Rapid7 Blog

Awards  

Finalists in FIVE categories at the Network Computing Awards!

Ring Ring! You're in the Final! It's always nice to get a phone call letting us know that we've been shortlisted for awards – but when it's five awards, we like those calls even more! Two of our products, and our company have reached the final…

Ring Ring! You're in the Final! It's always nice to get a phone call letting us know that we've been shortlisted for awards – but when it's five awards, we like those calls even more! Two of our products, and our company have reached the final stages for the Network Computing Awards, and of course we'd love it if you took a moment to vote for us please. La La Land may have racked up the Oscar noms, but at the Network Computing Awards it's looking good for LE LE Land! OK, so we might not quite have the fourteen nominations that La La Land has, but our Logentries (lovingly shortened to LE) product is a finalist in three categories: Best Picture, Best Soundtrack, Best Original Screenplay (or rather: IT Optimisation Product of the Year, Software Product of the Year, and The Return on Investment Award). To reach this stage in these categories is huge, and we're very happy to be triple listed. If you've not yet experienced Logentries, I would highly recommend you take a look – it's a pretty amazing product: Imagine trying to put together a jigsaw puzzle, without an image of the completed puzzle, no idea of how many pieces are required, and to add to your woes the pieces are hidden all over the building. If you've ever had to trawl through multiple logs to try and work out what's causing a problem, and you only have symptoms to work from – say a production server is running slowly – you'll recognise the analogy. Logentries puts the answers hidden within your myriad of logs right at your fingertips. It's simple to use, lightning fast, and you can create some very cool visualisations from your data too. Click here to learn more about how Logentries can revolutionise how you see your ecosystem. Look out! Here comes the AppSpider, Man! Whilst my tenuously linked movie reference here is no stranger to Oscar nominations either, I'm obviously referring to our AppSpider product, which is listed as a finalist in the Network Computing Awards, in the Testing and Monitoring Product of the Year category. Web apps, and the plethora of technologies that power them, are growing at a crazy rate, presenting complicated security challenges for organisations. AppSpider crawls to the deepest, darkest corners of even the most modern and complex apps to effectively test for risk and get you the insight you need to remediate faster. It plays a key part in the SDLC, and allows DevOps to fix issues earlier in the cycle - resulting in a huge reduction in last minute delays caused by vulnerabilities being found late in the day. You can read more about how DevOps teams using AppSpider can reduce stress and possibly live longer happier lives* here. *Life lengthening not guaranteed, but your web app SDLC will be in a happier place for sure. Always read the label. So many great movies, so little time….but which One should I Watch? The Rapid7 movie, of course! Well, OK, we don't have a movie length extravaganza of Rapid7 for you yet (cough, cough: Kyle Flaherty,), but we do have some pretty cool YouTube videos you can watch, plus a highly acclaimed podcast you should listen to. We've also been listed as a finalist for the One to Watch Company - hooray! We're pleased (read: overjoyed), humbled, and indeed chuffed (I had to get a Britishism in somewhere) to have received our finalist nominations, and very much looking forward to attending the event in London later this year. If you could please take a minute to cast your votes for Logentries, AppSpider and Rapid7 that would be most wonderful of you – voting is open until March 22nd. Click here to vote!

2017 Cybersecurity Excellence Awards: And the Nominees Are...

With the end of the year comes the annual "best of" awards season, and cybersec is no different. This year, Rapid7 has been nominated for 10 awards at the Cybersecurity Excellence Awards! It's up to you, the practitioners and folks in the trenches, to vote…

