PRESS RELEASE

BOSTON, Mass. " February 17, 2010 " Rapid7, the leading provider of unified vulnerability management, compliance and penetration testing solutions, today announced a new risk assessment solution for meeting the strict requirements of the new Massachusetts Data Privacy Law (also known as MA 201 CMR 17), which goes into effect March 1, 2010. Organizations can now leverage NeXpose, Rapid7's vulnerability management product, as a standalone solution or in conjunction with the new Rapid7 Massachusetts Privacy Law Audit Service offered by the Rapid7 Professional Services Organization (PSO) and their trusted partners to meet what is widely considered the most comprehensive data protection and privacy law in the country.

The Massachusetts Data Privacy Law requires all organizations to follow a set of minimum standards to protect the personal information of Massachusetts residents. The mandate applies to all entities that own, license, store, transmit, receive, handle or process Personal Information (PI) for Massachusetts residents, regardless of whether the entity is located inside or outside of the state, meaning that the new law will have an impact on organizations nationwide. Nonprofits and entities engaged in commerce are required to comply. The final version of the law, announced November 2009, excludes both Massachusetts state government and Massachusetts municipal government offices. The MA 201 CMR 17 provisions were enacted to protect Massachusetts residents from the rising incidence of identity theft by mandating both protective standards and stricter fines, further enforcing the breach notification enforcement provisions as mandated in Massachusetts General Law 93H (M.G.L 93H).

Organizations leveraging Rapid7's data privacy law solutions can choose to deploy Rapid7's vulnerability management software NeXpose to perform the required internal risk assessment alone or in combination with customized advisory services from Rapid7's Professional Services Organization and their trusted partners. Rapid7's Massachusetts Privacy Law Audit Service utilizes a detailed risk-based assessment methodology to perform the full internal and external risk analysis for the comprehensive Written Information Security Program (WISP) documentation required by the regulation. This methodology leverages Rapid7 NeXpose's ability to perform more than 40,000 vulnerability checks across the broadest level of assets found in today's complex IT infrastructure within organizations of all sizes.

"This new security offering from Rapid7 provides organizations nationwide with a new way to navigate the evolving compliance landscape by giving them the option of bringing Rapid7 PSO security experts and our trusted partners on-site to assist them in becoming MA 201 CMR 17 compliant," said Patty Wright, vice president of professional services, Rapid7. "Whether it's new regulations like the standards from Massachusetts, or others like PCI, HIPAA, FISMA, SOX and NERC, our experts can provide the granularity and expertise to organizations with, and without, prior experience in meeting compliance regulations. Combined with NeXpose, the most trusted vulnerability management solution known for its ability to scan the most complex network infrastructures, enterprise applications, operating systems, databases and Web applications, Rapid7 has organizations of all sizes covered."

To reduce the time and cost associated with managing vulnerabilities, minimizing risk and achieving compliance, Rapid7 NeXpose provides the industry's first prioritized remediation reports based on threat level and flexible risk scoring. Rapid7's products and services provide critical insight that enable organizations to comply with mandatory regulations, including the security requirements for PCI, HIPAA, FISMA, SOX, and NERC, as well as the new MA 201 CMR 17.

To find out more view Rapid7's MA 201 CMR 17 on-demand Webcast or download the Massachusetts Data Privacy Law Compliance Guide.

About Rapid7

Rapid7 is the leading provider of unified vulnerability management, compliance, and penetration testing solutions, delivering actionable intelligence about an organization's entire IT environment. Rapid7 offers the only integrated threat management solution that enables organizations to implement and maintain best practices and optimize their network security, Web application security and database security strategies.

Recognized as the fastest growing vulnerability management company in the U.S. by Inc. Magazine, Rapid7 helps leading organizations such as Liz Claiborne, the United States Postal Service, Sempra Energy, Carnegie Mellon University and Red Bull to mitigate risk and maintain compliance for regulations such as PCI, HIPAA, FISMA, SOX and NERC. Rapid7 also manages the Metasploit Project, the leading open-source penetration testing platform with the world's largest database of public, tested exploits. For more information, visit www.rapid7.com.