Rapid7 is the Boston-based cybersecurity platform pure-play positioned against Tenable, Qualys, Wiz, CrowdStrike, Microsoft Sentinel, and Splunk across vulnerability management, SIEM, cloud security, and external attack surface management. The strategic pivot in 2024-2026 has been the Rapid7 Command Platform — an integrated consolidation of InsightVM, InsightIDR, InsightCloudSec, Surface Command, and managed services under a single commercial umbrella. Command Platform pricing represents Rapid7's bid to move enterprise accounts from point-product licensing to multi-product platform commitment, with bundle discounts that materially shift the cost comparison against pure-play alternatives. For category context, see the Cybersecurity category benchmark.
Rapid7 Pricing Model Explained
Rapid7 uses different pricing constructs for different products within the Command Platform, which is both a feature (accurate usage-based pricing on each workload) and a bug (complex to model and compare against competitors with simpler pricing). InsightVM (vulnerability management) is priced per asset per year. InsightIDR (SIEM + XDR) is priced per user for endpoint coverage plus per GB for log ingestion, with tiered pricing that steps down significantly above 1TB daily ingestion. InsightCloudSec (cloud security posture management and CNAPP) is priced per cloud resource unit. Surface Command (external attack surface management) is priced per monitored asset plus per investigation. Command Platform bundles apply bundle discounts when 2+ products are purchased together with multi-year commitment.
The 2026 Command Platform bundle structure: two-product bundles (typically InsightVM + InsightIDR) unlock 8-14% bundle discount above standalone pricing. Three-product bundles (adding InsightCloudSec or Surface Command) unlock 14-22% bundle discount. Full Command Platform commitments (four products plus managed services) unlock 22-30% bundle discount. Multi-year 3-year terms add an incremental 8-14% per-year depth compared to 1-year terms. These bundle mechanics are the primary lever that moves Rapid7 pricing from adjacency-parity with Tenable and Qualys to meaningful TCO advantage on multi-product consolidation.
InsightIDR's log ingestion pricing is a non-obvious commercial driver. Standard InsightIDR tier includes log ingestion allowances that scale with user count, but high-volume environments (financial services, healthcare, retail) frequently consume ingestion materially above allowance, triggering overage at 15-25% premium to committed volume. The key negotiation lever: purchase dedicated log ingestion tiers that align with actual daily ingestion volume, and negotiate overage-pricing caps to avoid surprise charges.
Asset Count Scaling and True-Up
InsightVM asset count scaling is tiered. Per-asset pricing steps down at 1,000, 5,000, 15,000, 50,000, and 100,000 asset tiers. Annual true-up mechanisms apply if actual asset counts exceed subscribed counts, typically at list price for the overage plus retroactive true-up. Downward adjustment rights on shrinking asset counts are not included absent negotiation. This is a universal pattern across vulnerability management vendors; Rapid7 is no worse than Tenable or Qualys on asymmetric true-up, but the discipline to negotiate symmetric adjustment is worthwhile.
What Enterprises Actually Pay for Rapid7
These 2026 figures reflect negotiated annual Rapid7 spend across 58+ benchmarked enterprise deployments. "Typical" reflects median deal economics with modest competitive pressure; "Strong Leverage" assumes written Tenable, Qualys, Wiz, CrowdStrike Falcon, and Microsoft Sentinel competitive bids with Q4 timing and Command Platform bundle consolidation.
| Deployment Profile | Primary Products | Typical Annual Spend (Negotiated) | With Strong Leverage |
|---|---|---|---|
| InsightVM standalone (5,000 assets) | Vulnerability management only | $32K–$48K | $25K–$38K |
| InsightVM + InsightIDR (15,000 assets) | VM + SIEM | $180K–$385K | $140K–$295K |
| Three-product bundle (30,000 assets) | VM + IDR + CloudSec | $385K–$850K | $295K–$650K |
| Full Command Platform (50,000+ assets) | All products + MDR | $850K–$2.2M | $650K–$1.65M |
| Strategic enterprise (100,000+ assets) | Full platform + custom services | $2.2M–$3.5M+ | $1.7M–$2.7M |
| InsightIDR log ingestion (1TB/day) | Log volume tier | $85K–$140K | $65K–$110K |
| MDR (Managed Detection and Response) | 24/7 SOC service | $120K–$485K | $95K–$380K |
Median Fortune 1000 Rapid7 subscription is approximately $385,000 annually across 2-3 products. The primary driver of variance is product breadth (single-product standalone versus Command Platform bundle) and asset count scale. For comparative context within cybersecurity, see our CrowdStrike Falcon pricing guide, Palo Alto Networks pricing guide, and Splunk Security pricing guide.
Submit your Rapid7 contract for a free benchmark
Upload your Rapid7 Command Platform proposal or current contract and get a 24-hour benchmark. See exactly where you stand on per-asset, per-user, and log ingestion pricing versus 58+ comparable deployments.
Submit Your Contract →Rapid7 Discount Benchmarks — What Is Achievable?