With the end of the year comes the annual "best of" awards season, and cybersec is no different. This year, Rapid7 has been nominated for 10 awards at the Cybersecurity Excellence Awards! It's up to you, the practitioners and folks in the trenches, to vote for your top choice in each category and choose a winner.To help recognize our people and products, we could use your help in voting. Each category is listed below and ready for you to vote on. Simply log in (or register) on the Cybersecurity Excellence Awards website and then for each category, visit the links below and click the big green thumbs up near the top to vote:Cybersecurity company: Rapid7: http://cybersecurity-excellence-awards.com/candidates/rapid7-4/Cybersecurity product or service:InsightIDR (Incident detection): http://cybersecurity-excellence-awards.com/candidates/rapid7-insightidr/InsightIDR (SIEM): http://cybersecurity-excellence-awards.com/candidates/rapid7-insightidr-2/Analytic Response (Managed security service): http://cybersecurity-excellence-awards.com/candidates/rapid7-analytic-response/Nexpose (Vulnerability management): http://cybersecurity-excellence-awards.com/candidates/rapid7-nexpose/AppSpider (Application security): http://cybersecurity-excellence-awards.com/candidates/rapid7-appspider/IoT practice (IoT): http://cybersecurity-excellence-awards.com/candidates/iot-security-testing-servi ces/Cybersecurity professional:Deral Heiland (cybersecurity professional of the year): http://cybersecurity-excellence-awards.com/candidates/deral-heiland/Cybersecurity team:Rapid7 Information Security Team: http://cybersecurity-excellence-awards.com/candidates/rapid7-information-securit y-team-2/ Thank you for your support!Want to share with others? Don't forget to share on social using the buttons below.

Warning: This blog post contains multiple hoorays! #sorrynotsorry

Hooray for crystalware! I hit a marketer's milestone on Thursday – my first official award ceremony, courtesy of the folks at Computing Security Awards, which was held at The Cumberland Hotel in London. Staying out late on a school night when there's a 16 month old…

Hooray for crystalware! I hit a marketer's milestone on Thursday – my first official award ceremony, courtesy of the folks at Computing Security Awards, which was held at The Cumberland Hotel in London. Staying out late on a school night when there's a 16 month old teething toddler in the house definitely took it's toll the following morning, but the tiredness was definitely softened by the sweet knowledge that we'd left the award ceremony brandishing some crystalware. In the two categories that Rapid7 solutions were shortlisted as finalists - SME Security Solution of the Year (Nexpose) and Best New Product of the Year (InsightIDR) - we were awarded winner and runner-up respectively. What's particularly cool about the Computing Security Awards is that the majority of awards, including the two we were up for, are voted for by the general public, so receiving these accolades is very special to us. We'd like to say an absolutely massive THANK YOU to everyone who voted for our products, we are truly very grateful for your support. Hooray for Nexpose! Nexpose storming to the win in the SME category, a space that isn't always top of mind to some security vendors, really validates for me how well designed and engineered the product is. Our customers come in all shapes and sizes, and the maturity of their vulnerability management programs vary just as much, but Nexpose caters for all. In SME the concept of a dedicated security team is certainly less common. More often than not we see that IT teams have security as just one of their many disciplines – so they need a vulnerability management tool which is easy to use, and allows them to quickly prioritise remediation efforts with live data that's relevant to their environment. Nexpose determines and constantly updates vulnerability risk scoring using RealRisk – scoring vulnerabilities from 1-1000, thus removing the nightmare of having umpteen hundred ‘'criticals” which are seemingly all equal. Liveboards (because dashboards don't actually dash – they should really be called meanderboards) provide admins with real time data – you know at all times exactly how well you are winning at remediating. If you're reading this blog and you're thinking about implementing a new VM solution, you should download a free trial here and experience it in action for yourself. Hooray for InsightIDR! InsightIDR receiving an honourable mention in the Best New Product category makes Sam very happy. This product was frankly one of the main reasons I came to work for Rapid7. When I first heard of it back in March my interest was immediately sparked, as I'd never seen anything quite like it.  I've worked in incident response in a previous life, and have seen a vast number of organisations really struggle to find answers when they are in the unfortunate situation of a cyberattack. Some didn't even know they'd been under attack until they received notification from a third party. Incidents would regularly go on for many days, with teams having to work around the clock with great pressure to balance business continuity and incident response, which is the juggling act from hell. More often than not, investigations and Root Cause Analysis reports would take months and months, and would frequently be lacking in details. If you can't see what's happening, you can't properly respond, and you have pretty much a zero chance of taking away any solid learnings from the event. InsightIDR solves these problems by combining SIEM, EDR and UBA capabilities, which mean it detects attacks early in the attack chain, finds compromised credentials, and it provides a clear investigation timeline. It's truly an amazing piece of kit, and I know that every incident I ever worked on would undoubtedly have had a better outcome had InsightIDR been in place at the time. Seeing in this case will definitely result in believing – I'd heartily recommend you arrange a demo today. Hooray for Integrated Solutions! So before I give a shout out to the incredible people behind these two superb products, there's one further piece of good news: you can now integrate [PDF] them too! Hooray for Moose! Our people, our “Moose”, who design, build, test, sell, support and of course market (obvs.) these products are all the winners here. I don't use the term ‘incredible' lightly either – I am privileged to have represented them at the awards ceremony, we have an amazing team across the globe jam-packed with smart, creative, brilliant people. Our solutions are testament to the work they do, their combined knowledge solves difficult customer problems, providing insight to security professionals all over the world. Congratulations Moose – you are a bloody awesome bunch! Thanks again to everyone who voted for our solutions, and a big cheers to the folks at Computing Security who held a brilliant awards bash. We hope to see you again next year!

