Press Release

August 17, 2012

Rapid7 Receives Highest Possible Rating of 'Strong Positive' in Leading Analyst Firm's Vulnerability Assessment MarketScope Report

Boston, MA - August 17, 2012 - Rapid7, the leading provider of security risk intelligence solutions, today announced that its flagship vulnerability management solution, Rapid7® Nexpose, received a "Strong Positive" - the highest rating possible - in Gartner's 2012 "MarketScope for Vulnerability Assessment"1.

"We're excited that Gartner has recognized Rapid7's capabilities in vulnerability management. Flexibility, accuracy and breadth of scanning have all been areas we've focused on to simplify the complex risk management challenge for our customers and arm them to improve their organization's security posture," said Bernd Leger, vice president of marketing, products and solutions at Rapid7.

Nexpose proactively supports the entire vulnerability management lifecycle, including discovery, assessment and mitigation of security threats, including vulnerabilities, misconfigurations and malware kits. This gives organizations immediate insight into the security posture of their IT environment by conducting over 92,000 vulnerability checks for more than 31,800 vulnerabilities. The solution leverages one of the largest vulnerabilities databases to identify vulnerabilities across networks, operating systems, databases, Web applications and virtual assets. Risk is classified and prioritized based on industry benchmarks such as CVSS and then enriched with contextual information such as the availability of exploits, malware kits, and the age of vulnerabilities. Nexpose then helps to provide a detailed, sequenced remediation roadmap with time estimates for each task. This helps users prioritize remediation so they can focus on the most critical vulnerabilities and make a real improvement to the organization's security posture.

In addition, the integration of Nexpose and Rapid7's penetration testing solution, Metasploit, provides a closed-loop security risk assessment solution. Metasploit imports vulnerability scanning results from Nexpose, validates risks, and feeds the outcome back into Nexpose to simplify reporting and streamline remediation. Metasploit does this by identifying and testing known exploits that correlate with each vulnerability, identifying whether specific attack vectors present a real risk for the organization. This information can then be used to prioritize mitigation and remediation actions.

Nexpose is available in several forms: software, appliance, virtual appliance, laptop/mobile, and as a managed service with which customers can mix these product and service components together in operation. The solution is used to help organizations improve their overall risk posture and security readiness, as well as to comply with mandatory regulations, including security requirements for PCI, HIPAA, ARRA HITECH ACT, FISMA (including SCAP, USGCB, FDCC and CyberScope Compliance), Sarbanes-Oxley (SOX) and NERC CIP. Nexpose is a Common Criteria EAL3+ product and received the SC Magazine Vulnerability Assessment Tool of the Year Award in 2012.

About Rapid7

Rapid7's IT security data and analytics solutions collect, contextualize and analyze the security data you need to fight an increasingly deceptive and pervasive adversary. Unlike traditional vulnerability assessment or incident management, Rapid7 solutions uniquely provide insight into the security state of your assets and users across virtual, mobile, private and public cloud networks. They enable you to fully manage your risk, simplify compliance, and identify, investigate and stop threats faster. Our threat intelligence, informed by members of the Metasploit open source community and the industry-leading Rapid7 Labs, provides relevant context, real-time updates and prioritized risk. Our solutions are used by more than 25% of the Fortune 1000 and nearly 3,000 enterprise, government and small business organizations across 78 countries. To learn more about Rapid7 or get involved in our threat research, visit

MarketScope Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Download pdf
1 Gartner "MarketScope for Vulnerability Assessment" by Kelly M. Kavanagh, August 10, 2012.
Back to Press Releases Media Contact Phone: 857-288-7438 | Email: