2009 Press Releases

PDF Version

Rapid7 Acquires Metasploit

Company Brings Richer Exploit Data to Unified Vulnerability Management Solution; Metasploit Receives Dedicated Resources for Continued Growth and Development

BOSTON, Mass. – October 21, 2009 – Rapid7, the leading provider of unified vulnerability management, compliance and penetration testing solutions, today announced the acquisition of Metasploit, the principal organization behind the open source penetration testing framework and world's largest database of public, tested exploits, the Metasploit Project.  As a result of the acquisition, Rapid7 will leverage Metasploit to enhance its vulnerability management solution, Rapid7 Nexpose™, becoming the only company to deliver a full breadth of security assurance solutions and expertise.  Rapid7 will also sponsor dedicated resources and contributions to the standalone, community-driven Metasploit Project to further its growth and success. 

With the number of reported vulnerabilities increasing each day, organizations in all industries must seek comprehensive, unified security solutions that continuously prioritize risk, protect business-critical systems and data, and achieve compliance.  By acquiring Metasploit, Rapid7 fulfills an industry void by bringing richer exploitability data to customers and partners benefiting from Rapid7 Nexpose, enabling them to better identify, prioritize and remediate critical security issues based on the knowledge of active exploits available.  As a result, security teams are able to deliver maximum security benefits without straining limited resources.

"Metasploit and Rapid7 Nexpose are uniquely positioned to improve upon the industry-leading capabilities of both products and to raise the bar on the industry at large," said Mike Tuchen, president and CEO of Rapid7.  "With our broader solution portfolio, we are the first security provider to meet the demand of enterprises and government agencies in enabling them to identify and mitigate exploitable threats in their IT environment based on their security risk profile."

In addition to expanding its reach to a broader audience as a result of the acquisition, the Metasploit Project can accelerate its open source development plans.  Rapid7 is committed to furthering Metasploit’s development and is investing dedicated, full-time resources to achieve the project's long-standing goals.  Metasploit will continue to expand the exploit library and create a broader platform with publicly available exploits, helping organizations stay ahead of the changing threat landscape by providing the same information behind some of today’s malicious attacks.

With this acquisition, Rapid7 also gains additional industry expertise.  HD Moore, the Metasploit Project founder and internationally recognized security expert, joins Rapid7's executive team as chief security officer and will remain Metasploit's chief architect.  As CSO, Moore will continue to drive Metasploit and Rapid7 penetration testing innovation and expansion.  Reporting to Moore are other Metasploit members who will join the Rapid7 team solely dedicated to the Metasploit Project’s progress. 

"Since 2003, the Metasploit Project has focused on sharing security information and developing cutting-edge security products.  This acquisition provides dedicated resources to the project, accelerating our growth and allowing us to provide even better solutions to the community.  Rapid7 recognizes the value of the community and is passionate about the success of the project," said HD Moore, chief security officer and chief architect, Metasploit. "Together, Metasploit and Rapid7 provide the best of both penetration testing and vulnerability management solutions, paving the way to deliver unique capabilities that will vastly improve how security flaws are managed."

"For a number of years now, open source community security projects have provided important contributions to risk prevention research and technology. Without proper support, however, it can be difficult to keep community projects running and open source software current," said Diana Kelley, partner and analyst, SecurityCurve.  "Rapid7's stated commitment to provide support for the Metasploit Project community work, while keeping the framework and tools free, means this acquisition can be a win for both teams."

The combination of Nexpose and Metasploit will enable Rapid7 to continue to grow its relationship with partners and consultants, delivering improved technology and more comprehensive solutions for vulnerability management and penetration testing to help enterprises and government agencies implement and maintain security best practices.

For more information about the Metasploit Project, please visit www.metasploit.com. 
For more details regarding the acquisition and Rapid7’s products and services, please go to www.rapid7.com.

About Rapid7

Rapid7 is the leading provider of security risk intelligence solutions. Rapid7's integrated vulnerability management and penetration testing products, Nexpose and Metasploit, empower organizations to obtain accurate, actionable and contextual intelligence into their threat and risk posture. Rapid7's solutions are being used by more than 1,700 enterprises and government agencies in more than 65 countries worldwide, while the Company's free products are downloaded more than one million times per year and enhanced further by over 125,000 security community users and contributors. Rapid7 has been recognized as one of the fastest growing security companies by Inc. Magazine and as a "Top Place to Work" by the Boston Globe. The Company is backed by Bain Capital Ventures and Technology Crossover Ventures. For more information about Rapid7, please visit http://www.rapid7.com.