Rapid7 On Top in SANS Top 20 Critical Security Controls

Being great is, well… great, right? But as we all know it doesn't happen in a vacuum, it's an equation: Greatness = Individual Excellence + Teamwork + Meaningful Customer Relationships Coincidentally (or not), these items make up three of the five core values we strive towards here at…

Being great is, well… great, right? But as we all know it doesn't happen in a vacuum, it's an equation: Greatness = Individual Excellence + Teamwork + Meaningful Customer Relationships Coincidentally (or not), these items make up three of the five core values we strive towards here at Rapid7 – the other two play a role as well in ‘Disciplined Risk Taking' and ‘Continuous Learning', but we all know blog posts need three things, it's some sort of Internet rule. Now, let's be honest, public displays of boasting are not what we are about here, but when you witness a tidal wave of public support from your customers on the Gartner Peer Insights portal and, simultaneously, your company comes out on top of the coverage for the SANS Top 20 Security Controls (2016 PDF poster), you have to pause for just a moment to let people know. This is important, especially during National Cybersecurity Awareness month, because it's all about our customers and employees working together to create killer solutions and services. And in this world where we all want the benefits of being interconnected but understand the risks, the heroes have become the IT and security teams. Equipping these teams is what drives us each day. Below is more info on each of these accolades, and a big thank you to our entire community for giving us this amazing moment. Rapid7 Provides the Most Coverage for the SANS Top 20 Critical Security Controls Many organizations rely on the SANS Top 20 Critical Security Controls (now a joint venture with SANS and the Center for Internet Security) to help them understand what they can do to minimize risk and harden resiliency. The Critical Security Controls run the gamut from asset identification and management to continuous monitoring and secure configurations. How does it work? Well SANS surveyed industry vendors in March 2016, using the Center for Internet Security (CIS) document “A Measurement Companion to the CIS Critical Security Controls (Version 6)” as the baseline. The “heat map” below has shaded areas totaling the number of measurements a vendor covers divided by the total number of measurements listed for that Critical Control. As you see below, Rapid7 leads the way. This is a representation of our full portfolio including pen testing (Metasploit), vulnerability management (Nexpose), application security (AppSpider), and SIEM/UBA/EDR (InsightIDR). If you are already using one of our products in one area, we should show you how our solutions work together to get you even more coverage. Ultimately though, this helps people understand that our solutions provide the quality, usability, and ultimately, the insight that security professionals need to get the job done. Gartner Peer Insight: Security Product Reviews for Rapid7 at the Top If you haven't checked out Gartner Peer Insights yet, it's a resource fed by the user community themselves where they provide in-depth reviews about products they are using, ranging from SIEM and UBA, to vulnerability management, and application security. We are proud of what our customers say about us, and we are always listening for ways to improve their experience and success using our solutions. Below you'll see where Rapid7 stacks up in terms of overall peer rating on Gartner Peer Insight in the SIEM category: Go take a look at what folks are saying, and then do your own searches for the solutions you need! And if you have any questions or need to talk to us about any of our solutions just let us know in the comments or contact us page. Now that we're done celebrating we're back at work, with all of you, to keep progressing!

