Rapid7 Blog

Rapid7 Culture  

Thanks and Giving: #Rapid7GivesBack

This time of the year is often seen as a time for giving thanks. At Rapid7, we are continually thankful for our community – the customers, partners, employees, experts and open-source contributors – who engage with us every day. Our community also includes the places…

This time of the year is often seen as a time for giving thanks. At Rapid7, we are continually thankful for our community – the customers, partners, employees, experts and open-source contributors – who engage with us every day. Our community also includes the places where we live and work and, since one way to show thanks is by giving back, we decided that everyone in the Company would take a day in October to show our support and love for our communities.#Rapid7GivesBack Day was on October 20, 2016 and every single Rapid7 office across the globe closed so our amazing employees (our Moose) could participate in service projects within their communities. These projects ranged from fall cleanups to painting to donation drives to charity fundraisers to supporting open source communities to volunteering at animal shelters and providing meals. We do amazing things when we partner together and this allowed our team to share that energy and give back to our communities across the globe. Giving back is our way of saying thank you to our communities.Here's some of the ways we thanked our communities on #Rapid7GivesBack Day and what our Moose had to say about the experience:Boston and Cambridge HeadquartersOur Boston and Cambridge Moose partnered with TUGG to find several different volunteer opportunities across the city. Here are some of the organizations volunteers supported on #Rapid7GivesBack Day:Ethos -  a private, not-for-profit organization that promotes the independence, dignity, and well-being of the elderly and disabled.The Gavin Foundation – an organization that offers specialized adolescent residential, community, educational and diversion programs to respond to the needs of youth affected by drug and alcohol abuse, and their families.Josiah Quincy Elementary School - a Boston public school based in Chinatown serving over 800 kids k-5. Nearly 80 percent of its students are low income and over half are English Language Learners.United South End Settlements – USES works to build a strong community by improving the education, health, safety, and economic security of low-income individuals and families in and around Boston's historic South End/Lower Roxbury.Mass Audubon Society in Mattapan - the mission of Mass Audubon is to protect the nature of Massachusetts for people and wildlife.A BIG thx to @rapid7 & @BuildingImpact 4 volunteering in the auditorium makeover #TechGivesBack2016 #Rapid7GivesBack @BostonSchools #bpspln pic.twitter.com/rI3ofdDzxL— BINcA (@BINcA_BPS) October 20, 2016Fun day with #TechGivesBack! Thank you to our fantastic volunteers! #rapid7givesback #Gratitude pic.twitter.com/fLUO5C61kx— Gavin Foundation (@gavinfoundation) October 20, 2016Alexandria OfficeThe Alexandria office included an amalgam of Moose from the office and those from around the D.C. area. This group helped support New Hope Housing and the Gartlan House which provides permanent supportive housing for chronically homeless adult men. The team assisted in yard clean up at the house and felt the experience was a great way to volunteer in the area.Thanks again to the group from @rapid7 who accomplished so much at Gartlan House on Thursday! #Rapid7GivesBack pic.twitter.com/mMmAQe7u7y— New Hope Housing (@NewHopeHousing) October 23, 2016Austin OfficeHalf of the office went to the Austin Animal Center where volunteers helped walk dogs, play with cats and kittens and through Meals on Wheels to community members. Austin Moose found the experiences great for getting out of the office to give back and have suggested volunteering much more often throughout the year!helped make treats for all the animals. The other half of the office helped deliver nutritious meals and human connection through Meals on Wheels to community members. Austin Moose found the experiences great for getting out of the office to give back and have suggested volunteering much more often throughout the year!