount outcomes on multi-year commits. The Insight Platform bundle pricing is genuinely competitive against Sentinel-plus-Defender and Sumo-plus-Wiz consolidation pitches.
InsightIDR pricing by asset band
| Asset band | Profile | Annual licence |
|---|---|---|
| 100 assets | Small business / single-site SMB | $8K-$12K/yr |
| 500 assets | Growing mid-market | $36K-$54K/yr |
| 2,500 assets | Mid-market, multi-site | $170K-$240K/yr |
| 10,000 assets | Lower enterprise | $590K-$840K/yr |
| 30,000+ assets | Enterprise / regulated | $1.5M-$2.2M/yr |
InsightIDR standalone, before Insight Platform bundle discount or MDR upsell. Volume discounts compress per-asset rates above 5,000 assets.
Rapid7 SKU reference
| SKU | Pricing | Notes |
|---|---|---|
| InsightIDR (Standalone) | From ~$5.61/asset/month | List per Rapid7 marketplace; per-asset, billed annually |
| Insight Platform Bundle | InsightVM + InsightIDR + InsightConnect | Bundle discount typically 15-25% versus individual products |
| MDR (Managed Detection) | From ~$15-$22/asset/month | Co-managed service layered on InsightIDR; 24/7 SOC coverage |
| Threat Complete (Tier above MDR) | Quote-only | Adds incident response retainer and threat hunting |
Five Rapid7 cost optimisations that genuinely work
Audit asset count rigorously
20-30% on per-assetRapid7's per-asset meter counts everything visible: ephemeral cloud workloads, decommissioned servers still in CMDB, dormant accounts. Quarterly asset audits routinely remove 20-30 percent of the count without losing real coverage. The cleanup is the single highest-leverage Rapid7 cost lever.
Bundle Insight Platform for VM + IDR
15-25% on combined spendCustomers running InsightVM (vulnerability management) and InsightIDR separately leave bundle savings on the table. Insight Platform combined contracts produce 15-25 percent off versus standalone, plus operational simplification from a single console.
Right-size MDR coverage scope
30-50% on managed serviceMDR pricing scales with asset count, but most customers do not need full 24/7 coverage on every asset. Limiting MDR scope to crown-jewel assets (production, payment, regulated) while running InsightIDR self-service on the rest typically halves the MDR bill without operational compromise.
Negotiate at multi-year renewal
15-20% listRapid7's renewal cycle is the credible negotiation pressure point. Multi-year commits at term renewal produce 15-20 percent off list. Quarter-end carries deeper discount potential, particularly Q4.
Drop low-value log sources
Operational, indirectUnlike per-GB SIEMs, Rapid7's per-asset pricing does not directly reward log filtering. Indirectly, fewer log sources means simpler tuning and lower analyst hours per signal. Aggressive source prioritisation is operational discipline that compounds across multi-year contracts.
When Rapid7 InsightIDR is the right SIEM
InsightIDR wins decisively for mid-market organisations between 500 and 5,000 assets that want a bundled SIEM-EDR-UEBA stack with predictable per-asset pricing and a credible MDR upsell path. Cloud-native engineering teams, fast-growing technology companies, regional financial services firms, and mid-market healthcare networks all fit the profile cleanly. The Insight Platform bundle (InsightIDR + InsightVM + InsightConnect) is genuinely competitive against Sentinel-plus-Defender or Sumo-plus-Wiz consolidation pitches, particularly when vulnerability management is an active discipline.
InsightIDR loses where the asset-to-log-volume ratio is unfavourable (low asset count with very high log volume from cloud APIs and SaaS audit logs), where deep UEBA is the binding constraint (Exabeam or Securonix maintain depth advantages), or where the customer wants a single per-employee or per-GB meter rather than per-asset (Chronicle wins simplicity). The per-asset meter also rewards organisations with disciplined asset management and punishes those with sprawling, undocumented IT estates.
The 2026 competitive trajectory is favourable. Rapid7's MDR business has matured into a credible alternative to Arctic Wolf, eSentire, and CrowdStrike Falcon Complete for mid-market organisations that want managed augmentation without the full MSSP commitment. For mid-market buyers in 2026 weighing managed security service options, InsightIDR plus Rapid7 MDR is genuinely worth the competitive evaluation against the established MDR vendors.