Rapid7 Earns Top Spot from SANS in Critical Security Controls Report

Boston, MA — October 6, 2016

Rapid7, Inc. (NASDAQ: RPD), a leading provider of security data and analytics solutions, has been recognized by SANS for providing the most comprehensive coverage across the Center for Internet Security (CIS) Critical Security Controls for Effective Cyber Defense. The ranking found that Rapid7’s incident detection and response and threat exposure management solutions cover 19 of the 20 Controls as defined by CIS.

A recommended set of actions for cyber defense designed to provide specific and actionable ways to stop today's most pervasive and dangerous attacks, the Controls focus on helping organizations minimize the risk they’re exposed to and harden resiliency. The Controls are designed using best-in-class threat data and provide actionable guidance to improve cybersecurity.

“We know organizations don’t have limitless resources, so we design solutions that help them focus on actions that make the biggest and most immediate impact,” said Lee Weiner, chief product officer at Rapid7. “Of the 19 companies listed, no other providers can match the coverage our solutions offer, or their ability to empower customers with actionable intelligence and accelerated insight. Our ranking speaks to that.”

Created by the people who know how attacks work – NSA Red and Blue teams, the US Department of Energy nuclear energy labs, law enforcement organizations, and some of the nation's top forensics and incident response organizations – the Controls aim to help stop known attacks. The Controls are updated based on new attacks that are identified and analyzed by groups from Verizon to Symantec, so the Controls can stop or mitigate those attacks.

For a copy of the ranking, visit: https://www.sans.org/media/critical-security-controls/SANS_CSC_Poster.pdf

Learn more about the Top 20 Critical Security Controls

In 2008, NSA’s Information Assurance Directorate led a security community-driven effort to develop the original version of the Controls, then known as the “Consensus Audit Guidelines.” Over the years the SANS Institute, a research and education organization for security professionals, developed the Top 20 Critical Security Controls to address the need for a risk-based approach to security. Prior to this, security standards and requirements frameworks were predominantly compliance-based, with little relevance to the real-world threats they are intended to address. The Controls are prioritized to help organizations focus security efforts to have the greatest impact in improving their risk posture. The Critical Security Controls are now managed by the CIS with continuing involvement by the security community.

SANS surveyed industry vendors in March 2016, using the CIS document “A Measurement Companion to the CIS Critical Security Controls (Version 6)” dated October 2015 as a baseline.

About SANS

The SANS Institute is the largest global cybersecurity training and certification provider and its programs reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community.