INCIDENT DETECTION & RESPONSE
Rapid7 Extends IT Security Data and Analytics Platform with Acquisition of NT OBJECTives
New Web Application Scanning solution now part of Rapid7 portfolio providing customers with deep analysis and security testing capabilities to manage risk across web applications and assets
Boston, MA - May 4, 2015 - Rapid7, a leading provider of security data and analytics software and services, announced today that it has acquired NT OBJECTives (NTO), the web and mobile application security testing company, expanding Rapid7's Threat Exposure Management offering to further meet the needs of modern business infrastructures. NTO's application security testing solution - trusted by many Fortune 500 companies - analyzes web applications for security vulnerabilities and maximizes organizations' ability to effectively reduce IT security risk. Rapid7 is offering this technology under the name Rapid7 AppSpider, available immediately to customers.
The addition of the AppSpider suite to Rapid7's Threat Exposure Management solutions provides information security teams with the ability to assess risk in assets and applications in their environments. This is combined with analytics to identify the most impactful actions that can reduce IT security risk. This approach enables users to make decisions based on business context and threat validation through automated attack simulation.
Protecting web applications has never been more important. The 2015 Verizon Data Breach Investigations Report highlights that web application attacks remain the most frequent incident pattern in confirmed breaches and accounted for up to 35% of breaches in some industries. It's also estimated that nearly 50% of those incidents take months or longer to discover.
"To truly manage and reduce threats, organizations require solutions that collect and analyze data across modern business infrastructure, including users, mobile assets, cloud data stores, and web applications," said Corey Thomas, president and CEO at Rapid7. "NTO's web application scanning technology will play an important role in Rapid7's IT Security Data and Analytics platform and help organizations across the globe meet this challenge. The NTO team shares Rapid7's commitment to innovation and quality products, and we've already had great success in bringing the teams together."
Core Capabilities of Rapid7 AppSpider
The Rapid7 AppSpider suite includes all the capabilities previously offered by NTO with comprehensive dynamic application security testing and scalable enterprise scanning program management, delivered as software or in the cloud.
- Universal Translator: The solution's unique "Universal Translator" technology enables security teams to analyze even the most complex applications, including rich Internet applications (AJAX, GWT) and web services (REST, JSON), to provide greater visibility of risks.
- Customized Attacks: The dynamic analysis tool conducts a thorough analysis and interprets what the application is expecting so it can create intelligent, customized attacks. This delivers more accurate results and enables teams to automatically test complex business workflows, like shopping carts, which were previously untestable.
- Scanning Automation: Security teams can save time and resources since nearly every step of the application security assessment process has been automated.
- Live Vulnerability Reports and Attack Replay: Some other solutions provide reams of cumbersome, static, PDF reports. AppSpider provides interactive actionable reports with greater organization and links for deeper analysis. Within reports, users can replay vulnerabilities in real-time to confirm vulnerabilities are exploitable and then remediated.
- Continuous Site Monitoring: AppSpider identifies changes in application ecosystems, which may inadvertently introduce new vulnerabilities. It then triggers a re-scan according to configurable settings.
- Integration with Protection Technologies: AppSpider will automatically generate Web Application Firewall (WAF) custom rules that help to protect vulnerable applications while the vulnerabilities are being remediated. AppSpider supports most leading WAF/IPFs, including F5, Sourcefire, and Imperva.
"Web application security represents one of the greatest challenges facing the security industry and businesses of all sizes. With millions of custom web applications developed in the last two decades, organizations have significantly increased their attack surface," said Dan Kuykendall, co-CEO and CTO at NTO. "We've spent the last 13 years creating an application testing technology capable of addressing this issue. By joining with Rapid7, we'll be able to provide innovative solutions for Threat Exposure Management and help companies stay ahead of web-based attacks. We're excited to join a team as passionate as we are about improving the practice of security for organizations globally."
Rapid7 is a leading provider of security data and analytics solutions that enable organizations to implement an active, analytics-driven approach to cyber security. We combine our extensive experience in security data and analytics and deep insight into attacker behaviors and techniques to make sense of the wealth of data available to organizations about their IT environments and users. Our solutions empower organizations to prevent attacks by providing visibility into vulnerabilities and to rapidly detect compromises, respond to breaches, and correct the underlying causes of attacks. Rapid7 is trusted by more than 3,500 organizations across 78 countries, including 30% of the Fortune 1000. To learn more about Rapid7 or get involved in our threat research, visit www.rapid7.com.