Latest news with #Rapid7
Business Insider
4 days ago
- Business
- Business Insider
William Blair Sticks to Its Buy Rating for Rapid7 (RPD)
In a report released today, Jonathan Ho from William Blair maintained a Buy rating on Rapid7 (RPD – Research Report). The company's shares closed today at $23.17. Confident Investing Starts Here: According to TipRanks, Ho is a 4-star analyst with an average return of 11.4% and a 60.75% success rate. Ho covers the Technology sector, focusing on stocks such as Tyler Technologies, CyberArk Software, and Cloudflare. Rapid7 has an analyst consensus of Hold, with a price target consensus of $30.19. The company has a one-year high of $44.48 and a one-year low of $21.61. Currently, Rapid7 has an average volume of 944.8K. Based on the recent corporate insider activity of 40 insiders, corporate insider sentiment is negative on the stock. This means that over the past quarter there has been an increase of insiders selling their shares of RPD in relation to earlier this year. Most recently, in April 2025, Christina Luconi, the CPO of RPD sold 12,551.00 shares for a total of $290,102.82.
Techday NZ
5 days ago
- Techday NZ
Rapid7 Q1 2025 incident response findings
Rapid7's Q1 2025 incident response data highlights several key initial access vector (IAV) trends, shares salient examples of incidents investigated by the Rapid7 Incident Response (IR) team, and digs into threat data by industry as well as some of the more commonly seen pieces of malware appearing in incident logs. Is having no MFA solution in place still one of the most appealing vulnerabilities for threat actors? Will you see the same assortment of malware regardless of whether you work in business services or media and communications? And how big a problem could one search engine query possibly be, anyway? The answer to that last question is "very," as it turns out. As for the rest… Initial access vectors Below, we highlight the key movers and shakers for IAVs across cases investigated by Rapid7's IR team. While you'll notice a fairly even split among several vectors such as exposed remote desktop protocol (RDP) services and SEO poisoning, one in particular is clearly the leader of the pack where compromising organisations is concerned: stolen credentials to valid/active accounts with no multi-factor authentication (MFA) enabled. Valid account credentials — with no MFA in place to protect the organisation should they be misused — are still far and away the biggest stumbling block for organisations investigated by the Rapid7 IR team, occurring in 56% of all incidents this first quarter. Exposed RDP services accounted for 6% of incidents as the IAV, yet they were abused by attackers more generally in 44% of incidents. This tells us that third parties remain an important consideration in an organisation's security hygiene. Valid accounts / no MFA: Top of the class Rapid7 regularly bangs the drum for tighter controls where valid accounts and MFA are concerned. As per the key findings, 56% of all incidents in Q1 2025 involved valid accounts / no MFA as the initial access vector. In fact, there's been very little change since Q3 2024, and as good as no difference between the last two quarters: Vulnerability exploitation: Cracks in the armour Rapid7's IR services team observed several vulnerabilities used, or likely to have been used, as an IAV in Q1 2025. CVE-2024-55591 for example, the IAV for an incident in manufacturing, is a websocket-based race condition authentication bypass affecting Fortinet's FortiOS and FortiProxy flagship appliances. Successful exploitation results in the ability to execute arbitrary CLI console commands as the super_admin user. The CVE-2024-55591 advisory was published at the beginning of 2025, and it saw widespread exploitation in the wild. One investigation revealed attackers using the above flaw to exploit vulnerable firewall devices and create local and administrator accounts with legitimate-looking names (e.g., references to "Admin", "I.T.", "Support"). This allowed access to firewall dashboards, which may have contained useful information about the devices' users, configurations, and network traffic. Policies were created which allowed for leveraging of remote VPN services, and the almost month-long dwell time observed in similar incidents may suggest initial access broker (IAB) activity, or a possible intended progression to data exfiltration and ransomware. Exposed RMM tooling: A path to ransomware As noted above, 6% of IAV incidents were a result of exposed remote monitoring and management (RMM) tooling. RMMs, used to remotely manage and access devices, are often used to gain initial access, or form part of the attack chain leading to ransomware. One investigation revealed a version of SimpleHelp vulnerable to several critical privilege escalation and remote code execution vulnerabilities, which included CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728. These