Magazine Store

10 Fastest Growing Cyber Security Companies 2018

Detect Threats. Respond with Confidence: Rapid7


“Our mission is to lead the emerging SecOps movement with our multi-product analytics and automation cloud and expertise.”

Founded in 2000, Rapid7 powers the practice of SecOps by delivering shared visibility, analytics, and automation that unites security, IT, and DevOps teams.

The company’s security analytics and automation cloud, Rapid7 Insight, along with its unmatched industry expertise, serve as the nexus for SecOps teams driving secure innovation. Rapid7 delivers the visibility, analytics, and automation needed to monitor, investigate, and resolve the vulnerabilities, threats, and performance issues that put organizations at risk. By automating routine tasks and providing deep intelligence, it amplifies productivity and free people to innovate, advance, and transform the world.

Rapid7’s technology, services, and research drive vulnerability management, application security, incident detection and response, and log management for more than 7,000 organizations across 125 countries, including 55% of the Fortune 100.

How Did Rapid7 Get Its Name?

When the Company first launched, it was based in Midtown, New York. Our founders, Alan, Tas, and Chad, traveled daily into the city on New York’s Rapid Transit system’s "Rapid7" train (you might notice our logo looks a bit like a bullet-train). With much of the planning and development for the Company discussed on that commute, it seemed only right to name the Company Rapid7. Today, the name embodies our commitment to rapidly responding to our customers’ needs, their evolving IT environments, and the emerging threats they face, so we can help them keep moving forward.

Rapid7 Services: From Planning and Strategy to Full-Service Support, Rapid7 Experts Have You Covered

Penetration Testing Services

In security as in life, the hardest weaknesses to pinpoint are your own. Fortunately, we have no problem thoroughly documenting all of your flaws. In fact, it’s kind of our job. And that’s a good thing: Knowing your vulnerabilities—and the ways in which attackers could exploit them—is one of the greatest insights you can get in improving your security program. With that in mind, Rapid7’s Penetration Testing Services team will simulate a real-world attack on your networks, applications, devices, and/or people to demonstrate the security level of your key systems and infrastructure and show you what it will take to strengthen it. Much like your mom, we don't highlight your failings because it bothers you—we do it because we care.

Vulnerability Management Services

Security programs supported by the adequate budget, talent, and technology are a lot like unicorns: We all desperately want to believe they exist but have yet to see the proof up close. While we can’t help you ride bareback abreast a rainbow, our Managed Services team can help you get one step closer to your fantasy of a well-managed and ever-evolving vulnerability management program, without the need for in-house hires.

Rapid7’s experts are here to help you quickly leverage your security program investment by handling the operational requirements of vulnerability scanning and/or application security for you. Our Vulnerability Management Services offer regular assessments and concise reporting, enabling higher productivity and saving you time and money.

Incident Detection and Response Services

As a security professional, you’re charged with making attackers’ lives as miserable as possible. While continuously reducing your attack surface is a surefire way to get them shaking their fists, preventative measures are only intended to slow attackers down—if they want it badly enough, they’ll find a way into your network. To really bring the pain, organizations need to complement their preventative efforts with incident detection and response capability that can find attackers once they’re in, give them a swift, hard boot, and make sure they can’t make their way back.

Sadistic? Sure. Fun? A little. Easy? No way. We understand the challenges security teams face managing both sides of the breach. And we're here to help. Rapid7's detection and response services will help you keep a keen eye on your network's activity and ensure you have the right plan in place to respond when someone gets in.

Advisory Services

Overwhelmed. Understaffed. Unprotected. Sound familiar? If so, then we won’t even ask when you last assessed your security program… we’ve got a pretty good guess. But don’t sweat it—many security teams can’t free up the time and resources to analyze their program, or uncover the insight they need to improve it. That’s why we’re here. Rapid7 Advisory Services can help you not only get unstuck but move with purpose.

Its Advisory Services were designed with your realities in mind, built to help you prioritize your security initiatives, align them with your business, and get it all done yesterday.

IoT Security Testing Services

Smart cars. Smart security cameras. Smart medical implants. Even the smart egg tray in your smart fridge. Everything around you is always connected and communicating, swapping data with other devices and uploading it to the global internet to help your automobile, home, factory, business, and body perform better. It's hard to argue IoT's popularity and pervasiveness—or its value.

But as these devices become more integral to our lives, the need to secure them grows at pace. Many are susceptible to vulnerabilities, yet, despite this, security teams often can't dedicate either the time or the expertise to secure connected devices on their own. Fortunately, you don’t have to do it alone. You’ve got Rapid7.

Research at a Glance

The Philosophy

Rapid7 believes security is the responsibility of all technology users, manufacturers, and intermediaries and that collaboration is the only way to achieve long-term change. That’s why it is committed to openly sharing security information, helping its peers to learn, grow, and develop new capabilities, and supporting each other in raising and addressing issues that affect the cybersecurity community.