Rapid7 wins SC Magazine 2015 Best Vulnerability Management Solution

We found out on Tuesday night that we won the SC Magazine Awards for Best Vulnerability Management Solution. I am extremely honored and glad that we won, and we owe it entirely to our amazing customers who have stayed with us over the years and…

We found out on Tuesday night that we won the SC Magazine Awards for Best Vulnerability Management Solution. I am extremely honored and glad that we won, and we owe it entirely to our amazing customers who have stayed with us over the years and helped us shape Nexpose into what it is today. We truly believe that customers are at our core and they are our partners—not in crime, but in anti-crime. I can't help but reflect on how much Rapid7 and Nexpose have grown since I started at Rapid7 around 4 years ago. Vulnerability management has been around since the 90's and the market is mature, but it's still a problem that isn't 'solved.'  Security teams still have way too many vulnerabilities to remediate and need to prioritize what matters to the business in order to be effective. The target is constantly moving with the modern network that includes virtualization, mobile, and cloud assets that introduce risks at lightning speed.  And the threat landscape isn't slowing down either, look at all the 'celebrity' vulnerabilities that have come out in the past year including Heartbleed, Poodle, Sandworm, Bashbug (aka shellshock).  However, you can't forget about old vulnerabilities, as according to the Verizon DBIR, '99.9% of the exploited vulnerabilities were compromised more than a year after the CVE was published,' even some published way back in in 1999. 'About half of the CVEs exploited in 2014 went from publish to pwn in less than a month.' - Verizon DBIR 2015 The adversary is no longer a script kiddie playing around in their mom's basement; now there's an entire ecosystem of tools and providers for the adversary.  There are multiple layers: From malware authors, to distributors, to markets to purchase stolen credentials, credit cards, or health records.  Almost anyone can rent botnets to perform DDoS for a couple hundred dollars.  They've even done the weaponizing for you and you buy exploit kits that are fully supported.  This is dangerous as even those kits are containing zero days like Angler exploiting an Adobe 0-day. 'No matter how high or smart walls, focused adversaries will find other ways over, under, around, and through,' Yoran said. 'You must understand what matters to your business and what is mission critical [and] defend it with everything you have.' -Amit Yoran, RSA Keynote 2015 Don't make it easy for the adversary.  Breaches are not going away—just look at all the recent breaches at Anthem, JP Morgan Chase, Home Depot, Sony, and Target.  As Amit said, you must understand what matters and defend it with everything you have. Our mission is to help our customers to manage their threat exposure to reduce the chance of a breach.  This is why we've combined Nexpose and Metasploit under our overarching Threat Exposure Management solution. And because of this last October, we introduced Nexpose Ultimate, a new Edition of Nexpose, and the first and only unified solution for vulnerability management, vulnerability validation, and controls effectiveness testing.  Nexpose and Metasploit are available in a single package and the only tool to offer integrated closed-loop vulnerability validation.  RealContext allows you to focus on reducing the risk that matters to your business, quickly and efficiently.  And RealRisk provides a granular risk scoring system based on threat intelligence, such as malware and exploit exposure, CVSSv2 and temporal risk metrics.  Only Nexpose Ultimate combines both offensive and defensive technologies to understand what threats really matter to your organization. 'A CVE being added to Metasploit is probably the single most reliable predictor of exploitation in the wild.' -- Verizon DBIR 2015 Winning this award means a lot to all of us here at Rapid7 and we've won it for 2 years in a row.  We've all worked very hard innovating and building a solution that gives our customers the best chance at reducing the risk of a breach.  We can't wait to keep delivering value and solving challenges our customers are facing. Special thanks to our product management team for continuing to innovate and drive the product forward, engineering team for building an amazing product, and our customer service and customer success management team for being there for our customers. And again, we'd like to thank our customers who've stayed with us and help us improve our products. View the full report and all the other winners of SC Magazine US Awards 2015

And the winner is...you!

