Rapid7 Brings Strategic Security Advisory Services to EMEA and Introduces New Global Threat Modeling Service

Rapid7’s Cyber Security Maturity Assessment and Incident Response Program Development services now available to EMEA customers

LONDON--()--Rapid7, a leading provider of security data and analytics software and services, today announced it will offer its Strategic Advisory Services in EMEA to help security executives and teams solve pressing cyber security challenges. The practice, which launched in the U.S. in September 2014, helps organizations transform their security programs to be more relevant, actionable, and sustainable through data-driven, risk-based analysis. The Company has also announced it will offer a new global service, Threat Modeling, to help organizations identify potential threats against applications, systems, and infrastructures during their design phase. Rapid7’s EMEA Strategic Services Practice will be led by Wim Remes, EMEA strategic services manager.

“Strategic Attack Surface Management: Involving the Business”

“Security professionals are constantly battling new and emerging security threats and challenges, making it progressively more difficult to determine the best use of resources while prioritizing initiatives," said Wim Remes, EMEA strategic services manager at Rapid7. "We’re focused on helping security professionals make smart, informed decisions to address challenges -- measured against rigorous standards -- to improve their organization’s security posture."

Remes has more than 15 years of experience in helping clients reduce risk by solving complex security problems and building resiliency into organizations’ IT fabric. Before joining the Rapid7 team in December 2014, Remes was chairman of the board at ISC2, a managing consultant at IOActive, a manager of information security for Ernst and Young, and a security consultant for Bull, where he built security programs for enterprise-class clients.

Comprehensive cybersecurity programs are increasingly hard to create and implement, as organizations are faced with an evolving threat landscape, new compliance standards, and business requirements. According to OWASP, 43% of global organizations do not have a documented cyber security program in place, limiting their ability to respond quickly to threats and attacks. Rapid7’s Cyber Security Program Development service gives organizations guidance to help them build measurable and actionable programs aligned to strategic business needs.

Rapid7's global Services team has deep experience building and managing security programs, with expertise in vulnerability management, fraud detection, threat intelligence, incident response, and red-team programs. The Strategic Services Practice offers cyber security program development and assessment services and a new threat modeling service.

Services newly available in EMEA include:

  • Cyber Security Maturity Assessment (CSMA). The first step in the development process, CSMA evaluates the current state of an organization’s security program. Following the evaluation, customized recommendations are made to address the organization’s particular threats, risk appetite, and business goals. At that point, a gap analysis is performed, where industry best practices are compared to the organization's current controls.

    Changes are then identified to build a relevant, actionable, and sustainable security program aligned with compliance standards, such as ISO 27001 and PCI DSS, and Rapid7's cyber-security maturity models. The resulting program is designed for in-house staff to implement and drive measurable improvements over a timeframe appropriate to their organization. Customer success is measured through detailed documentation, including a cyber-security maturity scorecard, tactical and strategic recommendations, procedures guides, technical architectures, and a prioritized execution roadmap.
  • Incident Response Program Development. Rapid7 begins with a detailed evaluation of the current state of an organization’s threat detection and incident response program, and then measures the results against its own best practices and understanding of current attacker methodologies. The resulting scorecard provides the foundation for creating a new incident response plan that includes guidance on preparation, anomalous behavior detection, incident management, technical response, and communications plans.

    To reinforce the guidance, Rapid7 experts perform threat simulation sessions where the incident response team works through real breach scenarios, coordinates technical response activities, identifies key sources of evidence, performs mock communications, and makes recommendations for customers to prioritize cleanup and recovery. At the end of the engagement, organizations have the foundation for a sustainable investment across all three critical vectors of people, processes, and technology to minimize exposure in the event of a breach.

New to Rapid7’s Global Strategic Service Practice: Threat Modeling

Deepening Rapid7’s Strategic Services Practice offering, Rapid7 has introduced Threat Modeling services; the practice of identifying potential threats against applications, systems, and infrastructures during the design phase. While the practice of Threat Modeling has historically been applied to application development, Rapid7 has built an approach that enables organizations to address the design of broader systems and infrastructures.

Rapid7’s Threat Modeling services involve the creation of a systems model, which allows security teams to identify potential vulnerabilities, verify, and document them. It uses a methodology that is adapted to the development and architecture processes within the client’s environment. Integrating Threat Modeling into an organization’s standard design process for new applications, systems, and architectures, can improve the security of those applications, systems and architectures and lower the risk of redesign requirements at the end of a development or architecture process. Threat Modeling will be available in the U.S. and EMEA.

"Rapid7's Strategic Services team is helping security professionals evaluate their security programs at the deepest levels, truly understand the threats they're facing, and build data-driven programs that set the stage for long-term success," said Nicholas J. Percoco, vice president of services. "The ability for organizations to prioritize and react quickly to new threats is critical; it is our goal to provide them with the knowledge and expertise to do that effectively."

Rapid7 at InfoSecurity Europe

Today at 12 PM GMT, Remes will present “Strategic Attack Surface Management: Involving the Business” in the Tech Talks Theatre at InfoSecurity Europe. The session will address security as a boardroom topic and prioritization of security efforts, and will include real-world examples to illustrate methodologies that organizations can apply to identify, understand, and manage their attack surface.

At the InfoSecurity Europe booth, the Rapid7 team will present the following:

  • Lee Weiner, senior vice president of products and engineering: Engineering Better Security
  • Nicholas J. Percoco, vice president of strategic services: The 7 Minute Security Program
  • Wim Remes, manager, strategic services of EMEA: 5 Most Common Pentest Findings
  • Mark Stanislav, senior security consultant: IoT Security: A Work in Progress

For a full list of times and presenters, visit Rapid7’s InfoSecurity page: https://information.rapid7.com/see-rapid7-at-infosec-europe.html

Rapid7 is located at #E242. For more information on Rapid7's Strategic Services Program, visit http://www.rapid7.com/services/strategic-services.jsp

About Rapid7

Rapid7’s security data and analytics software and services help organizations reduce the risk of a breach, detect and investigate attacks, and build effective IT security programs. With comprehensive real-time data collection, advanced correlation, and insight into attacker techniques, Rapid7 strengthens an organization’s ability to defend against everything from opportunistic drive-by attacks to advanced threats. Unlike traditional vulnerability management and incident detection technologies, Rapid7 provides visibility, monitoring, and insight across assets and users from the endpoint to the cloud. Dedicated to solving the toughest security challenges, Rapid7 offers proprietary capabilities to spot intruders leveraging today’s #1 attack vector: compromised credentials. Rapid7 is trusted by more than 3,900 organizations across 90 countries, including 30% of the Fortune 1000.


Rachel E. Adam, 857-415-4443
Senior PR Manager