Aberdeen Group Research Validates Need for Rapid7's Network, Database and Web Scanning Capabilities, Confirms Impressive Return on Investment in Vulnerability Management

Business Wire, August 21, 2008

Rapid7's NeXpose Typifies the Technology and Practices Aberdeen Recommends for Proactively Managing Vulnerabilities and Achieving High Performance

BOSTON -- Rapid7 LLC, provider of NeXpose, the leading Unified Vulnerability Management solution, is offering its customers, partners, and other organizations a new research report developed by Aberdeen Group that validates vulnerability management (VM) as an essential function for top performance and recommends proactively performing VM for higher efficiency and lower total cost. The research reveals that companies employing "best-in-class" technology and practices to address vulnerabilities reap a 91% return on investment within 11 months.

The report by Aberdeen, a Harte-Hanks Company (NYSE:HHS), is titled "Vulnerability Management: Assess, Prioritize, Remediate, Repeat" and describes VM as a necessary function for just about every organization, of any size, with business operations that involve Internet-facing networks, computers and application software. VM is also a never-ending process and the vulnerability management lifecycle -- assess, prioritize, and remediate -- must be repeated on a regular basis to manage risk within acceptable limits.

The Aberdeen report also details what Rapid7 customers and NeXpose users already attest -- what typifies the "best-in-class" technology and practices for accomplishing VM. Because VM tasks are complex, repetitive and time-consuming, automating them and deploying enabling technologies produces savings in the costs created by new vulnerabilities and reduces the total cost of VM, freeing up resources to invest in more strategic IT initiatives. Aberdeen's research shows that higher frequency of vulnerability assessments is strongly correlated with top performance: companies identified as "best-in-class" find about 10% more vulnerabilities than the industry average, and faster response times for remediation reduces their window of exposure.

"Aberdeen's report substantiates that companies need to identify, prioritize and remediate threats and vulnerabilities and to do so on a continuous basis, employing strategic actions and organizational capabilities as well as enabling technologies such as vulnerability assessment, penetration testing and risk analysis," said Alan Matthews, CEO of Rapid7 LLC. "Our customers know that with the increasing volume, variety and sophistication of vulnerabilities, failure to implement preventative measures will dramatically impact the security of their IT infrastructure and their ability to meet compliance requirements. Our customers have provided unwavering proof that Rapid7's NeXpose gives them the breadth and depth of coverage to locate and manage vulnerabilities easily and successfully without consuming undue time and money."

"The number of new threats and vulnerabilities that surface every week means that managing vulnerabilities simply has to be done, and the top performers in this study are doing it more effectively and at a lower cost," said Derek Brink, vice president and research fellow for IT Security, Aberdeen. "As part of their strategies, Aberdeen has noted a trend, particularly among Best-in-Class organizations, towards selecting solutions that are both deeper in terms of functionality and broader in terms of the categories of threats and vulnerabilities managed."

Rapid7's NeXpose is the broadest and deepest VM system, as it comprehensively scans Web applications, databases, operating systems and networks to locate threats, assesses their risk to the environment, devises a remediation plan and implements the ticketing process. NeXpose discovers the vulnerabilities that hackers most exploit and other products fail to detect by using an expert system to chain together individual external vulnerabilities to reveal potentially hidden vulnerabilities at deeper levels of the systems.

Aberdeen's research confirms that the best results are achieved by making VM as efficient and cost-effective as possible: companies with top performance estimate an impressive 91% marginal return on investment based on a comparison of total vulnerability-related costs avoided with the total cost of their vulnerability management activities. Best-in-class companies estimate their payback period at less than 11 months.

According to Aberdeen's report, efficiency is gained by automating and streamlining the steps in the VM lifecycle; specifically, identifying and tracking only those vulnerabilities and threats that are relevant to the organization's IT assets, prioritizing vulnerabilities based on the level of risk and the business value of the IT assets in question, and automating remediation and applying compensating controls where patches or updates are not available.

A complimentary copy of the report is made available in part by Rapid7. To obtain a complimentary copy of the report, visit: http://www.aberdeen.com/link/sponsor.asp?spid=30411329&cid=5231

About Rapid7

Rapid7 is the leading provider of NeXpose Unified Vulnerability Management (UVM) Solutions. First introduced in 2001, Rapid7's NeXpose offers the broadest, deepest and most accurate vulnerability scanning and ensures compliance with governmental regulations and corporate security policies through its extensive reporting capabilities, including customizable policy compliance templates. Rapid7 is certified as an Approved Scanning Vendor (ASV) by the PCI Security Standards Council.