#rapid7givesback #animalcenter pic.twitter.com/OFHT9rZcT9— leonardo varela (@leonardovarela) October 20, 2016Belfast OfficeBelfast Moose split into several groups to give back to several local charities including Action Cancer, Cancer Focus, NI Hospice, Simon Community and Assisi Animal Sanctuary. The group gave back by static cycling for charity, organizing donated items, painting and helping with animals, the team kept busy and supported several different organizations in one day.#Rapid7 cycling in #forestside shopping centre, to raise money for #actioncancer #Rapid7GivesBack pic.twitter.com/9uMFKRLXt2— Simon McFerran (@nomismcf) October 20, 2016Dublin OfficeThe Dublin office helped support CoderDojo, an open source, volunteer led community orientated around running free non-profit coding clubs for young people. With impeccable timing, #Rapid7GivesBack day fell during Europe Code Week 2016 and the Dublin team was able to partner with CoderDojo to help further develop the community platform and content including pushing forward some core projects.hackathon with @logentries @rapid7 team great to see these organisations support the open source @CoderDojo community pic.twitter.com/HLQ0bZPP8w— Pete☯ (@peter0shea) October 20, 2016Delighted to be working with the awesome team at @logentries @rapid7 on our community platform & content #Hacktober https://t.co/pDh988chi1 pic.twitter.com/hasE0V03vb— ☯CoderDojo☯ (@CoderDojo) October 20, 2016Los Angeles OfficeThe Los Angeles office volunteered at the LA Food Bank which provides food for children, seniors, families and individuals in need. Together, the team sorted 25,173 pounds of food – the equivalent to 20,893 meals. That prep work helped theFood Bank staff get ready to deliver meals the following week. In sharing their experience, the team noted that it was a very humbling experience with regard to understanding how many don't have food and how difficult it is to prepare donations to make sure those who need the support can get it. It was a long day of physical labor but incredibly rewarding knowing that the work would help someone in need later.Reading OfficeThe Reading office volunteered at Whitley Park Primary School and helped rebuild a play area for kids. The team helped repaint fences and picnic tables, plant gardens, rake leaves and clean up the space. After a physical day of work, the team agreed it was a great use of time and a good experience to do something charitable for the community. The school shared its appreciation and gratitude and invited Rapid7 Moose back any time to help out.Reading ream rebuilding a school play area #rapid7givesback pic.twitter.com/3AsZq1R0Qb— Sam Humphries (@safesecs) October 20, 2016Singapore OfficeMoose in the Singapore office ran a donation drive within the company to give pre-loved belongings to the Salvation Army. Items were collected over the course of two weeks and were delivered on #Rapid7GivesBack Day. The team appreciated being able to re-purpose items that would help someone else.Toronto OfficeToronto Moose supported Free Geek Toronto by collecting donated electronics to either dispose of E-Waste properly without damaging the environment or refurbished to get youth into tech. Part of Free Geek Toronto's mission is to promote social and economic justice, focusing on marginalized populations in the Greater Toronto area by reducing the environmental impact of e-waste through reuse and recycling and increasing access to computing and communications technologies. The team helped collect donations by reaching out to friends, family and other businesses in the area. The team appreciated the opportunity to support this local organization that helps give more youth access to technology and open source software.#SocEnt #EWasteDrive #WasteWarriors @rapid7 set up an E Waste Drive at King West Centre in  last week.Thank you all for your donations pic.twitter.com/yvKEdxC4y8— Free Geek Toronto (@FreeGeekToronto) October 27, 2016Remote MooseOur Moose without an official Rapid7 home base participated as well. Projects included community clean up, running charity races or volunteering with local organizations. The effects of #Rapid7GivesBack Day were felt anywhere our Moose are located.Sasha and I made it!  #firefighter5k #techgivesback @rapid7 pic.twitter.com/RqXEvPG9eW— Spencer Seale (@sseale68) October 20, 2016We may have celebrated a little early in the year with #Rapid7GivesBack Day, but we give thanks every day for the partnerships we have – both for the individuals and the places that make our community.For more photos from #Rapid7GivesBack Day, visit our Facebook album.