CVEs target the SimpleHelp remote access solution. Exploiting CVE-2024-57727 permits an unauthenticated attacker to leak SimpleHelp "technician" password hashes. If one is cracked, the attacker can log-in as a remote-access technician. Lastly, the attacker can exploit CVE-2024-57726 and CVE-2024-57728 to elevate to SimpleHelp administrator and trigger remote code execution, respectively. CVE-2024-57727 was added to CISA KEV in February 2025. The vulnerable RMM solution was used to gain initial access and threat actors used PowerShell to create Windows Defender exclusions, with the ultimate goal of deploying INC Ransomware on target systems. SEO poisoning: When a quick search leads to disaster SEO poisoning, once the scourge of search engines everywhere, may not be high on your list of priorities. However, it still has the potential to wreak havoc on a network. Here, the issue isn't so much rogue entries in regular search results, but instead the paid sponsored ads directly above typical searches. Note how many sponsored results sit above the genuine site related to this incident: Multiple sponsored searches above the official (and desired) search result This investigation revealed a tale of two search results, where one led to a genuine download of a tool designed to monitor virtual environments, and the other led to malware. When faced with both options, a split-second decision went with the latter and what followed was an escalating series of intrusion, data exfiltration and—eventually—ransomware. An imitation website offering malware disguised as genuine software On the same day of initial compromise, the attacker moved laterally using compromised credentials via RDP, installing several RMM tools such as AnyDesk and SplashTop. It is likely that the threat actor searched for insecurely stored password files and targeted password managers. They also attempted to modify and/or disable various security tools in order to evade detection, and create a local account to enable persistence and avoid domain-wide password resets. An unauthorised version of WinSCP was used to exfiltrate a few hundred GB of sensitive company data from several systems, and with this mission accomplished only a few tasks remained. The first: attempting to inhibit system recovery by tampering with the Volume Shadow Copy Service (VSS), clearing event logs, deleting files, and also attempting to target primary backups for data destruction. The second: deployment of Qilin ransomware and a blackmail note instructing the victim to communicate via a TOR link lest the data be published to their leak site. Qilin ranked 7 in our top ransomware groups of Q1 2025 for leak post frequency, racking up 111 posts from January through March. Known for double-extortion attacks across healthcare, manufacturing, and financial sectors, Qilin (who, despite their name, are known not to be Chinese speakers, but rather Russian-speaking) has also recently been seen deployed by North Korean threat actors Moonstone Sleet. Attacker behaviour observations Bunnies everywhere: Tracking a top malware threat BunnyLoader, the Malware as a Service (MaaS) loader possessing a wealth of capabilities including clipboard and credential theft, keylogging, and the ability to deploy additional malware, is one of the most prolific presences Rapid7 has seen this first quarter of 2025. In many cases, it's also daisy-chained to many of the other payloads and tactics which make repeated appearances. To really drive this message home: BunnyLoader is the most observed payload across almost every industry we focused on. Whether we're talking manufacturing, healthcare, business services or finance, it's typically well ahead of the rest of the pack. Here are our findings across the 5 most targeted industries of Q1: BunnyLoader is in pole position not only for the 5 industries shown above, but across 12 of 13 industries overall, with 40% of all incidents observed involving this oft-updated malware. Just over half of that 40% total involved a fake CAPTCHA (commonly used for the purpose of victims executing malicious code), with malicious / compromised sites appearing in a quarter of BunnyLoader cases. Rogue documents, which may be booby-trapped with malware or pave the way for potential phishing attacks, bring up the rear at just 9% of all BunnyLoader appearances recorded. First offered for sale in 2023 for a lifetime-use cost of $250, its continued development and large range of features make it an attractive proposition for rogues operating on a budget. Targeted organisations: The manufacturing magnet Manufacturing organisations were targeted in more than 24% of incidents the Rapid7 IR team observed, by far the most targeted industry in Q1 based on both Rapid7's ransomware analytics and IR team observations. The chart below compares Rapid7's industry-wide data (comprising a wide range of payloads and tactics) with ransomware