Rapid7 is on a mission to drive the SecOps movement into the future, and we take that to heart with our holistic approach to security. Rapid7 has policies and procedures in place to keep our data, platform, and products secure, so that we can continue creating tools and services that keep our customers secure.


Our world class security program is driven by a blend of published standards and industry best practices:

Rest assured: Rapid7’s approach to security is established on four core pillars essential to trust.


Rapid7’s platform and products are designed to fit securely into your environment and adhere to security best practices.


You have access to your data when you need it and our operational status is always up to date.


Ensuring your data is used only in a manner consistent with your expectations is a responsibility we take very seriously.


You have full visibility into where your data lives, who has access to it, and how it is used.

Have questions? We have answers.

Trust FAQ

Read What’s New on the Rapid7 Blog

Confluence Unauthorized RCE Vulnerability (CVE-2019-3396): What You Need to Know
Many thanks to Rapid7’s Emmett Kelly, Greg Wiseman, and Brent Cook for their assistance with the vulnerability research and this post. Atlassian was notified in late February about a remote code execution (RCE) flaw in its Confluence and Data Center products and issued an alert with a patch on March...
boB Rudis
Apr 12, 2019
Read More
Patch Tuesday - April 2019
Today's Microsoft updates resolve over 70 vulnerabilities, most of which affect the Windows operating system itself. Two of the vulnerabilities are already being exploited in the wild. Both CVE-2019-0803 and CVE-2019-0859 can result in unauthorized elevation of privilege, and affect all supported versions...
Greg Wiseman
Apr 09, 2019
Read More
Security Operations at Its Finest: Meet the InsightVM and ServiceNow Integration
Understanding the vulnerabilities that threaten your business is only half the challenge in security—the other is being able to prioritize and remediate them. Traditionally, security teams would detect issues and throw them over the fence to the IT team to figure out, without a process to communicate...
Nick McKee
Apr 01, 2019
Read More

Rapid7 By The Numbers

Advancing Security Since
Valued Customers
Fortune 100 Friends
Assets Monitored
Petabytes of Data Processed
Ports Monitored Per IP
IPs Scanned