Securely Advance,

Together
Powering the practice of SecOps to reduce risk, accelerate innovation,
and advance your business
Agenda

1. Rapid7

2. Why we’re here

3. Rapid7 Insight Solutions

4. Rapid7 Services

2
Secure Advancement Starts Here.
Your Success is our Passion.
Technology
Rapid7 Insight Platform
Award-winning cloud products
deliver visibility, analytics, and
automation to unite your
teams and tools
Expertise
Security Researchers
Dedicated teams of the most
curious experts
Security Consultants
Unmatched industry
experience to extend your
team’s reach
Community
Open Source Community
Thousands of global users
and contributors
Threat Intelligence
Openly shared research and
attacker modeling
3
Trusted by over 9,100 organizations around the world.

4
Recognized as a market leader.

SIEM Magic Quadrant Vulnerability Risk Management Critical Capabilities for

- Gartner - Forrester Wave Application Security Testing
- Gartner
Committed to openly sharing security information to
strengthen the cybersecurity community.

RAPID7 RESEARCH

National Quarterly
Project Project Under the
Exposure Threat
Sonar Heisenberg Report Hoodie
Index
Why Are We Here?

Too Much Work Operational Silos Limited Resources

Unintegrated Tools And Systems

The average enterprise uses

75
security products to
secure their network.
Too Much Data

Thousands of alerts, an influx

of data, all begging for
analysis, answers, and
prioritization.
Operating in Silos
Repetitive, Manual Processes
Security Talent Gap

The global cybersecurity

workforce will be short by

1.8M
PEOPLE
by 2022, representing a rise of around
20 percent since 2015, according to a
new report by Frost & Sullivan.
Powering Security

The Practice
of SecOps
Shared visibility, analytics,
and automation
IT Development
Powering
The Practice
of SecOps
Shared visibility, analytics,
and automation
Rapid7 Insight

15
Vulnerability Assessment
Executing on a Successful Security
Program and Proving Its Efficacy is
Almost Impossible.

17
Executing on a Successful Security Program and Proving Its
Efficacy is Almost Impossible

16% 54% 22%

of Executives say their of Executives state that of security decision
companies are well risk reports are makers note their team
prepared to deal with too technical 2 being understaffed as
cyber risk 1 one of their biggest
security challenges 3

1: Perspectives on Transforming Cybersecurity. Digital McKinsey and Global Risk Practice. March 2019.
2: Perspectives on Transforming Cybersecurity. Digital McKinsey and Global Risk Practice. March 2019.
3: The Security Snapshot: Shaping The New Cybersecurity Culture. Forrester. August 2019.

18
“The biggest problem in security is not about,
‘Hey, there’s an issue here,’ but rather it’s
about telling the story about it, what it means
to the business, and how to remediate it.”

Kurt Hazel
IT Security Manager, Financial Services

19
How could things be
different for you?
To prove the efficacy of your program, you need to execute in three crucial areas

20
1 Not only visibility into vulnerabilities, but
also clarity into the operations, objectives,
and impact of security programs for

Gain Clarity stakeholders across the organization.

Into Risk and

Across Teams
The result? A deeper understanding of risk
and alignment towards common goals.

21
2 Implement a foundation for security leaders
to expand their influence and eliminate
silos by having a common language and

Extend shared objectives.

Security’s
Influence
The result? Accountability from technical
teams and an actual reduction of risk.

22
3
Support proactive, cross-functional
programs by creating a sense of
accountability and impact across teams as
the organization tracks and celebrates

See Shared Security’s progress.

Progress

The result? Accelerated achievement and

support from leadership.

23
Proving Achievement of Your Security Program

1 2 3
Gain Clarity Into Extend See
Risk and Security’s Shared
Across Teams Influence Progress

24
Rapid7 Vulnerability Management
Driving efficiencies to accelerate security in modern environments

Managed VM
/ MAS

Metasploit Pro Pen Testing Services

25
26
27
With this new foundation, executing on a
successful security program and proving its
efficacy is made possible.

Here’s how it works:

28
29
Full Visibility of Your Entire Attack Surface

Asset inventory, grouping, and filtering of on-

premises, remote, cloud, virtual, and containerized
infrastructure

The efficacy of InsightVM reduces

Dynamic discovery of AWS, Microsoft Azure, Active
Directory, DHCP, VMware and more
Identification of known and unknown assets connected
to the internet (helpful for M&A)
the manual effort to investigate and
remediate vulnerabilities by 33%.
Source: The Total Economic Impact™ Of Rapid7
InsightVM, a November 2019 commissioned study
conducted by Forrester Consulting on behalf of
Rapid7.