On Saturday night, amidst the neon lights and smoke-filled casinos of Las Vegas, Rapid7's Support team won an award: the 2014 Silver Stevie for Best Frontline Customer Service Team. This holds special meaning to us, because the award isn't really about Rapid7. It's about our…

On Saturday night, amidst the neon lights and smoke-filled casinos of Las Vegas, Rapid7's Support team won an award: the 2014 Silver Stevie for Best Frontline Customer Service Team. This holds special meaning to us, because the award isn't really about Rapid7. It's about our customers.Over the years Rapid7 Support has built strong relationships with countless organizations on their journey towards a well-managed information security program. Our team of experts strives to make the support process as easy and efficient as possible. We firmly believe that you, our customer, should get the assistance you need from the very first person that answers your call. And with that, I thank you: for being a pleasure to work with, and for allowing us to be a partner in your success.Sincerely,Matthew BlairRapid7 Support Manager

Rapid7 Given Vulnerability Management Market Penetration Leadership Award by Frost & Sullivan

This week, we proudly announced that Frost & Sullivan has presented Rapid7 with the Global Vulnerability Management Market Penetration Leadership award. So what does that mean, exactly? In a nutshell: We're growing really fast. Faster than anyone else in this space, in fact.“Rapid7…

This week, we proudly announced that Frost & Sullivan has presented Rapid7 with the Global Vulnerability Management Market Penetration Leadership award. So what does that mean, exactly? In a nutshell: We're growing really fast. Faster than anyone else in this space, in fact.“Rapid7 is renowned for its reputation in vulnerability management, which is an integral part of any security program,” said Chris Kissel, Frost & Sullivan industry analyst, in the report.  “Because Rapid7 has made significant investments to ensure that its offerings reflect the dynamics of the industry, including the increase of mobility and cloud-based assets and application in networks, the company's growth continues to exceed that of the total vulnerability management market.”Frost & Sullivan determined that Rapid7's revenue growth rate from 2011 through 2013 was the fastest in the vulnerability management space, and identified key performance drivers that directly influenced our recent growth and continue to have a positive impact on our future. Check out the press release for more.

Rapid7 in the SC Awards

It's that time of year again: After months of nail-biting across the security industry, SC Magazine has announced the finalists for its 2013 Reader Trust Awards. Not only is Rapid7 Nexpose once again in the running for Best Vulnerability Management Solution, but our two newest…

It's that time of year again: After months of nail-biting across the security industry, SC Magazine has announced the finalists for its 2013 Reader Trust Awards. Not only is Rapid7 Nexpose once again in the running for Best Vulnerability Management Solution, but our two newest offerings are also first-time contenders: Rapid7 ControlsInsight and Rapid7 UserInsight could take top honors for Best Risk/Policy Management Solution and Best Cloud Security Solution, respectively.We're super excited, of course, because:SC Magazine readers believe in Rapid7 and our solutions enough to vote us into the final round (yay!).ControlsInsight and UserInsight were only released last August, and it's great to get such strong recognition for products when they're so recently out of the starting gate. Here at Rapid7, we feel like proud parents. ControlsInsight and UserInsight have been sparked enthusiasm ever since we unveiled them at UNITED 2013. That very same week, Network World named ControlsInsight a product of the week and CSO Magazine interviewed Lee Weiner, SVP of products and engineering about the news. Lots of headline-grabbing stuff has happened in the security industry since then, too -- a lot of which has only underscored the importance of these two products. Some examples: In September, a new IE 0-day drove users and administrators to act quickly to mitigate risk. Luckily, ControlsInsight has checks for the presence and configuration of EMET, and can assess the presence of the workaround. In October, a survey of federal security professionals and end users underscored the very real threat of user-based risk – a key factor in the creation of UserInsight. That same month, NIST defined four tiers of security readiness. In the lowest tier, “risk is managed in an ad hoc and sometimes reactive manner” – driving home why ControlsInsight and Nexpose are better together if you want a complete picture of security risks. Not long afterwards, a study on browser security highlighted why it's important to keep browsers up-to-date (thank you, ControlsInsight!). More recently, reports have surfaced that a clever phishing scam may hit the US, proving yet again why it's a good idea to integrate Metasploit Pro with UserInsight.So what's next? Now we wait until February, when SC Magazine will announce the winners.If you're hungry for more info, register for our upcoming webinar on November 21: “You Can't Control It, But You Can Secure It: Cloud Monitoring That Makes Sense.”

