Rapid7 Nexpose Now Offers Live Exposure Management, Gives Customers the Power to Act at the Moment of Impact

Advances to Nexpose designed to help reduce risk remediation from weeks to minutes, provide live risk prioritization as network exposures happen, and eliminate false alerts and bottlenecks associated with passive scanning

Boston, MA — June 7, 2016

Rapid7, Inc. (NASDAQ: RPD), a leading provider of security data and analytics solutions, today announced Rapid7 Nexpose Now, a major enhancement to its vulnerability management solution that gives customers access to live risk and exposure updates as IT environments change. Nexpose Now is designed to combine the power of advanced exposure analytics, dynamic data collection, and remediation workflows for live exposure monitoring so customers can act the moment risk is impacted. Today’s Nexpose news marks a watershed moment for IT security professionals who have called for live vulnerability data without the toil of passive scanning.

Modern networks face constant change, making it difficult for security professionals to understand the level of risk their organization is exposed to at any given moment. This reality is underscored by the 2016 Verizon Data Breach Investigations Report, which found that most security professionals struggle to keep pace with vulnerabilities discovered in their environment. This is exacerbated by a lack of visibility into new assets joining the network; security professionals need to ensure these assets are protected as they connect. Nexpose users will now be able to see vulnerabilities at the moment of impact; prioritize actions based on the risk to their business; have the ability to work directly with IT for remediation; and track progress.

“This is security – nothing waits and change is constant. Whether you’re talking about the IT environment or the threats organizations face, the ability to respond the moment something changes is what matters. Passive scanning solutions are insufficient when it comes to catching an emerging risk. Anytime a vulnerability management solution isn’t actively assessing exposures and adapting to new threats, there’s a window of opportunity for an attacker,” said Lee Weiner, chief product officer at Rapid7. “We know that change is where threats hide. Threats don’t wait for a scheduled or passive scan to notice them before doing damage.”

Through its automated data collection and assessment, Nexpose eliminates the time wasted between scheduled scans and manual data collection processes. Rather than waiting for a trigger event, Nexpose actively gathers and monitors exposure data from the endpoint to the cloud using agentless and agent-based techniques to alert security teams the moment a change in risk occurs. Nexpose also helps to improve communication issues associated with workflow integrations between people and technology by dynamically prioritizing what must be done to reduce risk as the environment changes.

“Passive vulnerability scanning forces me to act based on old information -- stale alerts and static reports -- effectively giving malicious actors a head start on my network. Nexpose gives me live vulnerability data that updates the second my environment changes,” said a security analyst at a provider of mobile and online messaging with more than 1,000 employees worldwide. “As a member of the Beta program, watching the feedback I’ve shared built into the product has been empowering. Rapid7 is also helping me prioritize actions based on the risk to my organization. This helps clarify communication with IT, track workflow, and share progress with our leadership team.”

Rapid7 Nexpose Now gives users: 

  • Live Monitoring of Vulnerabilities Using Fresh Data 
    Nexpose provides live monitoring of exposures and removes data drudgery by collecting from, and working with, existing data sources. Nexpose takes the data it collects and leverages the Rapid7 Insight Platform -- the engine behind Rapid7’s secure, cloud-based data analytics solutions – for its new live exposure management capability. Nexpose automatically translates decades of Rapid7 attacker and vulnerability knowledge into a proven analytics library, delivering on the promise of actionable intelligence – without requiring the skills of a data scientist to interpret them. These new live monitoring enhancements to Nexpose are the natural evolution of Adaptive Security, which focuses on network changes and cuts down on the noise of unfiltered alerts typical of passive scanning. 

  • Liveboards – Not Static Dashboards – From What’s New Through Remediation Status 
    Nexpose is automated to ask critical and relevant questions of the live data it collects in order to deliver insight, including recommendations designed to reduce risk in the context of organizations’ changing environments. Nexpose Liveboards are built for users to take action and reflect the current state of exposure. In contrast, traditional passive scanning solutions build static dashboards that may not provide meaningful or actionable information and are outdated the moment they publish.

    Nexpose Liveboards are also preconfigured to showcase remediation progress and its impact on the vulnerability management program. Security professionals are given the ability to depict how they are safeguarding business data, employees, and customers with Liveboards that translate security data into the language of IT professionals and executives. 

  • Live Remediation Workflow to Effectively Integrate People and Technology
    Nexpose remediation workflow is designed to help direct and manage team resources so that customers can focus on what will have the greatest impact to reduce risk within their organization. Nexpose also integrates directly with existing workflow and patch management solutions, such as ServiceNow, JIRA (Atlassian), Microsoft SCCM (System Center Configuration Manager), and Microsoft WSUS (Windows Server Update Services). These new capabilities are designed to help reduce friction between security and IT departments, by delivering intuitive context about what needs to be fixed, when, and why. This helps IT teams see and understand the impact they are making on their organizations’ security. 