Live monitoring with the Insight Agent

30
31
Accurately Assess Your Ever-changing Ecosystem

Perform targeted vulnerability checking based on

the unique profile of each asset

InsightVM reduces false positive

Assess containers for risk before they’re deployed
(we charge by host, not image!)
alerts by 22%.
Source: The Total Economic Impact™ Of Rapid7
InsightVM, a November 2019 commissioned study
conducted by Forrester Consulting on behalf of
Rapid7

Configuration assessment for your cloud

infrastructure

Compliance and policy assessment

32
33
Prioritize Vulnerabilities Like an Attacker
Granular detail of Real Risk depicted with a
1-1,000 score
Factors in CVSS, malware and exploit exposure
(via Metasploit Framework and Exploit DB),
exploitability, & vulnerability age
Complimentary Integrated Threat Feeds
Addition of business context
“With vulnerabilities, it all comes
down to risk. CVSS scores were a
problem because they're static. The
InsightVM Real Risk scoring really has
allowed me to prioritize for what
matters to our specific business.”
-Infosec Manager, financial services organization
34
35
More Efficient, Cross-Functional Remediation
Solution-based remediation
Integration with ticketing solutions
Automate mundane, repeatable tasks like patching
Control workflows as much or as little as you want
Patching automation and improved
workflows with InsightVM reduce
manual effort to patch by 60%.
Source: The Total Economic Impact™ Of Rapid7
InsightVM, a November 2019 commissioned study
conducted by Forrester Consulting on behalf of
Rapid7
36
37
Even More Efficiency with Measuring & Reporting
Reporting for all levels of the organization -
from IT peers to Executives
Time-bound Goals, Continuous Goals, and SLAs
Visualization of risk through fully customizable
Live Dashboards
Intuitive GUI for querying assets, vulnerabilities,
and solutions
“The dashboards and reports in
InsightVM are very flexible. We’re
able to present the material in any
number of different ways, so it’s
nice. The C-level like the executive
summaries, and everyone else is
getting the exact information that
they need.”
-Director of Infosec, healthcare organization
38
 Reasons to Believe

342% ROI over three
years†
Customers experienced an average
return of 342% when calculating the
overall benefits of InsightVM.
22% reduction in false $2.3M savings over three
positive alerts† years†
Fewer false alerts and more Up-front risk reduction helped
accurate data helped customers customers avoid potential incidents
save time. and associated costs.

60% reduction in patching 33% reduction in

efforts† investigation efforts†
Patching automation and improved Better reporting and actionable
workflows helped customers insights helped customers make
streamline the remediation process. visible progress.

†Source:The Total Economic Impact™ Of Rapid7 InsightVM, a November

2019 commissioned study conducted by Forrester Consulting on behalf of 39
Rapid7.
40
Application Security
 Secure Collaborate Scale
The Modern Web With Speed With Ease
Accomplish More with
insightAppSec
• Start scanning in as few as five minutes

• Understand your compliance risk

• Keep pace with development

• Scale your application scanning

• Prioritize your fixes

• Deliver actionable insights

Rapid7 Services
 Rapid7 Services

Mature Extend Reduce

Your Security Your Teams and Your Security
Strategy Capabilities Risks
Rapid7 Services

Mature
Leverage expert guidance to shape your security
strategy, improve your security posture, and align to
core controls and compliance requirements.
Rapid7 Services

Extend
Get more done with a helping hand. From consulting
guidance and support to completely managed
services, we have you covered.
Rapid7 Services

Reduce
We’ll find your vulnerabilities, prioritize your risks,
monitor your alerts, and respond and investigate
when needed.
Rapid7 Services

Advisory Deployment & Incident Detection Penetration Testing Managed Services

Services Training & Response
Security Program Enterprise or Rapid Network Pen Testing Managed Detection
Development Deployment Incident Response and Response
Web/Mobile Application
Security Maturity Product/Skills Training Threat Simulation Testing Managed Application
Assessment & Certification Security
IR Program Social Engineering
IoT Security Services Security Awareness Development Managed Vulnerability
Management
Securely
Advance,
Together
Thank You