Rapid7 Reports Strong Third Quarter with Launch of Innovative Solutions to Address Critical Cloud, Mobile, and User Risk

Continues to Support Security Community Through Highly Successful Customer Conference and Large-Scale Open Data Research Project

Boston, MA — November 27, 2013

Rapid7, a leading provider of IT security risk analytics and insight software and cloud solutions, today announced its eighteenth consecutive quarter of record revenue. During a quarter of outstanding security community support, portfolio improvements, and industry recognition, the highlight was the launch of two brand new security solutions: Rapid7 UserInsight and Rapid7 ControlsInsight. These new solutions, announced at the UNITED Security Summit in August, address the growing risks associated with endpoints, social business practices, and the consumerization of IT through cloud services and mobile devices.

With the growth of cloud adoption and the "bring your own device" (BYOD) trend, end-users now access corporate data through a variety of channels that are unmanaged by the IT team. Organizations need to get visibility into the risks associated with users, so they can manage them appropriately. Rapid7 UserInsight provides this by monitoring user activity across on-premise, cloud, and mobile environments, providing comprehensive visibility into user risk, more effective incident response, and detection of compromised credentials.

Rapid7 ControlsInsight enables users to gain visibility into how their assets, data, and user controls are deployed, how well they are configured, and whether the right investments are being made and utilized. Built on Rapid7's intimate knowledge of the threat landscape and shaped with best practices from the Company's broad customer base, ControlsInsight rates the effectiveness of endpoint controls based on an attacker-aware threat model, and provides the ability to track the progress being made by their security programs.

Further Advancements of the IT Security Risk Management Portfolio

In Q3, Rapid7 also introduced MetaModules in Metasploit Pro, offering automation to simplify common, complex security auditing activities in order to help overworked security teams improve efficiency. The six current MetaModules include Firewall Egress Testing, Passive Network Discovery, Known Credentials Intrusion, and Single Credentials Testing, which includes SSH Key, Single Password, and Pass-the-Hash Testing.

The quarter's Nexpose release added new vulnerability trends reports to verify and demonstrate that progress is being made and risk is being reduced by an organization's security program. Vulnerability trends reports can be leveraged to target specific risks or to compare sets of assets. Single action, multiple vulnerability exceptions, and bulk asset deletion were also added to Nexpose, helping to improve the signal-to-noise ratio and increase productivity.

Rapid7 also introduced Mobilisafe AppSentinel, which gives users comprehensive visibility of the applications installed on devices used to access company data. In Q3, AppSentinel was expanded with enhanced application discovery and filtering on Android, vulnerability mapping for applications, and added the ability to block devices with risky apps.

Industry-leading Research and Security Community Support

Rapid7 launched Project Sonar in Q3, inviting security professionals to collaborate on security data research and analysis to improve awareness and understanding of security issues. To help security professionals identify potential threats to their organization, Rapid7 Labs released terabytes of datafrom a number of internet scanning initiatives, and invited security professionals to browse, analyze, and share new findings.

The Company also launched a free tool, RiskRater, to enable security professionals to gain a quick snapshot of how they are doing with managing risk in three key areas: mobile, endpoints, and users. Security professionals answer 18 short questions and gain simple, practical suggestions for how to build their program. A unique algorithm provides a score so users can see how their security programs rate, benchmarked against all others that have answered the questions.

To create the RiskRater benchmarks, Rapid7 surveyed IT professionals at over 600 diverse organizations to learn about their security programs. In Q3, these research findings were released in a three-part report series, covering mobile devices, endpoint controls, and user risk. Each of the reports includes the insightful and valuable findings from the study, as well as recommendations from the Company on how security programs can be improved.

Industry Recognition

In the third quarter of 2013, Rapid7's vulnerability management solution, Nexpose, received the highest possible rating of 'Strong Positive' in Gartner's 2013 MarketScope Vulnerability Assessment Report.

In the HackMiami Web Applications Scanner 2013 PwnOff, Rapid7 Nexpose with Metasploit beat the field of competitors in four evaluated categories: ease of interface, vulnerability detection, reporting, and overall value. Nexpose scored a nearly perfect 19.8 out of 20.

Members of Rapid7's professional services team won the "Pros versus Joes" Capture the Flag competition at Bsides Las Vegas in Q3. Competing as the Pros team, "SoggySprockets," the team won the competition, which is described by users as: "A venue to practice... offensive and defensive Information Security skills in a hands-on, live-fire combat environment. Pros work with the Joes to teach them defensive skills and the art of offense in a two day competition."

Customer Engagement

In the third quarter, Rapid7 hosted its customer conference, the UNITED Security Summit, in Boston. The conference attracted double the number of Rapid7 customers of the previous year and featured 26 customer speakers, who presented alongside industry luminaries such as Hugh Thompson, Rick Holland, John Pescatore, Josh Corman, and Dave Kennedy.

In addition, Rapid7 added nearly 200 new customers to its existing base in Q3, continuing to expand across industries including healthcare, banking, education, retail, government, and technology. New additions include Payless ShoeSource, specialty family footwear retailer, Renaissance Learning, Inc., a technology-based education acceleration company, and Medical Transportation Management, Inc., non-emergency medical transportation company.

About Rapid7

Rapid7 security analytics software and services reduce threat exposure and detect compromise for 3,000 organizations across 78 countries, including over 250 of the Fortune 1000. We understand the attacker better than anyone and build that insight into our solutions to improve risk management and stop threats faster. We offer advanced capabilities for vulnerability management, penetration testing, controls assessment, incident detection and investigation across your assets and users for virtual, mobile, private and public cloud networks. To learn more about Rapid7 or get involved in our threat research, visit www.rapid7.com.

MarketScope Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Media Contact