Unified, Unanimous, Converged, and UNITED …

Blog Post created by smalm on Jul 13, 2011

As you may have seen, Rapid7 launched an updated version of our award-winning vulnerability management solution today: NeXpose2011 Summer Release.  We feel that this is a pretty big deal: the new version offers all sorts of new features, with deployment flexibility and enhanced integration, scalability and administrative capabilities topping the list.  For us though, this is about more than just getting a new version of our product out the door; today we’ve pushed another step forward in our mission to improve the way organizations think about, understand,and ultimately manage their risk.  This is our mission, and it’s a commitment we take very seriously at Rapid7.


It was 10 years ago this week that our CTO spoke publicly at the RSA Conference in Singapore about NeXpose, the use of an Expert System, and unified vulnerability management across network/OS, web applications, and databases in a single platform. 




Revolutionary then; industry expectation today.  With the 10 year anniversary and NeXpose Summer Release coinciding, the timing seemed right to reflect on the state of Rapid7 and the state of our industry overall.


A little more than 2 years ago, we made some bold promises right here on the blog about raising the bar on our industry and driving a fundamental change in the Risk and Compliance space.  While we were proud of our history in bringing Unified Vulnerability Management to the market, we believed as we do today that the vulnerability management problem is far from solved.  We were the first to stand up, admit that our industry was not doing a good enough job protecting customers, and commit to doing better.  We called on customers, community, and competitors to drive change together, and we’re happy to see things starting to happen on all of these fronts.


A year later, after the Metasploit acquisition, release of Metasploit Express, sponsorship of w3af, widespread adoption of the free NeXpose Community Edition, and creation of Exploit Exposure to introduce public exploit intelligence to vulnerability management, we posted a follow up to talk about our progress over the year and confirm our commitment to continuous and relentless improvement.  We noted a revitalization in the penetration testing space, a growing acceptance of vulnerability management and penetration testing convergence by customers and community, and called out the lack of response from vulnerability management vendors. Something we said must have struck a chord.


Vulnerability Management and Penetration Testing convergence has moved from the right idea to a must-have demand from customers.  We have seen three competitors add public exploit information to their solutions over the past year, and while they have work to do to match what we did with Exploit Exposure, we’re happy to see them recognize that this is something enterprise organizations really do want and need. There are, of course, a couple of high profile laggards but they will either respond to customer demand or continue their slide into obscurity.  My only advice to those folks: listen to your customers or risk being the next to announce EOS/EOL for your solutions.


We listen to our customers every single day, and we continue to learn a lot from the people working in the security trenches day in and day out.  Rapid7’s approach to converged assessment has been driven directly from customer and community feedback about how to operate in real-world enterprise production environments.  When we acquired Metasploit, we spoke to key customers, partners, and community members before we began integration development to understand how we could best meet their needs.  As always, we developed our beta offerings accordingly.  We then maintained continuous feedback during the beta period and the consensus was unanimous:embed vulnerability management capabilities in the Metasploit interface and maintain separation in NeXpose, with penetration testing intelligence embedded.  This provides the best of both worlds: fully automated, safe scanning from NeXpose; optimized automation and expert operations from Metasploit.


We continue to speak with our customers and the community as we strive to be the most transparent vendor in our space, and we hope you’ll agree with them (and us) that this is the right way to operate.  This is the case with today’s product release, which furthers our commitment to providing meaningful security risk intelligence by giving customers the most deployment flexibility and contextual risk insight available.


Today’s release announcement is an important milestone in our evolution at Rapid7, with another busy year delivering continued performance and usability advances in NeXpose, 3 major version releases of Metasploit Express, staggering growth of the NeXpose Community Edition user base, and oh yes … the launch of Metasploit Pro.


It’s been an incredible year on the business front as well.  We opened our UK office and international expansion is growing at break-neck speed. Strategic partnerships have surpassed our expectations, adding a long list of distribution partners and tripling our technology alliances/integrations over the past 24 months including a very exciting collaboration with Sourcefire last quarter.


No signs of things slowing down anytime soon.  We have more exciting news to announce over the summer, and our early adopter feedback suggests that you’ll like the partner integrations that are coming out shortly.  We’ve also started a new collaborative security summit called UNITED, focused on innovation:  Using New Ideas To Enable Defenders.


So, it turns out that the future *is* rather friendly.  We’re better than we were a year ago, still not good enough, but a lot of people have joined the mission.  You can rest assured that we will keep pushing, keep innovating, and keep working with our customers, partners, and community to be even better tomorrow.


If you're not already a part of the Rapid7 community, please take the time to join us so you can help to drive the conversation.