Kyle Flaherty

Rapid7 On Top in SANS Top 20 Critical Security Controls

Blog Post created by Kyle Flaherty Employee on Sep 21, 2016

Being great is, well… great, right? But as we all know it doesn’t happen in a vacuum, it’s an equation:


Greatness = Individual Excellence + Teamwork + Meaningful Customer Relationships


Coincidentally (or not), these items make up three of the five core values we strive towards here at Rapid7 – the other two play a role as well in ‘Disciplined Risk Taking’ and ‘Continuous Learning’, but we all know blog posts need three things, it’s some sort of Internet rule. Now, let’s be honest, public displays of boasting are not what we are about here, but when you witness a tidal wave of public support from your customers on the Gartner Peer Insights portal and, simultaneously, your company comes out on top of the coverage for the SANS Top 20 Security Controls (2016 PDF poster), you have to pause for just a moment to let people know.


This is important, especially during National Cybersecurity Awareness month, because it’s all about our customers and employees working together to create killer solutions and services. And in this world where we all want the benefits of being interconnected but understand the risks, the heroes have become the IT and security teams. Equipping these teams is what drives us each day. Below is more info on each of these accolades, and a big thank you to our entire community for giving us this amazing moment.


Rapid7 Provides the Most Coverage for the SANS Top 20 Critical Security Controls

Many organizations rely on the SANS Top 20 Critical Security Controls (now a joint venture with SANS and the Center for Internet Security) to help them understand what they can do to minimize risk and harden resiliency. The Critical Security Controls run the gamut from asset identification and management to continuous monitoring and secure configurations. How does it work? Well SANS surveyed industry vendors in March 2016, using the Center for Internet Security (CIS) document “A Measurement Companion to the CIS Critical Security Controls (Version 6)” as the baseline. The “heat map” below has shaded areas totaling the number of measurements a vendor covers divided by the total number of measurements listed for that Critical Control. As you see below, Rapid7 leads the way.


SANS top 20 critical controls vendor rankings

This is a representation of our full portfolio including pen testing (Metasploit), vulnerability management (Nexpose), application security (AppSpider), and SIEM/UBA/EDR (InsightIDR). If you are already using one of our products in one area, we should show you how our solutions work together to get you even more coverage. Ultimately though, this helps people understand that our solutions provide the quality, usability, and ultimately, the insight that security professionals need to get the job done.


Gartner Peer Insight: Security Product Reviews for Rapid7 at the Top

If you haven’t checked out Gartner Peer Insights yet, it’s a resource fed by the user community themselves where they provide in-depth reviews about products they are using, ranging from SIEM and UBA, to vulnerability management, and application security. We are proud of what our customers say about us, and we are always listening for ways to improve their experience and success using our solutions. Below you'll see where Rapid7 stacks up in terms of overall peer rating on Gartner Peer Insight in the SIEM category:

gartner review for SIEM security solutions

Go take a look at what folks are saying, and then do your own searches for the solutions you need!


And if you have any questions or need to talk to us about any of our solutions just let us know in the comments or contact us page. Now that we’re done celebrating we’re back at work, with all of you, to keep progressing!