Rapid7
Encyclopedia
Rapid7 is a vulnerability management
and penetration testing company headquartered in Boston
, Massachusetts. Its primary products are Nexpose and Metasploit. Rapid7 has additional offices in El Segundo, CA, Toronto, Austin, and Buenos Aires.
product, joined Rapid7 in 2008, and in 2009 was promoted from chief operating officer and president to chief executive officer and president.
Rapid7 entered the penetration testing market with its acquisition of Metasploit in October 2009, an open-source penetration testing framework and a database of tested public exploits
. The purchase also resulted in HD Moore
joining Rapid7 as Chief Security Officer and Chief Architect of Metasploit.
Rapid7 received a $7 million investment from Bain Capital Ventures
in 2008. In March 2010, Rapid7 raised an additional $2 million from Bain Capital Ventures of a planned $4 million venture round, bringing its raised venture capital to about $9 million in total.
In July 2010, Rapid7 announced its sponsorship of and partnership with w3af
, a web application security scanner
.
Rapid7 received an additional $50 million in a C-Series funding round in November 2011.
project. However, the Metasploit Framework remains free and updated one year after the acquisition.
Rapid7 also offers Nexpose as a free version, the so-called Community Edition, which scans up to 32 IP addresses.
(XSS) vulnerabilities on the American Express
website that could expose its customers login credentials.
Rapid7's sales team is known for their aggressive approach, often compared to a so-called "boiler room" environment.
Vulnerability management
"Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities" This practice generally refers to software vulnerabilities in computing systems.- Vulnerability Management Programs :...
and penetration testing company headquartered in Boston
Boston
Boston is the capital of and largest city in Massachusetts, and is one of the oldest cities in the United States. The largest city in New England, Boston is regarded as the unofficial "Capital of New England" for its economic and cultural impact on the entire New England region. The city proper had...
, Massachusetts. Its primary products are Nexpose and Metasploit. Rapid7 has additional offices in El Segundo, CA, Toronto, Austin, and Buenos Aires.
History
Rapid7 was founded in 2000 by current chairman of the board Alan Matthews, chief technology officer Tas Giakouminakis, vice president of engineering Chad Loder, and board member John Devine. Mike Tuchen, former general manager of marketing for Microsoft’s SQL ServerMicrosoft SQL Server
Microsoft SQL Server is a relational database server, developed by Microsoft: It is a software product whose primary function is to store and retrieve data as requested by other software applications, be it those on the same computer or those running on another computer across a network...
product, joined Rapid7 in 2008, and in 2009 was promoted from chief operating officer and president to chief executive officer and president.
Rapid7 entered the penetration testing market with its acquisition of Metasploit in October 2009, an open-source penetration testing framework and a database of tested public exploits
Exploit (computer security)
An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic...
. The purchase also resulted in HD Moore
HD Moore
HD Moore is the creator of Metasploit, a popular penetration testing software. HD founded the Metasploit Project in the summer of 2003 with the goal of becoming a public resource for exploit code research and development...
joining Rapid7 as Chief Security Officer and Chief Architect of Metasploit.
Rapid7 received a $7 million investment from Bain Capital Ventures
Bain Capital Ventures
Bain Capital Ventures is the Boston-based venture capital affiliate of Bain Capital. Bain Capital Ventures' history dates back to 1984, with investments in over 110 early and growth stage companies such as Staples, DoubleClick, Aspect Development, Shopping.com, Taleo Corporation, SolarWinds,...
in 2008. In March 2010, Rapid7 raised an additional $2 million from Bain Capital Ventures of a planned $4 million venture round, bringing its raised venture capital to about $9 million in total.
In July 2010, Rapid7 announced its sponsorship of and partnership with w3af
W3af
w3af is an open-source web application security scanner. The project provides a vulnerability scanner and exploitation tool for Web applications...
, a web application security scanner
Web Application Security Scanner
A web application security scanner is program which communicates with a web application through the web front-end in order to identify potential security vulnerabilities in the web application and architectural weaknesses. It performs a black-box test...
.
Rapid7 received an additional $50 million in a C-Series funding round in November 2011.
Products
- Nexpose provides vulnerability managementVulnerability management"Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities" This practice generally refers to software vulnerabilities in computing systems.- Vulnerability Management Programs :...
, policy compliance and remediation management. - The Metasploit ProjectMetasploit ProjectThe Metasploit Project is an open-source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development....
develops the Metasploit Framework for penetration testPenetration testA penetration test, occasionally pentest, is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders and malicious insiders...
ing and includes an exploitExploit (computer security)An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic...
database. The framework is used by network security professionals to perform penetration testing, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. In October 2009, the Metasploit project was acquired by Rapid7. While the Metasploit Framework remains free, Rapid7 has added commercial products on top of this open core, namely Metasploit Express and Metasploit Pro.
Services
Rapid7 provides training, deployment, and security assessments such as network and application penetration tests, security and compliance audits, Web application security audits, best practices consulting, and penetration testing services.Community
After Rapid7 acquired Metasploit, the Metasploit community initially had concerns about the future of the open sourceOpen source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
project. However, the Metasploit Framework remains free and updated one year after the acquisition.
Rapid7 also offers Nexpose as a free version, the so-called Community Edition, which scans up to 32 IP addresses.
Recognition
- The GartnerGartnerGartner, Inc. is an information technology research and advisory firm headquartered in Stamford, Connecticut, United States. It was known as GartnerGroup until 2001....
MarketScope for 2010 gave Rapid7 a ‘strong positive’ rating, citing Nexpose's penetration-testing-oriented approach to vulnerability validation and strong remediation reporting. - Forrester ResearchForrester ResearchForrester Research is an independent technology and market research company that provides its clients with advice about technology's impact on business and consumers. Forrester Research has five research centers in the US: Cambridge, Massachusetts; New York, New York; San Francisco, California;...
, Inc. named Rapid7 as a "Leader" in their "The Forrester Wave: Vulnerability Management, Q2 2010" report. - Rapid7 was recognized as one of the “Hottest Boston Companies” by Lead411.
Controversy
Rapid7 web-security consultant Joshua D. Abraham was among the first security researchers to point out cross-site scriptingCross-site scripting
Cross-site scripting is a type of computer security vulnerability typically found in Web applications that enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same...
(XSS) vulnerabilities on the American Express
American Express
American Express Company or AmEx, is an American multinational financial services corporation headquartered in Three World Financial Center, Manhattan, New York City, New York, United States. Founded in 1850, it is one of the 30 components of the Dow Jones Industrial Average. The company is best...
website that could expose its customers login credentials.
Rapid7's sales team is known for their aggressive approach, often compared to a so-called "boiler room" environment.