leak post specific data. In both cases, manufacturing is a fair way ahead of other industries; this reflects its status as one of the most popular targets for ransomware groups over the last couple of years. The manufacturing industry is an attack vector for nation states because it is an important component of global trade. It is also an area that has many legacy and older, operational technologies (OT). Combine unpatched legacy systems with complicated supply chains, and you have a risk that nation state actors will find an attractive target. This is especially the case when considering that many manufacturing organisations have critical contracts with governments, and attacks can cause severe disruption if they're not speedily resolved. Conclusion Q1 2025 resembles a refinement of successful tactics, as opposed to brand new innovations brought to the table. Our Q1 ransomware analytics showed threat actors making streamlined tweaks to a well-oiled machine, and we find many of the same "evolution, not revolution" patterns occurring here. This progression is particularly applicable in the case of initial access via valid accounts with no MFA protection. We expect to see no drop in popularity while businesses continue to leave easy inroads open and available to skilled (and unskilled) attackers. In addition, the risk of severe compromise stemming from seemingly harmless online searches underscores the necessity for organisations to reexamine basic security best practices, alongside deploying robust detection and response capabilities. Businesses addressing these key areas for concern will be better equipped to defend against what should not be an inevitable slide into data exfiltration and malware deployment.
Yahoo
5 days ago
- Business
- Yahoo
RPD Q1 Earnings Call: Detection and Response Growth Offset by Exposure Management Pressures
Cybersecurity software maker Rapid7 (NASDAQ:RPD) fell short of the market's revenue expectations in Q1 CY2025 as sales rose 2.5% year on year to $210.3 million. Its non-GAAP EPS of $0.49 per share was 42.2% above analysts' consensus estimates. Is now the time to buy RPD? Find out in our full research report (it's free). Revenue: $210.3 million (2.5% year-on-year growth) Adjusted EPS: $0.49 vs analyst estimates of $0.34 (42.2% beat) Adjusted Operating Income: $32.35 million vs analyst estimates of $24.01 million (15.4% margin, 34.7% beat) Revenue Guidance for Q2 CY2025 is $212 million at the midpoint, below analyst estimates of $213.4 million Management raised its full-year Adjusted EPS guidance to $1.85 at the midpoint, a 3.4% increase Operating Margin: 0%, down from 4.7% in the same quarter last year Customers: 11,685, down from 11,727 in the previous quarter Annual Recurring Revenue: $837.2 million at quarter end, up 3.7% year on year Billings: $197.4 million at quarter end, up 7.3% year on year Market Capitalization: $1.54 billion Rapid7's first quarter results were shaped by continued momentum in its Detection and Response (D&R) business and ongoing challenges in its Risk and Exposure Management segment. CEO Corey Thomas highlighted that D&R now represents more than half of the company's annual recurring revenue, with mid-teens growth driven by customer demand for integrated threat detection and response solutions. Investments in automation and operational efficiency, including the new operations center in India, contributed to improved cost discipline. However, Thomas acknowledged that the Risk and Exposure Management business faced headwinds from a cautious spending environment, particularly among mid-market clients, and from delayed upgrade cycles in vulnerability management. The overall customer base remained stable, but the pace of upgrades and new deal closures in the risk segment lagged initial expectations, reflecting broader macroeconomic uncertainty. Looking forward, Rapid7's guidance reflects optimism in D&R's growth prospects but also caution due to variability in customer spending patterns. Management expects the D&R segment to remain the primary growth engine, supported by ongoing product innovation and expanded service offerings, especially for larger enterprise clients. However, Thomas warned that upgrades in the Risk and Exposure Management business could take longer to materialize, given current budget constraints in the mid-market segment. The company's revised outlook assumes continued resilience in D&R but incorporates a wider range of potential outcomes due to uncertain macroeconomic conditions. As Thomas stated, "We are seeing even though it may take a little bit longer, the D&R projects are closing. Now people want to make sure they get great value for what they're getting, but those D&R deals are closing and moving forward." Management attributed first quarter performance to strong demand in Detection and Response, while acknowledging delayed upgrades and spending caution in Risk and Exposure