SC Magazine Awards - Round 2

We got the SC Magazine Award for best vulnerability management tool back in February, since then a lot of cool things have happened. See for yourself!Thanks again to all of the readers of SC Magazine for voting for us!…

We got the SC Magazine Award for best vulnerability management tool back in February, since then a lot of cool things have happened. See for yourself!Thanks again to all of the readers of SC Magazine for voting for us!

Rapid7 Wins Coveted SC Magazine Award for Best Vulnerability Management Tool

Thorsten George, VP of Worldwide of Marketing and Products for Agiliance on the left and Bernd Leger, VP of Marketing, Products & Solutions at Rapid7 on the rightSitting in a room of hundreds of industry leaders and security vendors, it was extremely gratifying to hear…

Thorsten George, VP of Worldwide of Marketing and Products for Agiliance on the left and Bernd Leger, VP of Marketing, Products & Solutions at Rapid7 on the rightSitting in a room of hundreds of industry leaders and security vendors, it was extremely gratifying to hear our name called and being asked on stage to receive one of the coveted SC Magazine Awards last night in San Francisco. Rapid7 won the prestigious “Best Vulnerability Management Tool” Award in the Reader's Trust Award Category.  This recognition from the users of security solutions is a true testament to our product innovation and excellence and is reflected in the market momentum that Rapid7 has achieved.  We are most grateful for it! We were also thrilled to see many of our partners recognized with other Reader's Trust and Excellence Awards including: IBM,  (winner of the best cloud computing security; IBM uses Rapid7's technology to drive its cloud-based vulnerability management solutions), HP (winner of the best SIEM appliance; Nexpose is tightly integrated with ArcSight); Agiliance (winner in the best regulatory compliance solution category; we have a tight integration with Agiliance's risk management platform). With our partners, Rapid7 is helping to improve the security posture of organizations around the world.Our  Nexpose development team has delivered numerous innovations over the last few months.  Rapid7 was the first vendor to be named part of VMware's Security Reference Architecture with Nexpose's ability to dynamically discover and then scan virtual assets.  In addition, we bolstered our industry-leading risk management capabilities with our real risk score that incorporates exploitability and malware information. We continue to push the envelope with Metasploit as well. Metasploit Pro was a finalist for the Best SME Solution at the SC Magazine Award Gala last night.  Just a few days ago we released version 4.2 of Metasploit which added support for identifying risks in IPv6 networks. We'd like to thank our customers and partners with whom we share this award as they continue to drive and challenge us to make our solutions even better. On that note we'd also like to raise our glass to one of our customers Nils Puhlman, CSO at Zynga who was recognized as one of the finalists for CSO of the year award last night. We hope you will join us to celebrate our win at our party tonight at Ruby Skye.Bernd Leger, VP of Marketing, Products & Solutions, Rapid7

Rapid7 is one of Boston's Most Admired Companies!

