Rapid7 is on a mission to drive the SecOps movement into the future, and we take that to heart with our holistic approach to security. Rapid7 has policies and procedures in place to keep our data, platform, and products secure, so that we can continue creating tools and services that keep our customers secure.


Our world class security program is driven by a blend of published standards and industry best practices:

Rest assured: Rapid7’s approach to security is established on four core pillars essential to trust.


Rapid7’s platform and products are designed to fit securely into your environment and adhere to security best practices.


You have access to your data when you need it and our operational status is always up to date.


Ensuring your data is used only in a manner consistent with your expectations is a responsibility we take very seriously.


You have full visibility into where your data lives, who has access to it, and how it is used.

Have questions? We have answers.

Trust FAQ

Read What’s New on the Rapid7 Blog

Patch Tuesday - November 2019
November's Patch Tuesday is upon us and, this month, Microsoft addressed 74 vulnerabilities of which one Internet Explorer vulnerability (CVE-2019-1429) has been seen under active exploitation. By prioritizing the released Microsoft Windows and Internet Explorer patches, the door to 58 of the 74 vulnerabilities...
Richard Tsang
Nov 12, 2019
Read More
The Anatomy of RDP Exploits: Lessons Learned from BlueKeep and DejaBlue
A critical vulnerability called “BlueKeep” put Remote Desktop Protocol (RDP) security on everyone’s radar earlier this year. Just a few months later, Microsoft announced a related vulnerability, DejaBlue. RDP exploits are no joke—Rapid7’s Project Sonar estimates that around 900,000 workstations and servers...
Justin Buchanan
Nov 07, 2019
Read More
5 Steps to Go from Patch Management to Vulnerability Management
The terms “patch management” and “vulnerability management” are sometimes used interchangeably, but it is important to understand the difference. Though both strategies aim to mitigate risk, patch management (the process of managing software updates) is limited in scope. To gain a deeper understanding...
Tori Sitcawich
Okt 22, 2019
Read More

Kurz und knackig

Fortune 100 Unternehmen
Überwachte Assets
Petabyte verarbeitet
Überwachte Ports
Gescannte IPs