Management. Detection and Response drives growth: The company's Detection and Response platform, including Managed Detection and Response (MDR) and XDR capabilities, remained the largest and fastest-growing segment. Management cited persistent demand for integrated security solutions as organizations seek to manage complex and expanding threat landscapes more efficiently. Exposure Management upgrade cycle slow: The transition from standalone vulnerability management to the integrated Exposure Management platform progressed slower than anticipated. Management explained that many mid-market customers faced budget constraints, resulting in longer deal cycles and delayed upgrades. The company is refining packaging and pricing and working closely with partners to accelerate adoption. Operational efficiency initiatives: Rapid7 continued to invest in cost optimization, highlighting the ramp-up of its new operations center in India. This facility is intended to enhance service delivery at lower cost, particularly as international demand grows. CFO Tim Adams noted these efficiency measures helped deliver profitability above the guided range for the quarter. Macroeconomic headwinds: Management emphasized that budget scrutiny and delayed decision-making were particularly pronounced among mid-market and resource-constrained customers in sectors such as healthcare, education, and state and local government. In contrast, larger enterprise and regulated industries showed more stable demand. Product innovation and integration: The launch of the Intelligence Hub and enhancements to cloud security capabilities (CNAPP) were positioned as key differentiators. Management believes these investments will help drive future growth in both core D&R and Exposure Management businesses by offering unified risk insights and streamlined remediation workflows. Rapid7's updated outlook centers on ongoing D&R momentum, while recognizing that risk platform upgrades and macroeconomic pressures may limit near-term growth. D&R as primary growth engine: Management expects continued demand for Detection and Response services, especially among large enterprises seeking scalable managed security. The recently launched enterprise MDR (Managed Detection and Response) solution is anticipated to expand the company's reach into complex customer environments. Upgrade cycle in Exposure Management: The pace of migrating customers from legacy vulnerability management to the Exposure Management platform remains a central variable. Management noted that accelerating this transition could drive upside, but acknowledged that mid-market budget limitations and elongated sales cycles may continue to dampen progress in the near term. Operational discipline and international expansion: The company plans to prioritize investments in areas with higher growth potential, such as international markets and automation. The operations center in India is expected to contribute to both service delivery efficiency and improved margins, while investments in AI and automation are intended to support scalable, profitable growth even as market conditions remain uncertain. In the coming quarters, the StockStory team will be monitoring (1) the pace and scale of upgrades from vulnerability management to the integrated Exposure Management platform; (2) continued momentum and customer wins in Detection and Response, especially among larger enterprises; and (3) the impact of operational initiatives, including the India operations center, on cost structure and service delivery. Additionally, we will watch for evidence that new product launches and international expansion contribute meaningfully to growth. Rapid7 currently trades at a forward price-to-sales ratio of 1.8×. Should you double down or take your chips? Find out in our full research report (it's free). Donald Trump's victory in the 2024 U.S. Presidential Election sent major indices to all-time highs, but stocks have retraced as investors debate the health of the economy and the potential impact of tariffs. While this leaves much uncertainty around 2025, a few companies are poised for long-term gains regardless of the political or macroeconomic climate, like our Top 5 Growth Stocks for this month. This is a curated list of our High Quality stocks that have generated a market-beating return of 183% over the last five years (as of March 31st 2025). Stocks that made our list in 2020 include now familiar names such as Nvidia (+1,545% between March 2020 and March 2025) as well as under-the-radar businesses like the once-micro-cap company Kadant (+351% five-year return). Find your next big winner with StockStory today. Sign in to access your portfolio
Techday NZ
28-05-2025
- Business
- Techday NZ
Check Point to acquire Veriti, boosting threat management suite