Project Sonar

Project Sonar is a security research project by Rapid7 that conducts internet-wide scans across different services and protocols to gain insight into global exposure to common vulnerabilities. Like our vulnerability disclosures and exploits, we publish our data for free to encourage scientists, engineers, and anyone else interested in the nature and form of the internet to make their own discoveries.

Project Heisenberg

The Heisenberg Cloud is a collection of low-interaction honeypots distributed both geographically and across IP space. The honeypots offer the front end of various services to learn what other scanners are up to (usually no good), and to conduct "passive scanning" to help enhance our understanding of attacker methods.

The National Exposure Index

The National Exposure Index is a study conducted annually to better understand the nature of internet exposure—services that either do not offer modern cryptographic protection or are otherwise unsuitable to offer on the increasingly hostile internet—and how those exposure levels look around the globe. How does your country’s security posture stack up?

Quarterly Threat Reports

In our quarterly threat reports, we leverage data from the Rapid7 Insight platform, Managed Detection and Response engagements, Project Sonar, and Project Heisenberg to dive into notable security events, determine key takeaways, and provide helpful information for companies continuing to build out their security programs.

Under the Hoodie

In “Under the Hoodie: Actionable Research from Penetration Testing Engagements,” we shed light on the “dark art” of penetration testing by revealing not just the processes, techniques, and tools that go into it, but also the real-world experiences of our engineers and investigators gathered over thousands of pen tests.

Rapid7 Research Impact across Industries

Rapid7 researchers constantly work to uncover unknowns as far as technology reaches.

Consumer Technology

It’s hard to imagine our lives without tech glued to our hands. Reality is, security risks are present in even the most unassuming, commonplace devices. Over the years, our researchers have discovered and made public several critical vulnerabilities capable of compromising your personal data and safety in everything from printers, baby monitors, vehicles, and even children’s toys.

Business Technology

It’s no big secret that security has far-reaching impacts on a business—including on its bottom line. The work of our researchers has helped global organizations secure their internal processes, as well as the safety of the customers who rely on them; these improvements can be seen in medical devices, healthcare software, broadcasting equipment, corporate networks, and more.

Public Infrastructure

While most of us don’t spend our days thinking about critical infrastructure, it’s core to the functioning of our world as we know it. Therefore, as the need to innovate it grows, so does our need to secure it. Given our collective dependency on infrastructure, our researchers make it a priority to investigate how to secure emerging tech like smart sensors, while our Public Policy efforts aim to help governments adopt these innovations securely.

Success Stories

Building Stronger Vulnerability Management at a California Bank


  • Vulnerability scanning on an air-gapped network.
  • Pen testing reports can often be either too complex for the board or too simplistic for IT teams.


  • Rapid7’s Nexpose tool has flexible deployment and update options, making offline scans easy.
  • The Rapid7 penetration testing approach offers a high-level view for executives and more granular detail perfect for IT teams to dig into.

Managed Care Systems Inc. Leverages Rapid7 Pen Testing to Evaluate User Roles and Privileges


  • MCSI wanted to test the ability of their back end, role-based access controls to curb attempts to elevate privileges.
  • MCSI needed an official way to inform clients and regulators about the security and integrity of their systems, while also satisfying HIPAA standards with a third-party evaluation.


  • The Rapid7 team guided MCSI through recommendations and functional areas to focus on for a role-based pen test.
  • In the end, MCSI was able to leverage Rapid7’s “highly actionable and specific” report to create internal tickets that resulted in quick vulnerability resolution.

Rapid7 Belief:


Words from the Chief:

“It is possible to innovate and push the boundaries of progress while keeping data and assets secure and Rapid7 will innovate and disrupt the status quo so you can innovate securely. At Rapid7, we the emerging SecOps movement transforms systems design to make good security a core design principle. We provide the visibility, analytics, and automation needed to succeed.

We believe secure and reliable innovation requires governments, researchers, and practitioners to collaborate, share knowledge, and educate each other. We will lead in this effort.”

Greet the Kingpin

Corey E. Thomas, President & Chief Executive Officer: In addition to being president and CEO, Corey is also a member of the Rapid7 board of directors. In 2018, he was elected to the Cyber Threat Alliance (CTA) board of directors and the Massachusetts Cybersecurity Strategy Council. He also serves on the Blue Cross Blue Shield of Massachusetts board of directors, sitting on its audit and health care quality and affordability committees. Corey has extensive experience leading technology companies to the next stage of growth and innovation. Prior to joining Rapid7, Corey was VP of marketing at Parallels, Inc., a virtualization technology company; group project manager of the Microsoft Server and Tools division, launching the worldwide availability of SQL Server 2005 and steering product planning for Microsoft’s data platform; and a consultant at Deloitte Consulting.

Corey received a B.E. in electrical engineering and computer science from Vanderbilt University and an MBA from Harvard Business School.

“We believe that all businesses should have access to great security software and services. We deliver solutions powerful and scalable enough for the largest organizations, but simple and accessible enough for organizations of every size and maturity.”