Rapid7 today acquired NT OBJECTives (NTO) for an undisclosed amount in a move that it says will help its customers better keep up with the threat landscape by building out its web and mobile applications security testing capabilities. Known best for its NTOSpider dynamic testing platform, NTO brings to Rapid7 a roster of 25 employees and a mature suite of testing tools that have gained traction in the Fortune 500. For now, Rapid7 will rebrand NTOSpider as AppSpider Pro and NTOEnterprise as AppSpider Enterprise.
"Web application attacks are increasing in severity and frequency. While we've been able to address some of these challenges with our other Threat Exposure Management solutions -- Nexpose and Metasploit -- AppSpider will significantly enhance Rapid7's capabilities," says Lee Weiner, senior vice president of products and engineering for Rapid7.
With web application attacks making up about 35 percent of breaches in many industries, according to the Verizon Data Breach Investigations Report, and the velocity of mobile development adding to that attack surface exponentially, these areas remain a huge sore spot for enterprise security.
"Web application security represents one of the greatest challenges facing the security industry and businesses of all sizes. With millions of custom web applications developed in the last two decades, organizations have significantly increased their attack surface," says Dan Kuykendall, co-CEO and CTO at NTO.
Some of the unique capabilities that drew Rapid7 to NTO's product portfolio include AppSpider's 'universal translator' technology that gives better visibility into newer web and mobile development technologies like AJAX, REST, and JSON, as well as the ability to create customized attacks that can better test for business logic flaws that often go unfound using static analysis.
"NTO has developed outstanding functionality to ensure that web application assessment is broad and efficient," Weiner says. "It isn't enough to evaluate some aspects of the threat landscape and feel like you are covered. Tools -- like those from NTO -- must marry comprehensive and continuous coverage of web applications with efficient tools for sophisticated security programs managing business critical application ecosystems."
Plus, says Weiner, the NTO team was a good match from a personnel standpoint.
"We were looking for a team that wasn't just a strong fit technology-wise, but culturally," he says. "The NTO team is extremely well aligned with Rapid7 in terms of philosophy and mission."