The Boston Business Journal has awarded Rapid7 it's 2012 Most Admired Start-Up Award!  If you'd like to take a look at all the other winners and nominees, you can see them all here:  http://www.bizjournals.com/boston/news/2012/02/24/bbj-most-admired.…

The Boston Business Journal has awarded Rapid7 it's 2012 Most Admired Start-Up Award!  If you'd like to take a look at all the other winners and nominees, you can see them all here:  http://www.bizjournals.com/boston/news/2012/02/24/bbj-most-admired.htmlFirst, it's an honor to be not only nominated for the category, but to actually win, so thanks to all those out there that voted for us.  Second, I'd like to say congratulations to all the other companies that were nominated, and who won for their respective categories.  It's inspiring to see how dynamic and respected the corporate space is in the Boston area.Also, we are hiring!  If you are interested in joining an incredibly fast growing, well admired company, that has a fantastic Community Manager, then check us out here: http://www.linkedin.com/groups/Rapid7-Careers-4165045?trk=myg_ugrp_ovr and send us your details.Enjoy, -Patrick.

New Sectools.org List is Out

Sectools.org, from our friends at the Nmap project, has updated its list of the best security tools. I'm proud to say Metasploit has come in second among an entire ecosystem of awesome tools. Many of our favorite tools that make use of Metasploit are…

Sectools.org, from our friends at the Nmap project, has updated its list of the best security tools. I'm proud to say Metasploit has come in second among an entire ecosystem of awesome tools. Many of our favorite tools that make use of Metasploit are represented as well, including BeEF, Nexpose, and Social Engineer Toolkit. John the Ripper and w3af, two open source projects that Rapid7 supports through sponsorship, also made the list.This is a great resource for people just getting into security, giving a brief description of each tool and what it's used for. Seasoned security veterans can get something out of it, too. I learned of several new tools that I had previously never seen and I'm sure many of you will have a similar experience. You can go directly to a list of the list's newcomers if you're familiar with the previous lists. So whether you've just joined the security community or you've been around for  awhile, you should definitely check out the list, particularly the open source tools. Of course, not every tool will be applicable to everyone, but it's worth at least skimming to figure out which ones you will find useful.

And the Award goes to.... US!

Recently we've really been feeling the love from the good people Boston Business Journal (BBJ) and I wanted to take a moment to share this love and say a big thank you It started a couple of weeks ago when the BBJ published this article…

Recently we've really been feeling the love from the good people Boston Business Journal (BBJ) and I wanted to take a moment to share this love and say a big thank you It started a couple of weeks ago when the BBJ published this article on its Pacesetters for 2011, positioning Rapid7 as the 5th fastest growing private company in the region overall, and fastest growing in the software category.  We're pretty proud of our growth and recently announced that we've had eight consecutive quarters of record revenue.  Whoop whoop!  We're very happy to see our hard work paying off and it's lovely that the BBJ has recognized that!Our current success is not just down to hard work though: we have great leadership in the form of our CEO Mike Tuchen, who recently reached the semi-finals of the Ernst & Young Entrepreneur of the Year New England Program. Fingers crossed for Mike when the finalists are announced later this year.Under the leadership of Mike and his team, not only has Rapid7 gone from strength to strength financially, it's also a great place to work: very high energy and fun.  The old “work hard, play hard” adage is liberally applied at Rapid7 and it seems to work for us as we've just had more love from the BBJ, this time as one of the best places to work in Massachusetts.The list recognizes the top 75 places to work in the region, split into 3 equal categories of small, medium and large businesses and evaluated through employee satisfaction surveys.  Rapid7 was recognized in the “small company' category.  This is probably partly because we regularly get our people out having fun together and make sure we always celebrate each other's successes together as a family.  Our kickball and softball teams, Thursday Night Out gatherings and our famous company-wide annual boat cruise are all part of the Rapid7 DNA. We also feel strongly about giving back with many of the Rapid7 employees involved in company-sponsored charity events.We'd also really like to congratulate all our neighbor, partner and customer companies also featured in the lists.  It's very heartening that there are so many great places to work and so many satisfied employees in and around Boston!  If you think your company is a great place to work, why not tell us all about it in the comments section.If you're interested in becoming one of those “satisfied” employees, I have great news for you… Rapid7 is hiring! If you think you reflect our core values of trust, respect, integrity, honesty and innovation with a constant desire to help our clients meet their daily challenges, visit http://www.rapid7.com/careers/index.jsp for information on all the positions currently open.