Rapid7 discount depth responds strongly to four levers: calendar-year Q4 timing (fiscal year ends December 31), written competitive bids against Tenable, Qualys, Wiz, and Microsoft Sentinel, Command Platform multi-product bundle consolidation, and multi-year commitment depth. Rapid7 post-pivot to Command Platform has tightened single-product pricing discipline while enabling deeper multi-product bundle depth.
| Discount Mechanism | Typical Depth | With Strong Leverage | Notes |
|---|---|---|---|
| Single-product InsightVM under $75K | 12–18% | 18–25% | Limited leverage on small deals |
| Single-product InsightVM $75K-$300K | 18–28% | 25–35% | Tenable/Qualys RFP unlocks depth |
| Two-product bundle | 22–32% | 32–38% | 8-14 points bundle benefit vs singles |
| Three-product Command Platform | 28–38% | 35–42% | 14-22 points bundle benefit |
| Full Command Platform ($500K+) | 32–42% | 38–48% | Strategic commitment depth |
| 3-year commitment uplift | 8–14% | 14–22% | Over 1-year equivalent |
| Q4 fiscal year-end timing | 4–8 points | 8–14 points | Oct-Dec aligned with FY close |
| MDR services bundle | 15–25% | 25–35% | On managed service fees |
The credible competitive alternatives Rapid7 commercial teams model against: Tenable (direct vulnerability management competitor, typically 5-12% tighter on pure VM scope), Qualys (VMDR competitor, frequently 8-15% tighter on pure VM, weaker on SIEM/XDR), Wiz (CNAPP leader, direct InsightCloudSec competitor, typically 12-22% tighter on pure cloud security), CrowdStrike Falcon (XDR competitor to InsightIDR, strong endpoint positioning), Microsoft Sentinel + Defender (SIEM and XDR competitor, particularly threatening for Microsoft E5 customers), and Splunk (SIEM competitor with deep log analytics strength but significantly higher TCO).
Rapid7 Pricing by Product
InsightVM (Vulnerability Management)
Rapid7's flagship product and largest revenue contributor. Per-asset pricing at $3.20-$5.80 per asset per year on 10,000+ asset deployments; entry pricing at $5.50-$7.80 per asset under 1,000 assets. Includes vulnerability scanning, risk scoring, threat intelligence integration, and remediation workflow. Competes directly with Tenable Vulnerability Management and Qualys VMDR. Negotiate asset-count tier thresholds, agent-versus-network-scan flexibility, and symmetric true-up adjustment.
InsightIDR (SIEM + XDR)
SIEM and XDR platform combining log analytics, endpoint detection, and incident response. Priced per user for endpoint coverage plus per GB for log ingestion. Log ingestion tiers step down at 100GB/day, 500GB/day, 1TB/day, and 2TB/day daily volume thresholds. Competes against Splunk, Microsoft Sentinel, IBM QRadar, and CrowdStrike Falcon LogScale. Log ingestion overage at 15-25% premium is the dominant surprise-cost risk. Negotiate dedicated ingestion tiers aligned with actual daily volume and overage pricing caps.
InsightCloudSec (CNAPP)
Cloud-Native Application Protection Platform covering cloud security posture management (CSPM), cloud workload protection (CWPP), and cloud infrastructure entitlement management (CIEM) across AWS, Azure, and GCP. Per-cloud-resource pricing; typical enterprise deployment $85K-$485K annually. Competes against Wiz, Lacework, Orca Security, Palo Alto Prisma Cloud, and CrowdStrike Falcon Cloud Security. CNAPP market is the most price-competitive cybersecurity category in 2026 with Wiz exerting meaningful pricing pressure.
Surface Command (External Attack Surface Management)
External attack surface discovery, monitoring, and investigation. Priced per assessed asset plus per-investigation fees. Competes against Palo Alto Networks Cortex Xpanse, Tenable Attack Surface Management, CrowdStrike Falcon Surface, and Darktrace PREVENT. Surface Command is Rapid7's most commercially flexible product — aggressive bundle discounts available when combined with Command Platform.
Managed Detection and Response (MDR)
24/7 SOC-as-a-service delivered on the Command Platform. Priced per user plus baseline fee for SOC coverage. Typical enterprise MDR ranges $120K-$485K annually. Competes against CrowdStrike Falcon Complete, Arctic Wolf, Expel, and SentinelOne Vigilance. MDR pricing is often bundled into Command Platform strategic deals with material discount; standalone MDR procurement frequently prices more aggressively than Rapid7's initial list.
Benchmark Rapid7 against Tenable, Qualys, and Wiz
See how your Rapid7 Command Platform economics compare against Tenable, Qualys VMDR, Wiz, Microsoft Sentinel, and CrowdStrike Falcon at equivalent scope. 24-hour benchmark across 58+ comparable deployments.
Contact Us →Common Rapid7 Contract Traps to Watch For
Asset Count Asymmetric True-Up
Annual asset count true-up at list pricing for incremental assets above subscribed count, with retroactive true-up to contract start. Downward adjustment rights on shrinking asset counts are typically not included. Negotiate symmetric adjustment, capped user-count bandwidth, or annual asset-count reset at renewal.