Today, Nexpose Live Monitoring, Liveboards, and Exposure Analytics will be made generally available to Nexpose Enterprise customers in English. Nexpose Remediation Analytics will also be made available in Beta to Nexpose Enterprise customers in English today. These enhancements to Nexpose will be made available in additional languages over time. For more information about Rapid7 Nexpose, visit Rapid7’s stand D40 at Infosecurity Europe or see https://www.rapid7.com/nexpose/now

Rapid7 Threat Exposure Management Portfolio
Nexpose is part of Rapid7’s Threat Exposure Management (TEM) offering, designed to find and fix vulnerabilities, misconfigurations, and exposures found in organizations’ networks, applications, people, and processes. By combining vulnerability management, application security, and penetration testing solutions, Rapid7’s TEM suite is designed to help organizations systematically reduce exposure in a matter of hours or even minutes, versus days or sometimes months.

Rapid7 offers the following as part of its TEM portfolio:

  • Nexpose: collects data, analyzes risk from the endpoint to the cloud, and enables IT security teams to identify, assess, and respond to critical changes in their environments as they happen. It also provides complete threat exposure management by testing security controls, and prioritizing and driving risk reduction.
  • Metasploit: provides risk assessment through the controlled simulation of a real attack. It increases penetration testers' productivity; prioritizes and demonstrates risk through closed-loop vulnerability validation; and measures security awareness through simulated phishing emails.
  • AppSpider: dynamically assesses custom web, mobile, and cloud applications for vulnerabilities across all modern technologies; provides tools that speed remediation; and monitors applications for changes.
  • Managed Services: enable organizations to leverage Rapid7’s TEM offerings and security expertise by outsourcing implementation and day-to-day operations to Rapid7 skilled staff as a managed service.

About Rapid7

Rapid7 is a leading provider of security data and analytics solutions that enable organizations to implement an active, analytics-driven approach to cyber security. We combine our extensive experience in security data and analytics and deep insight into attacker behaviors and techniques to make sense of the wealth of data available to organizations about their IT environments and users. Our solutions empower organizations to prevent attacks by providing visibility into vulnerabilities and to rapidly detect compromises, respond to breaches, and correct the underlying causes of attacks. Rapid7 is trusted by more than 5,100 organizations across 99 countries, including 37% of the Fortune 1000. To learn more about Rapid7 or get involved in our threat research, visit www.rapid7.com.

Cautionary Language Concerning Forward-Looking Statements

This press release includes forward-looking statements. All statements contained in this press release other than statements of historical facts, including, without limitation, statements relating to the Company’s growth strategy, delivering long-term value and the company’s future market opportunities, are forward-looking statements. The words “anticipate,” believe,” “continue,” “estimate,” “expect,” “intend,” “may,” “will” and similar expressions are intended to identify forward-looking statements. We have based these forward-looking statements largely on our current expectations and projections about future events and financial trends that we believe may affect our financial condition, results of operations, business strategy, short-term and long-term business operations and objectives and financial needs. These forward-looking statements are subject to a number of risks and uncertainties, including, without limitation, risks related to our rapid growth and ability to sustain our revenue growth rate, the ability of our products and professional services to correctly detect vulnerabilities, competition in the markets in which we operate, market growth, our ability to innovate and manage our growth, our ability to integrate acquired operations, our ability to operate in compliance with applicable laws as well as other risks and uncertainties set forth in the “Risk Factors” section of our Quarterly Report on Form 10-Q filed with the Securities and Exchange Commission for the quarterly period ended March 31, 2016 filed with the Securities and Exchange Commission on May 12, 2016, and subsequent reports that we file with the Securities and Exchange Commission.  Moreover, we operate in a very competitive and rapidly changing environment. New risks emerge from time to time. It is not possible for our management to predict all risks, nor can we assess the impact of all factors on our business or the extent to which any factor, or combination of factors, may cause actual results to differ materially from those contained in any forward-looking statements we may make. In light of these risks, uncertainties and assumptions, we cannot guarantee future results, levels of activity, performance, achievements or events and circumstances reflected in the forward-looking statements will occur. We are under no duty to update any of these forward-looking statements after the date of this press release to conform these statements to actual results or revised expectations, except as required by law. You should, therefore, not rely on these forward-looking statements as representing our views as of any date subsequent to the date of this press release.

Press Contact

Rachel E. Adam

Senior PR Manager