Rapid7 prepares for UK arrival and tackling the increasing number of vulnerabilities

Rapid7, a well-known brand in the United States, is now targeting the UK and Europe its next expansion.

Its head of marketing Bernd Leger spoke to SC Magazine about the company and its plans. He said that Rapid7 is primarily involved with vulnerability management and critical platform analysis.

He told me that there is a genuine interest in reducing the vulnerability count on web applications and websites by its customers, particularly among its retail customers who were aiming to meet PCI DSS compliance standards. The interest in this area led to Rapid7 to putting 'our feet into the UK'.

Asked what kind of vulnerability the company addresses, Leger told me it was ‘any kind of vulnerability'. He said: “We believe in proactive risk and threat management by analysing what is out there. It is a combination of our Metasploit service and NeXpose product that gives a better insight into security role intelligence.”

NeXpose is a vulnerability management product that Rapid7 launched ten years ago, while Metasploit was acquired in 2009 in order to add the project that tests the IT infrastructure.

The acquisition also brought along founder HD Moore, who now acts at the CISO of Rapid7 and the addition of the service saw the company put in quality assurance and move from 25,000 to 100,000 users.

Leger said: “We had vulnerability management and Metasploit for testing, so we retained the Metasploit Express and Pro solutions so we can go to a company and they can use the software or use Metasploit on site.

“There is too much information and too many vulnerabilities and you can be as secure as you want to be, so it is up to you to protect what you want. Metasploit gives insight into what is real, to get into the networks and help prioritise to make it more secure. We have found the 50 most important and put the effort in to reduce risk by 80 per cent.”

“Remediation advice helps organisations to know what the most important fix is, what time is taken and what to do. Metasploit is specific on what to do and how to master the security problem. We believe that the industry has not done enough and vendors have not done enough,” Leger said.

At last week's RSA Conference the company added Flash scanner support for vulnerabilities. The next step for Rapid7 is to make its mark in the UK. Leger told me that it was initially coming to the UK to make technology partnerships and continue its innovation.

The subject of web applications, their security and vulnerabilities is certainly current and from that perspective it is a good time for Rapid7 to enter the UK market. What impact it has will be determined over time, but with the technology from Metasploit behind it, Rapid7 may well be welcomed with open arms at a crucial time.

Sign up to our newsletters