Why I joined Rapid7

I started this month at Rapid7 as Vice President, Managed Services, responsible for the strategic vision and execution of Rapid7's managed services offerings globally. Rapid7 has a number of managed services offerings, as well as managed services partners who use Rapid7 in their solutions. My…

I started this month at Rapid7 as Vice President, Managed Services, responsible for the strategic vision and execution of Rapid7's managed services offerings globally. Rapid7 has a number of managed services offerings, as well as managed services partners who use Rapid7 in their solutions. My first few weeks have validated what brought me to Rapid7 and I'm thrilled about what is ahead. For those that don't know me, I've spent most of my career in security in a wide variety of roles.  Prior to Rapid7, I was VP, Business Development for Gemalto's identity and data protection business, which I joined via the SafeNet acquisition, where I led partner strategy and execution globally including strategic alliances, technology partners and OEM & service provider sales. Previously, I spent time in management consulting where I was the cyber security practice lead at PRTM (now part of PwC); in security products as VP of Products & Markets at Fidelis Security Systems (now Fidelis Cybersecurity); and as an end user at General Electric where I led the global computer security program, as well as held various positions in technology strategy and operations.  I'm also a faculty member at IANS where I help provide actionable advice to information security, risk management, and compliance leaders.  So what brought me to Rapid7? Beyond a very exciting opportunity to lead the managed services business, the people and culture were key to drawing me to Rapid7. I'll admit that the first time I heard about the "Moose Manifesto" that I thought it was a little hokey. But as I got to spend time in the interview process, I realized how awesome it is. (tl;dr on the manifesto – Moose is the same word both singular and plural.  We are all in this together to create a phenomenal company.) I was so impressed with how everyone I met was not only talented, but aligned with driving success at Rapid7 for our customers, the company and each other. I've also gotten to witness it through a number of industry friends, including Jen Ellis (Vice President, Public & Community Affairs), Josh Feinblum (Vice President, Information Security), Bob Rudis (Chief Security Data Scientist), and Lee Weiner (Chief Products Officer.)  I am also very passionate about the broader security community. I love the technology challenges we face and the continual improvement required in security due to adversary innovation. But on top of that we have a chance to work together as a community to make the world a safer place. This was always important, but with "software eating the world" and widespread adoption of the Internet of Things, working together to learn from each other's successes and mistakes is critical.  Rapid7's community involvement is awesome. It's not just projects like Metasploit and conferences like Security BSides, it also includes research and public policy initiatives too. It's really embedded in the culture of the company. It was clear it was a culture I wanted to be a part of.  So what is ahead for me at Rapid7? To start, I'm inspired to be part of a company building security solutions to positively impact organizations of all sizes. As I started to think about what was next in my career, I knew I wanted to do something that delivered what I refer to as "Security for the 99%."  Wendy Nather's "Living below the Security Poverty Line" research in 2011 really impacted me because she articulated what I saw when I worked as an end user, vendor and IANS faculty member with organizations struggling to budget for, attract and/or retain security talent. Yet when I walked on the exhibit floor at Black Hat in 2015, I was taken aback by the number of companies building tools pretty much solely for the "security 1%"— the largest companies and government agencies that can hire and afford to retain the limited security talent available. What amazed me was how poorly a number of these solutions scaled downward, leaving the overwhelming majority of organizations unable to properly leverage solutions to protect themselves.  This is a critical problem—so many organizations are connected either through customer relationships or supply chains, and adversaries will move to the weakest link. Security is difficult and complex, and Rapid7 has demonstrated great leadership in making it achievable with products for all sized organizations—from the largest enterprises to small companies—illustrated by 5,300 organizations in 100 countries worldwide using Rapid7 solutions. I'm elated to be part of the team to help grow this more, and make even more organizations successful.And I'm privileged to lead Rapid7 Managed Services organization, which has an amazing team that brings our expertise and on-going management to make our solutions even more broadly adoptable. I also get to collaborate with our sales and business development teams to enable other managed service providers (leveraging some of my skills from my business development days) to enable them to enhance their customer's security insight and posture.  As I mentioned, in some ways my journey to Rapid7 started with Black Hat in 2015 (even though I didn't talk with them until a few months ago). So I'm looking forward to attending next week to engage with the security and Rapid7 communities. It would be great to see you at Black Hat, BSides Las Vegas, or DEF CON. You can also find me online at @djetue and via LinkedIn.

Rapid7 Sponsors Tech For Troops Hacking Convention

This is a guest blog by Eliza May Austin, a student at Sheffield Hallam University in the United Kingdom. We commend Eliza for her involvement in and commitment to Tech for Troops and we're honored to be able to participate. In March of 2016, Rapid7…

This is a guest blog by Eliza May Austin, a student at Sheffield Hallam University in the United Kingdom. We commend Eliza for her involvement in and commitment to Tech for Troops and we're honored to be able to participate. In March of 2016, Rapid7 sponsored the first ever Tech For Troops hacking convention (TFTcon), hosted at Sheffield Hallam University. TFTcon is a hacking convention specific to ex-military people and its purpose is to bridge the gap in the information security industry with the unique skill set of military-trained people. To this day, there's record that over 9,000 homeless people in Britain are ex-military, with a staggering 64% of people who have left the force remaining unemployed for an average of 2 years after leaving. I felt this endeavor could benefit the infosec industry and the ex-forces community. TFT had a number of TED-style talks from industry professionals, many of which had a military background. I was conscious of tapping into the skeptical minds of people losing hope of a new career, and made sure to reach out to inspiring people who had experienced similar situations to the attendees. The convention featured a Chief Information Security Officer who was once an army officer, a cyber security analyst who served in the Navy, and an ex-infantry soldier turned independent penetration tester. To provide balance, we also featured of number of non-military guests as well. Each guest gave valuable input on the tech industry and contributed to the amazing success of these talks. Rapid7's involvement came about when I sent an initial invite message to a LinkedIn contact of mine, Matt Baxter, a Sales Manager at Rapid7. I expected a simple ‘accept/decline' polite response in return. Thankfully, Matt saw the potential and passed the information about the event on to others in the company. After some hard sell Matt managed to secure the grand prize, and I noticed the amount of interest increased as the word got out that such a life changing prize was at stake. The prize giveaway supplied by Rapid7 made the event even more special to our attendees. We put on a hacking competition, and David Langton, an ex-Air Force serviceman, was the first person to complete the challenge! David walked away with a Metasploit Pro license and training package worth approximately £16000. Just a little over two months later, he now works full time in Computing and has personally disclosed to me that he feels very positive about his future. He drove over eight hours to be at the TFT convention, and he was a well deserving winner. TFT is now an annual event that I am pleased to remain a part of. The future of TFT looks bright, with a number of companies already interested in the 2017 event. Within just a few short weeks of the event, its success has spoken for itself. Nine people who attended are working or training in cyber security, and the remaining attendees have committed to a career in cyber. It's plain to see the potential for the initiative to grow and I can't wait to see what the future holds.

