Rapid7 Added to the Department of Homeland Security’s Continuous Diagnostics and Mitigation Program’s Approved Products List

Boston, MA — September 27, 2022

Rapid7, Inc. (NASDAQ: RPD), a leading provider of security analytics and automation, today announced that it has been added to the Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) Program’s approved products list. The CDM program fortifies the cybersecurity of Federal departments and agencies and is designed to provide capabilities and solutions to monitor network vulnerabilities and threats in near real-time.

Rapid7’s inclusion on the CDM approved products list provides Government agencies the ability to leverage a collection of the company’s vulnerability risk management solutions - Nexpose, AppSpider, and Metasploit Pro - to monitor exposure, prioritize the most high-risk vulnerabilities, adapt to new threats in real-time, and test security controls.

“Organizations are faced with growing challenges from an overwhelming number of vulnerabilities that span a rapidly growing attack surface,” said Damon Cabanillas, vice president of public sector, at Rapid7. “It is critical that government agencies are armed with industry-leading solutions to prioritize and efficiently remediate risk in their unique environments.”

The CDM program provides capabilities and tools that enable network administrators to be constantly aware of the state of their respective networks, understand relative risks and threats, and identify and mitigate flaws at near-network speed. DHS works with its cross-agency partners to deploy and maintain these capabilities and tools as listed in the functional areas. They also collaborate with these partners to present the information in an automated and continuously updated dashboard. The CDM program aims to:

• Reduce agency threat surface
• Increase visibility into the federal cybersecurity posture
• Improve Federal cybersecurity response capabilities
• Streamline Federal Information Security Modernization Act (FISMA) reporting

“The addition of Rapid7 to the Approved Products List is a significant advancement to our cybersecurity solutions portfolio,” said Alex Whitworth, Sales Director at Carahsoft. “With the ever-changing threat landscape, Government agencies must evolve their IT and security strategies to protect confidentiality above all other security concerns. Rapid7’s solutions enable agencies to seamlessly identify potential threats and vulnerabilities in the organization and motivate action. We are proud to continue supporting the Federal government with our impressive range of IT solutions providers and reseller partners and look forward to expanding our CDM offerings with this new technology.”

Rapid7 Nexpose, AppSpider, and Metasploit are available through Carahsoft’s SEWP V contracts NNG15SC03B and NNG15SC27B, ITES-SW2 Contract W52P1J-20-D-0042, NCPA Contract NCPA01-86, OMNIA Partners Contract #R191902, and The Quilt Master Service Agreement Number MSA05012019-F.