Rapid7 and RSA Bring Rich Vulnerability and Compliance Data to Leading GRC Solution

Integration Enables Global Organizations to Leverage Security Intelligence from Rapid7 NeXpose within RSA’s GRC Framework

BOSTON, MA – April 15, 2010 – Rapid7, a leading provider of unified vulnerability management, compliance and penetration testing solutions, and RSA, The Security Division of EMC, today announced a technology collaboration to bring rich vulnerability and compliance intelligence to RSA’s global client base. A technology integration with RSA’s Archer GRC framework is engineered to provide clients with direct access to the Rapid7 NeXpose® vulnerability management integration toolkit, allowing them to leverage NeXpose capabilities to scan the broadest range of assets across infrastructure, Web applications and databases for threats and centrally manage results within the RSA GRC framework.

“Integrating vulnerability scan results from Rapid7 into RSA’s Archer GRC framework allows us to identify, measure, manage, remediate and report on vulnerabilities through a single dashboard view,” said Al Speranza, senior information security analyst. “This consolidated picture gives Omgeo the critical information we need to manage IT risk in the context of our broader enterprise risk and compliance program.”

“With today’s threats and business needs for heightened security, such as stringent compliance regulations, it’s critical for organizations to have a clear picture of their IT environment and the vulnerabilities that can impact their business,” said Mike Tuchen, president and CEO for Rapid7. “This integration helps enable organizations of all sizes to achieve true visibility into their infrastructure in an easy-to-understand management system, enabling them to make informed decisions regarding vulnerability remediation and report their results.”

Rapid7 NeXpose, the Company's flagship vulnerability management product, provides prioritized, remediation-based reporting and risk-based scoring to help organizations optimize their network security, Web application security and database security strategies. Rapid7's products and services help businesses stay ahead of the ever-changing threat landscape, enabling organizations to protect business-critical data and comply with mandatory regulations, including the security requirements for PCI, HIPAA, FISMA, SOX, and NERC as well as the new Massachusetts Data Privacy Law (MA 201 CMR 17).

“This is a great addition for our customers,” said Jon Darbyshire, Archer General Manager for RSA, The Security Division of EMC. “The rich data provided by NeXpose is precisely the kind of intelligence that the Archer Exchange was designed for, giving customers the information they need to make sound, risk-based decisions, protect critical information assets and ultimately help accelerate their business.”

The Archer Exchange is an online marketplace dedicated to supporting enterprise governance, risk and compliance (GRC) programs. Integration providers listed on the Exchange represent leading-edge technology companies that have developed integration toolkits for RSA’s Archer GRC framework. Through the Exchange, RSA clients can integrate these technologies into the GRC framework for data consolidation, correlation, management and reporting at the business level. More information on the Archer Exchange is available at https://exchange.archer-tech.com/.

About Rapid7

Rapid7 is the leading provider of unified vulnerability management, compliance, and penetration testing solutions, delivering actionable intelligence about an organization’s entire IT environment. Rapid7 offers the only integrated threat management solution that enables organizations to implement and maintain best practices and optimize their network security, Web application security and database security strategies.

Recognized as the fastest growing vulnerability management company in the U.S. by Inc. Magazine, Rapid7 helps leading organizations such as Liz Claiborne, the United States Postal Service, Sempra Energy, Carnegie Mellon University and Red Bull to mitigate risk and maintain compliance for regulations such as PCI, HIPAA, FISMA, SOX and NERC . Rapid7 also manages the Metasploit Project, the leading open-source penetration testing platform with the world’s largest database of public, tested exploits. For more information, visit www.rapid7.com.

RSA and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other products and/or service referenced are trademarks of their respective companies.