Holiday greetings from all of us at Rapid7!

As we reach the end of December and the end of the year, we wanted to take a moment to pause and recognize what an amazing year it has been -- and how grateful we are to EVERYONE who made 2015 so memorable. That's why…

As we reach the end of December and the end of the year, we wanted to take a moment to pause and recognize what an amazing year it has been -- and how grateful we are to EVERYONE who made 2015 so memorable. That's why we put together this short video as a way to say, quite simply, thank you. (Please note: If you see a grey box instead of a video above, the player may take a moment to load.) Happy holidays and happy new year! ~ @mvarmazis

Rapid7 Belfast Office First Hackathon!

What an exciting year 2015 has been to work at Rapid7! We had our IPO and made two awesome acquisitions' in NT OBJECTives (NTO) and Logentries. Another of the many notable events that have occurred over the past 18 – 24 months has been the growth…

What an exciting year 2015 has been to work at Rapid7! We had our IPO and made two awesome acquisitions' in NT OBJECTives (NTO) and Logentries. Another of the many notable events that have occurred over the past 18 – 24 months has been the growth seen in the size of the products team. At the core of this expansion has been the Belfast R & D office, which has now been established for almost 2 years. Leonardo da Vinci said, “One shall be born from small beginnings which rapidly become vast.” This has certainly been true with the Rapid7 Belfast office! On December 16th 2013, Chris Wallace (“Big Red” to those who know him) began an accelerated recruitment drive that would see the Belfast office have almost 75 employees in November 2015. During this 23 month adventure we have progressed from Chris's home office through serviced offices and finally to our own office space in May 2015. A landmark day! Tuesday November 17th 2015 saw another landmark occasion for the Belfast office as we held our first Rapid7 Hackathon, something that we typically do once a quarter and rotate across offices. We were excited to welcome Moose* from the new Dublin office (formerly Logentries), Toronto office, Cambridge office, and L.A. office along with guest appearances by SVP of Product Delivery Rich Perkett and Rapid7 CTO/Co-founder Tas Giakouminakis. Teams For the day of the hackathon, our visitors to the office swelled our ranks to almost 100 people meaning, we would have the largest Rapid7 Hackathon to date outside of the landmark hackathon that took place after the 2013 Rapid7 Global Kick Off. The plan was to begin the Hackathon at 11am and run through to 11pm when presentations and judging would take place. With that in mind, the team in Belfast, assisted by multiple contributors, had accrued over 60 project suggestions in the preceding weeks! The idea's came in from across the products organization and touched a wide variety of problems which when solved would have maximum impact for our customers. To ensure we could begin promptly on the day of the hackathon the team in Belfast had written (I use the word ‘written' here loosely, all who have had the task of reading an engineer's handwriting will understand why the keyboard is one of the greatest inventions ever!) brief descriptions of each idea on one of our large whiteboards on the previous day to allow us to organize such a large group of developers (Did some one say herding cats?). From 10am, everyone gathered to discuss the proposed projects and, after a process of elimination, we managed to whittle things down to 14 teams, each with a unique project. Below is a small selection of the teams who took part... Projects The security landscape is continually evolving, and at Rapid7, we are constantly looking for innovative ways to not only solve today's problems, but also enable our customers to solve tomorrow's as-yet-unknown ones. Thus, innovation is encouraged amongst all Moose*. This innovative spirit was definitely a common theme throughout the projects undertaken at the hackathon. Projects focused on a wide range of areas including scaling and enhanced profiling of the Rapid7 Cloud Platform, off-line assessment and real-time data analytics, next generation asset finger-printing analysis, intelligent phishing detection using machine learning, Web shell detection, customizable report builders, and Rapid7 ‘Target Labs' enhancement. Presentations After an innovative but long day interspersed with copious amounts of sandwiches, Chinese food, energy drinks, energy bars, sugary treats, chocolate bars, crisps (Chips to our U.S. friends) and of course a few tins (Cans to our U.S. friends) of Guinness, not to mention some well earned R&R at the pool table the teams finished, had a short break and began to present what they had achieved. The presentations lasted from just after 11pm to 1am and the judges all agreed that the standard of work and amount accomplished in just 12 short hours was nothing short of awesome. Every team had approached their unique project with the customer at the heart of all they did and over the coming months the products team will have some amazing features and enhancements to roll out! After considerable discussion (Which proved animated considering it was post 1am!) the judging panel selected 3 teams to be awarded prizes including iPods, drones, Wi-Fi speakers and Chromecasts. Each winning team was cross-functional, made up of Moose* from multiple offices and had chosen a project which would have maximum impact for our customers when delivered in full. The special award for ‘Blue Sky thinking' went to a team made up of Ross Barrett, Senior Manager for Data Collection from our Toronto office and Conor Cassidy, Technical Product Manager from our Belfast office. Ross and Conor decided to take a ‘novel' (Cheesy I know!) approach to writing an educational manual highlighting how Rapid7 portfolio of products can be used together to secure the modern enterprise against multiple threats. Without giving too much away, this definite modern classic could be summed up as follows, “A rip-roaring modern day tale of suspicion, intrigue and high stakes espionage where our protagonists must work together using market leading technologies to ensure the survival of the company they love so much!” Watch out Tom Clancy, Ross and Conor are coming for you! Everyone who took part in the Hackathon agreed that it was an awesome experience with some amazing projects! We look forward to many more incredible days at Rapid7 throughout 2016! *The singular of the word moose is “moose.”  The plural of the word moose is also “moose.”  Therefore, we think of our team in terms of the plural – together we are all “one moose.”  It's our way of recognizing the teamwork embodied by all of us to build an incredible company.

