Rapid7

**Rapid7, LLC**

Type	Private
Industry	Computer security Vulnerability management Penetration testing Computer software for network & IT security Security consulting services
Founded	2000
Headquarters	Boston, Massachusetts
Key people	Mike Tuchen, CEO HD Moore, CSO & Chief Architect, Metasploit ^[1]
Products	Rapid7 Nexpose Enterprise Edition Rapid7 Nexpose Consultant Edition Rapid7 Nexpose Express Edition Rapid7 Nexpose Community Edition Metasploit Framework Metasploit Community Edition Metasploit Express Metasploit Pro ^[2]
Employees	150 ^[3]
Website	http://www.rapid7.com

Rapid7 is a vulnerability management and penetration testing company headquartered in Boston, Massachusetts. Its primary products are Nexpose and Metasploit. Rapid7 has additional offices in El Segundo, CA, Toronto, Austin, and Buenos Aires.^[4]

1 History
2 Products
3 Services
4 Community
5 Recognition
6 Controversy
7 See also
8 References
9 External links

History

Rapid7 was founded in 2000 by current chairman of the board Alan Matthews, chief technology officer Tas Giakouminakis, vice president of engineering Chad Loder, and board member John Devine.^[5] Mike Tuchen, former general manager of marketing for Microsoft’s SQL Server product, joined Rapid7 in 2008, and in 2009 was promoted from chief operating officer and president to chief executive officer and president.^[6]

Rapid7 entered the penetration testing market with its acquisition of Metasploit in October 2009, an open-source penetration testing framework and a database of tested public exploits. The purchase also resulted in HD Moore joining Rapid7 as Chief Security Officer and Chief Architect of Metasploit.^[7]

Rapid7 received a $7 million investment from Bain Capital Ventures in 2008.^[8] In March 2010, Rapid7 raised an additional $2 million from Bain Capital Ventures of a planned $4 million venture round, bringing its raised venture capital to about $9 million in total.^[9]

In July 2010, Rapid7 announced its sponsorship of and partnership with w3af, a web application security scanner.^[10]

Rapid7 received an additional $50 million in a C-Series funding round in November 2011. ^[11]

Products

Nexpose provides vulnerability management, policy compliance and remediation management.^[12]
The Metasploit Project develops the Metasploit Framework for penetration testing and includes an exploit database. The framework is used by network security professionals to perform penetration testing, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. In October 2009, the Metasploit project was acquired by Rapid7.^[13] While the Metasploit Framework remains free, Rapid7 has added commercial products on top of this open core, namely Metasploit Express^[14] and Metasploit Pro.^[15]

Services

Rapid7 provides training, deployment, and security assessments such as network and application penetration tests, security and compliance audits, Web application security audits, best practices consulting, and penetration testing services.^[6]

Community

After Rapid7 acquired Metasploit, the Metasploit community initially had concerns about the future of the open source project.^[16] However, the Metasploit Framework remains free and updated one year after the acquisition. Rapid7 also offers Nexpose as a free version, the so-called Community Edition, which scans up to 32 IP addresses.^[17]

Recognition

The Gartner MarketScope for 2010 gave Rapid7 a ‘strong positive’ rating, citing Nexpose's penetration-testing-oriented approach to vulnerability validation and strong remediation reporting.^[18]
Forrester Research, Inc. named Rapid7 as a "Leader" in their "The Forrester Wave: Vulnerability Management, Q2 2010" report.^[19]
Rapid7 was recognized as one of the “Hottest Boston Companies” by Lead411.^[20]

Controversy

Rapid7 web-security consultant Joshua D. Abraham was among the first security researchers to point out cross-site scripting (XSS) vulnerabilities on the American Express website that could expose its customers login credentials.^[21]

Rapid7's sales team is known for their aggressive approach, sometimes compared to a so-called "boiler room" environment and often accused of "spamming" their leads.^[22]^[23]

References

^ “Rapid7 Leadership” http://www.rapid7.com/company/leadership.jsp . Rapid7. Retrieved 2010-04-06.
^ “Rapid7 Products” http://www.rapid7.com/products/index.jsp . Rapid7. Retrieved 2010-04-06.
^ Moore, Galen. (2010, March 15). MassHighTech “Rapid7 finds $2M in VC funding”, http://www.masshightech.com/stories/2010/03/15/daily4-Rapid7-finds-2M-in-VC-funding.html . Retrieved 2010-04-06.
^ Rapid7 Company Locations". Retrieved 2010-04-08.
^ “Rapid7 Company Overview” http://www.rapid7.com/company/index.jsp . Retrieved 2010-04-07.
^ ^a ^b BusinessWeek. (2009, September 1). “Rapid7, LLC Announces Management Changes”. http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=22790600 . Retrieved 2010-04-07.
^ Roiter, Neil. (2009, October 21). “Metasploit Project acquired by vulnerability management firm Rapid7”. http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1371945,00.html . Retrieved 2010-04-08.
^ Roush, Wade. “Bain Pours $7M Into Rapid7’s Security Software”. (2008, September 17). http://www.xconomy.com/boston/2008/09/17/bain-pours-7m-into-rapid7s-security-software/ . Retrieved 2010-04-07.
^ Moore, Galen. “Rapid7 raises $2M from Bain venture arm”. (2010, March 15). http://boston.bizjournals.com/boston/stories/2010/03/15/daily6.html . Retrieved 2010-04-08.
^ Rapid7 Launches Worldwide Center Of Excellence For Web Security And Kicks Off Initiative With W3AF Sponsorship And Partnership
^ ["Funding from Technology Crossover Ventures Will Support Hiring Great People, Acquiring Innovative Companies and Accelerating International Expansion" (November 17, 2011) http://www.rapid7.com/news-events/press-releases/2011/2011-tcv-funding.jsp]
^ “Rapid7 Receives Highest Possible Rating Given of 'Strong Positive' in Leading Analyst Firm's Vulnerability Assessment MarketScope Report” http://www.businesswire.com/portal/site/home/permalink/?ndmViewId=news_view&newsId=20100224005925&newsLang=en . Retrieved 2010-04-07.
^ Rapid7 press release on Metasploit project acquisition.
^ Product page for Metasploit Express
^ Product page for Metasploit Pro.
^ Haddix, Jason (a.k.a. Jhaddix) (2009, October 21). “Metasploit Buyout”. http://www.securityaegis.com/tag/hd-moore/ . Retrieved 2010-04-07.
^ [1]
^ Kavanagh, Kelly (2010-02-01). "Gartner MarketScope for Vulnerability Assessment". Gartner Marketscope. http://www.gartner.com/technology/media-products/reprints/rapid7/173772.html. Retrieved 2010-04-08.
^ Forrester Wave for Vulnerability Management
^ Lead411 launches "Hottest Boston Companies" awards
^ Goodin, Dan. “American Express bitten by XSS bugs (again)” . The Register. (2008, December 20). http://www.theregister.co.uk/2008/12/20/american_express_website_bug_redux/ . Retrieved 2010-04-08.
^ http://www.reddit.com/r/netsec/comments/fa2an/exploit_engineer_wanted_get_paid_for_open_source/
^ http://www.glassdoor.com/Reviews/Employee-Review-Rapid7-RVW521695.htm