Rapid7 has acquired Metasploit to bring the open-source project's database of reliable exploits to bear in Rapid7's vulnerability management and penetration testing offerings.
Security testing and vulnerability management vendor Rapid7 has made a
bid to deepen its pen testing capabilities with the acquisition of the Metasploit.The terms of the deal were not disclosed, but the acquisition brings the
open source penetration testing framework into Rapid7's portfolio and
gives it access to large database of reliable exploits.
With Metasploit's exploit database in tow, officials at Rapid7 plan to
build out the capabilities of Rapid7NeXpose and their penetration
"Our goal is to get more and more accurate results about what the
biggest issues are that companies face," Corey Thomas, Rapid7's vice
president of products and operations, said during an
interview with eWEEK.
The integration will initially take two forms, he said. Data about
exploits and their related vulnerabilities will be fed into Rapid7's
technology and leveraged by customers to create risk profiles.
Conversely, Rapid7 data on vulnerabilities and misconfigurations will be inputted into Metasploit."The
idea that we're focusing on here is that even though Rapid7 has a very,
very robust ability to scan systems and detect vulnerabilities and
misconfigurations, it's still no substitute for the fact that companies
get much more accurate results by testing their security controls as
they do penetration testing," Thomas said.Rapid7
plans for Metasploit to remain an open-source project, but has
committed to providing contributors with the resources needed to expand
Metasploit's capabilities, he added. As part of that, HD Moore and
other key Metasploit contributors are being brought onboard exclusively
to work on the project full-time."We've
gone out and we've talked a lot to customers...and they've asked
specifically for supported versions of it for more functionality and
we're evaluating that right now," Thomas said. "But folks are very
excited about the road map we have just with making the open-source
version more effective."