Metasploit T-shirt design contest: And the winner is...

You have voted in large numbers – and the results are out: design #36 is the winner of the Metasploit T-shirt design contest. Danny Chrastil submitted the winning design, featuring the Metasploit logo consisting of code from the payload osx/ppc/shell_reverse_tcp. The…

You have voted in large numbers – and the results are out: design #36 is the winner of the Metasploit T-shirt design contest. Danny Chrastil submitted the winning design, featuring the Metasploit logo consisting of code from the payload osx/ppc/shell_reverse_tcp. The back shows the Metasploit splash screen cow, our legendary creature of mystery and superstition.A few words about the winner: Danny Chrastil aka @DisK0nn3cT is a web applications developer and penetration tester from Denver, Colorado. He has been in web development for 7 years and in information security for 2 years now. Danny recently became a Metasploit user and admirer in 2010. When he's not writing code or pen testing web applications, he is brushing up on his Metasploit Fu! Danny about the contest: “I was just trying to have fun with the design, I wanted to create something that looked cool but was also related to the awesome power of the Metasploit Framework.” Congratulations, Danny!For those wondering how the votes turned out, I've posted the vote counts. We'll also look into adding some of the other designs in the Metasploit store. Bear with us while we work out the details and stay posted for updates!

Who will you be wearing? Vote for the new Metasploit T-shirt!

Wow – 87 entries for our T-Shirt competition in one week. We were very impressed with both quantity and quality of the entries we received for designing the new Metasploit T-shirt, which will be featured in the new Metasploit store.Now, it's your turn (again)…

Wow – 87 entries for our T-Shirt competition in one week. We were very impressed with both quantity and quality of the entries we received for designing the new Metasploit T-shirt, which will be featured in the new Metasploit store.Now, it's your turn (again): We need you to vote for your favorite shirt. Starting with 87 entries, we conducted a quick office poll produce a shortlist of 15 for you to pick from. (Go here if you want to see all of them.)Tremolo…. here they are (click on any image to enlarge it): Below – #12 by rezeusor: “There's just something so wrong about being owned by an ASCII-art cow” (featuring the Metasploit cow)  Below – #14 by rezeusor: “My cow ate your firewall… then I milked your passwords” (featuring the Metasploit cow)  Below – #18 by Claire Medeiros: Her take on the Metasploit man  Below – #24 by jayrn: Helicopter chase  Below – #35 by Skip86: Metasploit shield with lightning bolts  Below – #36 by Danny Chrastil: Exploit hex code as pattern for Metasploit logo (featuring Metasploit cow)  Below – #39 by reeandra: The Metasploit Robot  Below – #40 by rezeusor: “Where the real penetration testers hang their hats”  Below – #44 by trevelyn412: “I got in”  Below – #45 by reeandra: “I hack villains” (featuring the Metasploit robot)  Below – #63 by gravisi: “I walk through firewalls”  Below – #67 by gravisi: “I mind-control computers”  Below – #72 by pan15: “Hack me if you can” (featuring the Metasploit ninja)  Below – #73 by reeandra: “I hack villains” (featuring white hat)  Below -  #77 by b0rsalin078: True Grit style Selected your favorite? Great – here is how you vote: Tweet the following sentence, replacing [number] with your favorite design number: I'm voting for Metasploit T-shirt design #[number]! http://bit.ly/e4wsPt #metasploitswagThe community vote closes at midnight on Thursday 21 April Eastern Time. A word to the designers: Thanks for your submissions! Feel free to write comments to explain your designs.

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Podcast

Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now