BOSTON, Mass. – August 17, 2012 – Rapid7, the leading provider of security risk intelligence solutions, today announced that its flagship vulnerability management solution, Rapid7® Nexpose, received a "Strong Positive" ‐ the highest rating possible ‐ in Gartner's 2012 "MarketScope for Vulnerability Assessment"1.

"We’re excited that Gartner has recognized Rapid7’s capabilities in vulnerability management. Flexibility, accuracy and breadth of scanning have all been areas we’ve focused on to simplify the complex risk management challenge for our customers and arm them to improve their organization’s security posture,” said Bernd Leger, vice president of marketing, products and solutions at Rapid7.

Nexpose proactively supports the entire vulnerability management lifecycle, including discovery, assessment and mitigation of security threats, including vulnerabilities, misconfigurations and malware kits. This gives organizations immediate insight into the security posture of their IT environment by conducting over 92,000 vulnerability checks for more than 31,800 vulnerabilities. The solution leverages one of the largest vulnerabilities databases to identify vulnerabilities across networks, operating systems, databases, Web applications and virtual assets. Risk is classified and prioritized based on industry benchmarks such as CVSS and then enriched with contextual information such as the availability of exploits, malware kits, and the age of vulnerabilities. Nexpose then helps to provide a detailed, sequenced remediation roadmap with time estimates for each task. This helps users prioritize remediation so they can focus on the most critical vulnerabilities and make a real improvement to the organization’s security posture.

In addition, the integration of Nexpose and Rapid7’s penetrationtesting solution, Metasploit, provides a closed‐loop security risk assessment solution. Metasploit imports vulnerability scanning results from Nexpose, validates risks, and feeds the outcome back into Nexpose to simplify reporting and streamline remediation. Metasploit does this by identifying and testing known exploits that correlate with each vulnerability, identifying whether specific attack vectors present a real risk for the organization. This information can then be used to prioritize mitigation and remediation actions.

Nexpose is available in several forms: software, appliance, virtual appliance, laptop/mobile, and as a managed service with which customers can mix these product and service components together in operation. The solution is used to help organizations improve their overall risk posture and security readiness, as well as to comply with mandatory regulations, including security requirements for PCI, HIPAA, ARRA HITECH ACT, FISMA (including SCAP, USGCB, FDCC and CyberScope Compliance), Sarbanes‐Oxley (SOX) and NERC CIP. Nexpose is a Common Criteria EAL3+ product and received the SC Magazine Vulnerability Assessment Tool of the Year Award in 2012.

About Rapid7

Rapid7 is the leading provider of security risk intelligence. Its integrated vulnerability management and penetration testing products, Nexpose and Metasploit, empower organizations to obtain accurate, actionable and contextual intelligence into their threat and risk posture. Rapid7's solutions are used by more than 2,000 enterprises and government agencies in more than 65 countries, while the Company's free products are downloaded more than one million times per year and enhanced by the more than 175,000 members of its open source security community. Rapid7 has been recognized as one of the fastest growing security companies by Inc. Magazine and as a "Top Place to Work" by the Boston Globe. Its products are top rated by Forrester® and SC Magazine. The Company is backed by Bain Capital Ventures and Technology Crossover Ventures. For more information about Rapid7, please visit http://www.rapid7.com.

MarketScope Disclaimer Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

1 Gartner "MarketScope for Vulnerability Assessment" by Kelly M. Kavanagh, August 10, 2012