Fight the Living Threat

Rapid7's IT security data and analytics solutions collect, contextualize and analyze the security data you need to fight an increasingly deceptive and pervasive adversary.


Unlike traditional vulnerability assessment or incident management, Rapid7 provides insight into the security state of your assets and users, across virtual, mobile, private and public cloud networks.

We offer advanced capabilities for vulnerability management, penetration testing, end point controls assessment and incident detection and investigation to help you improve risk management, simplify compliance and stop threats faster when a compromise occurs.

Radar for Deception-Based Attacks

UserInsight helps you detect, investigate and stop threats faster with:

  • Simplified discovery of user behavior within the firewall, in cloud services, and on mobile devices.
  • Smart Detection of attacks based on a proprietary analysis and understanding of historical patterns of user behavior
  • Fast incident response by rapidly identifying which user took a particular action and enabling fast decisions on a course of action.

Night Vision for Your Network

Nexpose analyzes vulnerabilities, controls, and configurations to find the who, what, and where of IT security risk. It uses RealContext™ and a knowledge of the attacker's mindset to prioritize and drive risk reduction.

  • Know your security risk from operating systems, databases, web applications, configurations; across your physical, virtual, and
    cloud infrastructures.
  • Validate vulnerabilities with Metasploit Pro® to show exploitability and test controls effectiveness.
  • Ensure you have effective controls on your endpoints to protect against today's threat landscape.
  • Focus your efforts on the risk that matters with powerful risk prioritization that aligns to your business.
  • Provide targeted, concise instructions with award-winning remediation reports that help you have the most impact to reducing risk.
  • Simplify compliance through customized templates and reports to stay compliant with PCI DSS, NERC CIP, FISMA
    (USGCB/FDCC), HIPAA/HITECH, SANS Top 20 CSC, DISA STIGS, and CIS standards for risk, vulnerability, and configuration management.

The Attacker's Playbook

Get a clear view of how your network can be exploited, so you can focus your efforts and back up your action plan. Metasploit can help you to:

  • Safely simulate attacks on your network to uncover pressing security issues with the industry's most complete set of exploits.
  • Further assess and validate vulnerabilities in your environment.
  • Verify your defenses, security controls, and mitigation efforts with advanced evasion techniques, testing for weak credentials, and
    the ability to manage penetration tests at scale.
  • Manage phishing exposure through testing both user awareness and technical controls.

The Game Plan for Your Security

ControlsInsight helps you to:

  • Measure how well critical security controls are deployed and configured across endpoints, including the state of your antivirus,
    code execution prevention, password hygiene, and more.
  • Analyze your security posture using industry best practices for defending against evolving threats.
  • Create and track progress against your plan to improve enterprise security.