2010 Press Releases

PDF Version

Rapid7 Takes Penetration Testing Mainstream With Metasploit Express

Solution Based on the Open Source Metasploit Framework is the First to Provide Affordable, Comprehensive and Easy-To-Use Penetration Testing

BOSTON, Mass. – April 22, 2010Rapid7®, the leading provider of unified vulnerability management, compliance and penetration testing solutions, today introduced Metasploit Express™, a comprehensive penetration testing solution built on the acclaimed open source Metasploit® Framework.  Metasploit Express is the first to bring affordable, comprehensive and easier-to-use penetration testing to organizations with limited time and budgets, empowering businesses to implement greater proactive security strategies and match the speed of advancing security threats.

Today's rapidly evolving security threat landscape is placing unprecedented demands on security organizations.  Current commercial penetration testing options are costly and complex, and struggle to adapt to the dynamics of these evolving threats.  Metasploit Express harnesses the power of open source and collaborative development to deliver a solution that evolves as quickly as the security threats organizations need to defend against.  Metasploit Express is designed specifically for penetration testers and security professionals that require the ability to quickly determine real risks to data and infrastructure.

"When it comes to security, organizations need to stay nimble and react quickly to new vulnerabilities and exploits.  Open and collaboratively-developed penetration testing solutions provide the best option for keeping pace with the speed of emerging threats," said Mike Tuchen, president and CEO of Rapid7.  "Building off the Metasploit Framework, Metasploit Express can continue to evolve and remain innovative, with a price point and ease of use that is accessible for security professionals and organizations of all sizes." 

Leveraging the Metasploit Framework, which remains open source and will also be greatly enhanced with the release of version 3.4 next month, Metasploit Express delivers a number of key features that streamline and facilitate the penetration testing process, including:

Comprehensive penetration testing capabilities
Based on the world’s largest tested and integrated public database of exploits and payloads, Metasploit Express not only runs exploits but also detects and tests insecure configurations, such as weak passwords.  Unlike other existing penetration testing solutions, Metasploit Express enables penetration testers to illuminate trust relationships between systems for a more accurate risk profile.  In addition to testing standard PCs and servers, the product is able to compromise a wide range of network devices and offers data collection and automation capabilities for these devices.

Affordable ease of use
Available at a price point that a broad range of security professionals in large corporations, consulting organizations and small business can leverage, Metasploit Express' extensive network penetration testing capabilities are further enhanced by the product's rich graphical user interface and the Metasploit Express Workflow Manager™, an advanced workflow engine that provides a step-by-step model to simplify and accelerate testing programs and eliminates the burden of many manual processes found with traditional exploit attack platforms.

Fully integrated and open
Metasploit Express integrates with all editions of the Company's vulnerability management solution, Rapid7 Nexpose®, including the Community Edition, the industry's only free vulnerability software for commercial use.  Users can launch a Nexpose scan directly from within the Metasploit Express user interface and the vulnerability information from Nexpose is directly linked to the exploit data in Metasploit Express.  As a result, users are able to detect vulnerabilities in their IT infrastructure and then use Metasploit Express to test for the ability to penetrate the vulnerabilities and launch an attack, greatly decreasing the time to test and increasing the efficiency in real threat detection.  Metasploit Express also ships with pre-built support for Nmap and other third-party solutions.  Additionally, standard Metasploit modules can be used with Metasploit Express, allowing penetration testing teams to re-use the modules they have already written while still taking advantage of the Metasploit Express logic engine and user interface.

Continued support from and for the open source community
Rapid7 and the Metasploit Project are preparing for the release of version 3.4 of the Metasploit Framework, which will include major improvements made to the Meterpreter payload, the expansion of the framework’s brute force capabilities, and the complete overhaul of the backend database schema and event subsystem.  In addition, more than 60 exploit modules and 40 auxiliary modules will be added with version 3.4.

"Metasploit Express and the upcoming Metasploit Framework 3.4 provide significant enhancements to the community and help not only advance the art of penetration testing but enable users of all skill levels to benefit from the ability to find vulnerabilities in a variety of systems and then test for exploitability," said HD Moore, Rapid7 CSO and Metasploit chief architect.  "We've remained committed to improving the Metasploit Framework with consistent enhancements and accelerated quality assurance, and Metasploit Express and the Metasploit Framework 3.4 are testament to that work.  We thank the community for all that they contributed."

Pricing and Availability

Metasploit Express 3.4 costs $3,000 per user per year and includes support with dedicated SLAs provided by Rapid7 staff.  Metasploit Express 3.4 is due to ship in May 2010.

About Rapid7

Rapid7 is the leading provider of security risk intelligence solutions. Rapid7's integrated vulnerability management and penetration testing products, Nexpose and Metasploit, empower organizations to obtain accurate, actionable and contextual intelligence into their threat and risk posture. Rapid7's solutions are being used by more than 1,700 enterprises and government agencies in more than 65 countries worldwide, while the Company's free products are downloaded more than one million times per year and enhanced further by over 125,000 security community users and contributors. Rapid7 has been recognized as one of the fastest growing security companies by Inc. Magazine and as a "Top Place to Work" by the Boston Globe. The Company is backed by Bain Capital Ventures and Technology Crossover Ventures. For more information about Rapid7, please visit http://www.rapid7.com.

Awards
SC Magazine Finalist Deloitte Fast 500 Award Logo ASC Award inc500 Award Logo 2009 Redherring Winner Logo 2009 Best Prodcuts Logo 2009 Tomorrow Tech Logo 2009 GPE Awrads Logo Finalist Hot Companies 2009 Logo Rapid7 Star100 Revised Graphic SC Award Nominee 2008 Nominee 2008 Global Exeellence SC Awards 2007 Finalist Hot Companies of 2007 Customer Trust Logo Hot Company 2006 Logo SC 2006 Awards Winner
Most Read
Most Downloaded
Press Releases