Rapid7 Brings Strategic Security Advisory Services to EMEA and Introduces New Global Threat Modeling Service


London, UK — June 2, 2015

Rapid7, a leading provider of security data and analytics software and services, today announced it will offer its Strategic Advisory Services in EMEA to help security executives and teams solve pressing cyber security challenges. The practice, which launched in the U.S. in September 2014, helps organizations transform their security programs to be more relevant, actionable, and sustainable through data-driven, risk-based analysis. The Company has also announced it will offer a new global service, Threat Modeling, to help organizations identify potential threats against applications, systems, and infrastructures during their design phase. Rapid7’s EMEA Strategic Services Practice will be led by Wim Remes, EMEA strategic services manager.

“Security professionals are constantly battling new and emerging security threats and challenges, making it progressively more difficult to determine the best use of resources while prioritizing initiatives," said Wim Remes, EMEA strategic services manager at Rapid7. "We’re focused on helping security professionals make smart, informed decisions to address challenges -- measured against rigorous standards -- to improve their organization’s security posture."

Remes has more than 15 years of experience in helping clients reduce risk by solving complex security problems and building resiliency into organizations’ IT fabric. Before joining the Rapid7 team in December 2014, Remes was chairman of the board at ISC2, a managing consultant at IOActive, a manager of information security for Ernst and Young, and a security consultant for Bull, where he built security programs for enterprise-class clients.

Comprehensive cyber security programs are increasingly hard to create and implement, as organizations are faced with an evolving threat landscape, new compliance standards, and business requirements. According to OWASP, 43% of global organizations do not have a documented cyber security program in place, limiting their ability to respond quickly to threats and attacks. Rapid7’s Cyber Security Program Development service gives organizations guidance to help them build measurable and actionable programs aligned to strategic business needs.

Rapid7's global Services team has deep experience building and managing security programs, with expertise in vulnerability management, fraud detection, threat intelligence, incident response, and red-team programs. The Strategic Services Practice offers cyber security program development and assessment services and a new threat modeling service.

Services newly available in EMEA include:

  • Cyber Security Maturity Assessment (CSMA). The first step in the development process, CSMA evaluates the current state of an organization’s security program. Following the evaluation, customized recommendations are made to address the organization’s particular threats, risk appetite, and business goals. At that point, a gap analysis is performed, where industry best practices are compared to the organization's current controls.

    Changes are then identified to build a relevant, actionable, and sustainable security program aligned with compliance standards, such as ISO 27001 and PCI DSS, and Rapid7's cyber-security maturity models. The resulting program is designed for in-house staff to implement and drive measurable improvements over a timeframe appropriate to their organization. Customer success is measured through detailed documentation, including a cyber-security maturity scorecard, tactical and strategic recommendations, procedures guides, technical architectures, and a prioritized execution roadmap.
  • Incident Response Program Development. Rapid7 begins with a detailed evaluation of the current state of an organization’s threat detection and incident response program, and then measures the results against its own best practices and understanding of current attacker methodologies. The resulting scorecard provides the foundation for creating a new incident response plan that includes guidance on preparation, anomalous behavior detection, incident management, technical response, and communications plans. 

    To reinforce the guidance, Rapid7 experts perform threat simulation sessions where the incident response team works through real breach scenarios, coordinates technical response activities, identifies key sources of evidence, performs mock communications, and makes recommendations for customers to prioritize cleanup and recovery. At the end of the engagement, organizations have the foundation for a sustainable investment across all three critical vectors of people, processes, and technology to minimize exposure in the event of a breach.

New to Rapid7’s Global Strategic Service Practice: Threat Modeling


Deepening Rapid7’s Strategic Services Practice offering, Rapid7 has introduced Threat Modeling services; the practice of identifying potential threats against applications, systems, and infrastructures during the design phase. While the practice of Threat Modeling has historically been applied to application development, Rapid7 has built an approach that enables organizations to address the design of broader systems and infrastructures.

Rapid7’s Threat Modeling services involve the creation of a systems model, which allows security teams to identify potential vulnerabilities, verify, and document them. It uses a methodology that is adapted to the development and architecture processes within the client’s environment. Integrating Threat Modeling into an organization’s standard design process for new applications, systems, and architectures, can improve the security of those applications, systems and architectures and lower the risk of redesign requirements at the end of a development or architecture process. Threat Modeling will be available in the U.S. and EMEA.

"Rapid7's Strategic Services team is helping security professionals evaluate their security programs at the deepest levels, truly understand the threats they're facing, and build data-driven programs that set the stage for long-term success," said Nicholas J. Percoco, vice president of services. "The ability for organizations to prioritize and react quickly to new threats is critical; it is our goal to provide them with the knowledge and expertise to do that effectively."

Rapid7 at InfoSecurity Europe

Today at 12 PM GMT, Remes will present “Strategic Attack Surface Management: Involving the Business” in the Tech Talks Theatre at InfoSecurity Europe. The session will address security as a boardroom topic and prioritization of security efforts, and will include real-world examples to illustrate methodologies that organizations can apply to identify, understand, and manage their attack surface.

At the InfoSecurity Europe booth, the Rapid7 team will present the following:

  • Lee Weiner, senior vice president of products and engineering: Engineering Better Security
  • Nicholas J. Percoco, vice president of strategic services: The 7 Minute Security Program
  • Wim Remes, manager, strategic services of EMEA: 5 Most Common Pentest Findings
  • Mark Stanislav, senior security consultant: IoT Security: A Work in Progress

About Rapid7

Rapid7 is a leading provider of security data and analytics solutions that enable organizations to implement an active, analytics-driven approach to cyber security. We combine our extensive experience in security data and analytics and deep insight into attacker behaviors and techniques to make sense of the wealth of data available to organizations about their IT environments and users. Our solutions empower organizations to prevent attacks by providing visibility into vulnerabilities and to rapidly detect compromises, respond to breaches, and correct the underlying causes of attacks. Rapid7 is trusted by more than 3,500 organizations across 78 countries, including 30% of the Fortune 1000. To learn more about Rapid7 or get involved in our threat research, visit www.rapid7.com.

Press Contact

Rachel E. Adam

Senior PR Manager