InsightIDR Log Ingestion Overage
Log ingestion above committed volume bills at 15-25% premium. High-volume enterprises (financial services, healthcare, large retail) frequently face multi-hundred-thousand-dollar overage surprise invoices. Negotiate dedicated ingestion tier alignment with actual daily volume, monthly-average versus daily-peak measurement, and overage pricing caps (typically 3-5% above committed tier pricing).
Command Platform Bundle Discount Preservation
Bundle discounts apply only while all products in the bundle remain under active subscription. Dropping any single product at renewal typically eliminates the bundle discount across remaining products, creating a cliff-edge renewal dynamic. Negotiate bundle-discount preservation clauses that allow single-product reduction without eliminating remaining bundle benefit.
Professional Services and MDR Service Pricing
Rapid7 professional services and MDR managed services are frequently priced at standalone list even within Command Platform deals. Negotiate pooled professional services hours, bundled MDR discount tiers tied to Command Platform commitment, and transparent hourly rate disclosure.
Rapid7 Renewal Pricing: What Changes and What Does Not
Rapid7 renewal behavior is predictable: per-asset and per-user pricing escalates 5-9% annually absent negotiation, and renewal typically proposes Command Platform bundle expansion.
What changes at renewal: Per-asset, per-user, and per-GB rates escalate 5-9% annually absent negotiation. Log ingestion tiers reset to then-current list, which may be materially different from original tier pricing. Bundle-discount structure shifts as Rapid7 repositions Command Platform tier thresholds. Professional services and MDR rates carry forward at then-current list.
What does not change without leverage: Bundle discount depth does not improve at renewal absent competitive pressure. Multi-year term benefits carry forward only if renegotiated. Asymmetric true-up provisions extend unchanged.
What changes with leverage: Written Tenable, Qualys, Wiz, CrowdStrike Falcon, and Microsoft Sentinel competitive bids at renewal initiation routinely unlock 8-18% incremental renewal depth. Command Platform consolidation (moving from Rapid7 + separate CNAPP or SIEM vendor to Command Platform bundle) provides strong negotiation leverage. Q4 fiscal year-end timing alignment produces 4-10 points additional depth. MDR service rationalization (consolidating managed services into Rapid7 or away from Rapid7) shifts negotiation dynamic materially.
Frequently Asked Questions
How much does Rapid7 cost for enterprise deployments?
Rapid7 enterprise annual subscriptions typically range $90,000-$3.5M+ depending on scope. InsightVM priced per asset at $3.20-$5.80 per asset per year. InsightIDR priced per user plus GB of log ingestion. InsightCloudSec priced per cloud resource. Median Fortune 1000 Rapid7 subscription is approximately $385,000 annually across 2-3 products.
What discount is achievable on Rapid7?
Rapid7 discounts range 18-42% off list depending on deal size, competitive pressure, and Q4 timing. Typical enterprise discount on strategic multi-product deals is 28-38%, with 35-42% achievable on strategic Command Platform deals above $500K with written Tenable, Qualys, Wiz, CrowdStrike Falcon, and Microsoft Sentinel competitive bids.
How does Rapid7 pricing compare to Tenable and Qualys?
Rapid7 InsightVM typically prices within 5% of Tenable Vulnerability Management and 8-15% above Qualys VMDR on equivalent asset coverage. For pure vulnerability management, Tenable and Qualys commonly carry tighter economics; for multi-product Command Platform consolidation, Rapid7 frequently produces TCO parity or advantage.
What are common Rapid7 contract traps?
Key traps: (1) asset count true-up with asymmetric increase-only adjustment, (2) InsightIDR log ingestion overage at 15-25% premium, (3) Command Platform bundle discounts that evaporate if any product is dropped, (4) professional services and MDR priced at premium without tier-integration discount.
Should I buy single products or the Command Platform bundle?
Command Platform bundle is preferable when: (1) you plan to consolidate 3+ security point products into a single platform, (2) you want MDR services integrated with VM/SIEM/CNAPP, (3) multi-year commitment fits your planning horizon. Single-product procurement is preferable when: (1) you only need InsightVM and have best-of-breed preferences for SIEM and CNAPP, (2) you want vendor flexibility product-by-product, (3) your committed duration is under 2 years. Model both paths at actual scope; bundle economics frequently tip the math toward Command Platform on 3+ products.
Next Steps
Rapid7 deals reward Q4 fiscal year-end timing, Command Platform multi-product consolidation, and written competitive bids from Tenable, Qualys, Wiz, CrowdStrike, and Microsoft Sentinel. The worst-priced Rapid7 contracts we benchmark share a pattern: single-product standalone at list without platform view, no log ingestion tier alignment, asymmetric true-up clauses unaltered, and mid-quarter execution without competitive RFP pressure. The best-priced deals do the opposite.
If you are evaluating Rapid7 for new purchase, planning a Command Platform consolidation, or facing a Rapid7 renewal within 6-12 months, upload your current proposal or spend summary for a 24-hour benchmark analysis against 58+ comparable enterprise deployments. For comparative context, see our CrowdStrike Falcon pricing guide, Palo Alto Networks pricing guide, Splunk Security pricing guide, and the Cybersecurity category benchmark.