Rapid7 Acquires Metasploit
October 21, 2009
I'm extremely pleased to announce Rapid7's acquisition of Metasploit, the leading open source penetration testing framework and world's largest database of public, tested exploits. We believe the acquisition deepens our leadership as the leading provider of vulnerability management, compliance and penetration testing solutions and will provide great value for our customers and partners.
As a result of the acquisition, we will leverage Metasploit technology to enhance our vulnerability management solution, Rapid7 NeXposeTM. At the same time we will not only maintain, but accelerate the open source framework Metasploit with dedicated resources and contributions. I’m also pleased to announce that HD Moore, the founder of Metasploit, will be joining Rapid7 full-time as Chief Architect of Metasploit and Chief Security Officer of Rapid7.
I'm excited about this news for a number of reasons:
- The acquisition raises the bar to what our industry can expect from all those involved, be they vendors, end-users, partners or community members. Since joining Rapid7, I’ve learned about some of the key principles of network security: defense in depth, continuously identifying and fixing your vulnerabilities, and improving security through continuous investments in people, process, and technology. With this announcement we are embracing the role of industry innovator by providing better protection to you as our client, feeding the community and creating an environment open for dialog about the implementation of security best practices.
- As a result of our union, we will be able to bring superior data on exploitability to our customers, helping them to prioritize and remediate key security issues. The exploit data will be directly embedded in our vulnerability management solution NeXpose, providing a whole new level of risk analysis capabilities to our clients, while ensuring that NeXpose, which will continue as a separate product, delivers the safest, most proactive and actionable vulnerability scanning capabilities in the industry.
- We're thrilled that HD Moore and other key Metasploit contributors have joined Rapid7 to work full-time on the open source Metasploit Framework code. HD and the team will now have more dedicated resources and support to invest in exploit research and to create a broader penetration testing platform. As part of our support of the community, we will contribute vulnerability data from the NeXpose product to expand the accuracy and reliability of the Metasploit Framework, which will remain open source. It is a true win-win for everyone.
- Finally, the combination of NeXpose and Metasploit will enable Rapid7 to continue to grow its relationship with partners and consultants, delivering improved technology and more comprehensive solutions for vulnerability management and penetration testing. Having a broader portfolio will further accelerate our dialog with our partner ecosystem to ensure that our solutions meet their needs.
Over the next weeks we will be providing additional details on our plans so please stay tuned to hear more from us. For additional information, please reference our press release on the acquisition as well as the FAQ below. If you have any feedback or suggestions regarding our announcement, I would love to hear from you.
President & CEO, Rapid7
FAQ on Rapid7's Acquisition of Metasploit
- What is being announced?
- How will Rapid7 NeXpose customers benefit?
- Does Rapid7 have a security consulting organization?
- What opportunities will consulting companies have as a result of this acquisition?
- Will there be integration between NeXpose and Metasploit?
- Will Rapid7 provide commercial support for Metasploit?
- Where can I learn more about Rapid7's upcoming plans for NeXpose and Metasploit?
What is being announced?
On October 21, 2009 Rapid7 announced the acquisition of Metasploit, the principal organization behind the open-source penetration testing framework and world's largest database of public, tested exploits, the Metasploit Project. As a result of the acquisition, Rapid7 will leverage Metasploit technology to enhance its vulnerability management solution, Rapid7 NeXpose™, becoming the only company to deliver a full breadth of security assurance solutions and expertise. Rapid7 will also sponsor dedicated resources and contributions to the standalone, community-driven Metasploit Project to further its growth and success.
How will Rapid7 NeXpose customers benefit?
With the number of reported vulnerabilities increasing each day, organizations in all industries must seek comprehensive, unified security solutions that continuously prioritize risk, protect business-critical systems and data, and achieve compliance. By acquiring Metasploit, Rapid7 fills industry void by bringing richer exploitability data to users of Rapid7 NeXpose, enabling them to better identify, prioritize, and remediate critical security issues based on the knowledge of active exploits available.
Does Rapid7 have a security consulting organization?
Rapid7 has a professional services organization focused on deploying and implementing Rapid7 technology in customer environments. Rapid7 has a small highly trained security assessment practice focused on helping its customers address security concerns. However, Rapid7 also engages with trusted partners to deliver security assessments leveraging Rapid7 NeXpose and Metasploit. Consulting partners interested in learning more about business development opportunities with Rapid7 please sign up here.
What opportunities will consulting companies have as a result of this acquisition?
Rapid7 has several programs for consulting companies that deliver security assessments. Rapid7 is committed to driving security assessment business to its consulting partners. If you are interested in learning more about business development opportunities with Rapid7, please sign up here.
What are Rapid7's plans for Metasploit and the open source community?
We're thrilled that HD Moore and other key Metasploit contributors have joined Rapid7 to work full-time on the open source Metasploit Framework code. HD and the team will now have more dedicated resources and support to invest in exploit research and to create a broader penetration testing platform. As part of our support of the community, we will contribute vulnerability data from the NeXpose product to expand the accuracy and reliability of the Metasploit Framework, which will remain open source. It is a true win-win for everyone.
Will there be integration between NeXpose and Metasploit?
Based on customer feedback, NeXpose will continue to function as a stand-alone vulnerability management solution, delivering the safest, most proactive and actionable vulnerability scanning capabilities in the industry. Key benefits that customers will experience as a result of this acquisition will be improved risk scoring algorithms in NeXpose based on exploit data from Metasploit. This will enable organizations to avoid false positives and prioritize their vulnerabilities with even higher precision than currently available.
Will Rapid7 provide commercial support for Metasploit?
Yes, Rapid7 intends to provide commercial support for Metasploit. The exact capabilities and scope of this support will be announced in due course.
Where can I learn more about Rapid7's upcoming plans for NeXpose and Metasploit?
Visit www.Rapid7.com and stay tuned for additional announcements in the coming weeks.
-
STAY TUNED FOR
upcoming news -
Rapid7 acquires Metasploit
Enhances Vulnerability Management Solution and Invests in Open Source Community
Read Release
