Security testing and vulnerability management vendor Rapid7 has made a bid to deepen its pen testing capabilities with the acquisition of the Metasploit.
The terms of the deal were not disclosed, but the acquisition brings the open source penetration testing framework into Rapid7’s portfolio and gives it access to large database of reliable exploits. With Metasploit’s exploit database in tow, officials at Rapid7 plan to build out the capabilities of Rapid7NeXpose and their penetration testing services.
“Our goal is to get more and more accurate results about what the biggest issues are that companies face,” Corey Thomas, Rapid7’s vice president of products and operations, said during an interview with eWEEK.
The integration will initially take two forms, he said. Data about exploits and their related vulnerabilities will be fed into Rapid7’s technology and leveraged by customers to create risk profiles. Conversely, Rapid7 data on vulnerabilities and misconfigurations will be inputted into Metasploit.
“The idea that we’re focusing on here is that even though Rapid7 has a very, very robust ability to scan systems and detect vulnerabilities and misconfigurations, it’s still no substitute for the fact that companies get much more accurate results by testing their security controls as they do penetration testing,” Thomas said.
Rapid7 plans for Metasploit to remain an open-source project, but has committed to providing contributors with the resources needed to expand Metasploit’s capabilities, he added. As part of that, HD Moore and other key Metasploit contributors are being brought onboard exclusively to work on the project full-time.
“We’ve gone out and we’ve talked a lot to customers…and they’ve asked specifically for supported versions of it for more functionality and we’re evaluating that right now,” Thomas said. “But folks are very excited about the road map we have just with making the open-source version more effective.”