- Company (that provides the nominated product / solution / service): Rapid7
- Website: http://www.Rapid7.com
- Company size (employees): 850
- Country: United States
- Type of solution: Service
- Approximate number of users worldwide: Rapid7 is trusted by more than 5,800 organizations across over 110 countries, including 37% of the Fortune 1000.
In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:
• Rapid7 security experts have been widely recognized for their research in IoT. Having found security vulnerabilities in internet-connected insulin pumps, light bulbs, cars, toys, baby monitors, and more, the company is dedicated to using security research to better protect consumers and organizations through coordinated disclosure, clear communications, and jointly agreed upon mitigations whenever possible.
• Rapid7’s experienced and skilled consultants will help identify risk and vulnerabilities, and apply solutions to mitigate security issues across the IoT ecosystem. With years of experience across sectors -- including consumer, medical, enterprise, industrial, and transportation -- Rapid7 experts are industry leaders who conduct cutting-edge IoT research, publish books, release white papers, present at conferences, and conduct thousands of assessments, advisory engagements, and penetration tests every year.
• Rapid7 understands the transportation industry, the needs of its engineers, what methods work and which ones do not and have seen what happens when security is not implemented correctly or is considered too late in the process. Rapid7 is focused on identifying real risks and creating custom solutions that integrate into what’s most important to the business, without compromising design. Over the past five years, Rapid7 has seen increased recognition for security research as a valuable part of the transportation development process. Manufacturers are working to better understand how software vulnerabilities impact the safety of their products, and Rapid7 is leading this revolutionary charge toward innovation.
In less than 300 words, summarize the most important features and benefits of this product or service
Rapid7’s IoT Security Testing Services team identifies risks and vulnerabilities, and applies solutions to mitigate security issues across a company’s IoT ecosystem. The new practice area helps organizations think strategically about building security practices into product development lifecycles, provides thorough assessment and testing of potential weaknesses for both hardware and software, and offers forensic analysis for devices that have been compromised.
The team develops comprehensive threat models of an existing systems, which can evolve with the product lifecycle, and helps customers identify and mitigate the most critical issues quickly. Rapid7 will help organizations determine an IoT projects’ limitations and weaknesses, offering consulting from the ground up so that hardware issues don’t become the Achilles’ heel of a software security architecture.
Rapid7’s penetration and system analysis testing goes beyond basic analysis to consider the whole ecosystem of the IoT technology. Rapid7 examines the physical security and internal architecture of the device to determine the breadth and depth of its physical attack surface. This service may include component indication, firmware extraction, identification of test points, and reconfiguring the device’s hardware to bypass authentication, intercept traffic, and/or inject commands that may pose a significant risk to an organization and its clients. Rapid7 also tests communications to and from the device. This includes testing the cryptographic security of encrypted transmissions, the ability to capture and modify transmissions of data, and fuzzing of the communication protocols.
Finally, Rapid7 offers services in transportation security, an industry that often has complex security requirements. And while many security companies simply add encryption or an IDS solution, Rapid7 goes beyond understanding CAN, LIN, FlexRay and other network protocols to provide assessments and recommendations that won’t affect a product’s performance, but will solve specific needs and concerns.