Why I'm Joining Rapid7

I am admittedly reticent to talk about myself, as I try to let my actions and accomplishments speak louder than any boisterous cacophony. However, this really isn't about me, it's about being able to work with an outstanding team of professionals who truly want to…

I am admittedly reticent to talk about myself, as I try to let my actions and accomplishments speak louder than any boisterous cacophony. However, this really isn't about me, it's about being able to work with an outstanding team of professionals who truly want to make a huge difference in the world of cybersecurity and make it harder than ever for our adversaries to achieve their goals.For those who do not know me, I have a multi-decade background helping enterprises manage risk and defend against cybercriminals and am co-author of the book Data-Driven Security. I'm also on the Board of Directors for the Society of Information Risk Analysts and the Advisory Board for SANS Securing the Human. Most recently, I've been leading the team that produces the annual Verizon Data Breach Investigations Report.It's About the FutureBut, this also isn't really about the past, it's about the future.When I had the opportunity to hear the vision that Corey, Tas, HD and (really) the entire Rapid7 organization has for the company I knew I had to be a part of it. Since its founding back in 2000, Rapid7 has repeatedly demonstrated both a commitment and capability to craft security data and analytics solutions that help organizations of all shapes and sizes reduce risk and detect, thwart and—when necessary—recover from cyberattacks.As I learned more about our mission to infuse even greater data-driven capabilities into our tools and services, the possibilities for success seemed almost endless.It's About the CompanyBy “company,” I mean the collection of individuals that come together to make Rapid7 what it is. I personally know many outstanding individuals who work at Rapid7 and have seen their passion for what they do every day. Their excitement and commitment to excellence was just too compelling to stay away any longer.It's About the ChallengeI am a firm believer that the principles, tools and techniques of “data science” are the critical components in our quest to turn the tide on our attackers. Rapid7 already applies tested, foundational security analytics practices in our solutions. My goal is to use the wealth of rich data sources (it truly is staggering) and keen security domain and engineering knowledge that exists across the entire organization to enhance existing capabilities in our current offerings and develop new, innovative (and, dare I say revolutionary) data-driven products and services that I know will raise the bar for the entire industry.It's About YouI have always been extremely impressed with Rapid7's commitment to the community. Not just the community of customers, but the cybersecurity community writ large, with our support of conferences; our continual development and distribution of open source tools/data; and, our vocal support and demonstrated actions to ensure researchers have the freedom and tools to help us defend our organizations without encumbrance.As we discover and develop new security data science capabilities, we'll also be sharing these innovations with the community, enabling you to continue to meet the challenges that come with defending organizations in this complex and challenging world.So, why did I join Rapid7? I joined it because our vision matches my passion, our team is absolutely outstanding and our commitment is as strong as our capabilities.- @hrbrmstr

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Podcast

Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now