Check Point Software Technologies has entered into a definitive agreement to acquire Veriti Cybersecurity, expanding its offering in threat exposure and risk management. The acquisition aims to strengthen Check Point's Infinity Platform with Veriti's automated, multi-vendor platform for pre-emptive threat exposure and mitigation. Veriti is recognised for introducing pre-emptive exposure management that delivers automated remediation of threat exposure risks across more than 70 security vendors, without disrupting ongoing operations. Nadav Zafrir, Chief Executive Officer at Check Point Software Technologies, said, "The acquisition of Veriti marks a significant step toward realising our hybrid mesh security vision. It strengthens the Infinity Platform's open-garden approach, enabling seamless, multi-vendor remediation across the entire security stack. With Veriti, we're advancing preemptive, prevention-first security – an imperative in today's AI-driven threat landscape." The announcement addresses the growing challenge of AI-enabled cyber attacks and the complexities brought about by hyperconnected IT environments in modern enterprises. As organisations distribute their assets across clouds, datacentres, and endpoints, the risk of cyber attacks grows due to an expanded attack surface. Traditional reactive security methods are considered inadequate to address these increased risks effectively. Veriti's platform continuously identifies, prioritises, and remediates risk in multi-vendor security environments through automated patching and collaborative threat intelligence. The company, founded in 2021, has pioneered the Preemptive Exposure Management (PEM) category by actively discovering and mitigating risks that can be hidden in gaps between disparate security tools. The technology continuously monitors logs, threat indicators, and vulnerabilities present in an organisation's environment, and then coordinates protections in real time. Its integrations cover more than 70 security vendors, enabling security teams to detect and prevent attacks promptly without business disruption. Veriti's core capabilities to be integrated into the Check Point Infinity Platform include automated, cross-vendor virtual patching, which instantly applies non-disruptive protections based on vulnerabilities identified by security platforms such as CrowdStrike, Tenable, and Rapid7. This approach can reduce patching time from several weeks to a matter of minutes. The platform also enables real-time threat intelligence enforcement by verifying threat indicators from any connected tool, and orchestrating automated protection across firewalls, endpoints, web application firewalls, and cloud platforms. This coordination is designed to improve response times and effectiveness in multi-vendor security scenarios. An additional aspect of Veriti's offering is its seamless integration with existing environments through an API-based architecture, which does not require software agents or cause operational disruptions. The platform is compatible with more than 70 security vendors and supports a wide ecosystem. Veriti also extends its synergy with Wiz by ingesting Wiz's cloud exposure insights, such as information on unpatched servers or applications, and enables safe, automated virtual patching via Check Point or other vendors' network gateways. The platform's context-aware remediation analyses an organisation's exposures, configurations, and existing protections to apply appropriate controls in a manner that does not impair operations. Adi Ikan, Chief Executive Officer and co-founder of Veriti, said, "Security teams today suffer from a lack of action: exposures aren't just detected, they're compounding, hiding in the gaps between tools, teams, and timelines." He added, "We founded Veriti to help organisations not just see risk, but remediate it safely, at scale, and most importantly - without disruption." By joining Check Point, we're accelerating that mission. Together, we'll help organisations reduce their exposure faster through the security tools they already trust." Upon completion of the transaction, Veriti's capabilities will be incorporated into Check Point's Infinity Platform as part of its Threat Exposure and Risk Management suite. Combined with Check Point's recent External Risk Management solution, Veriti enhances the company's ability to address internal and external exposures across the complete enterprise attack surface. The finalisation of the acquisition is subject to customary closing conditions and is expected by the end of the second quarter of 2025.
Channel Post MEA
28-05-2025
- Business
- Channel Post MEA
Check Point Acquires Veriti
AI-fueled attacks and hyperconnected IT environments have made threat exposure one of the most urgent cybersecurity challenges facing enterprises today. In response, Check Point Software Technologies has announced a definitive agreement to acquire Veriti Cybersecurity, the first fully automated, multi-vendor pre-emptive threat exposure and mitigation platform. 'The acquisition of Veriti marks a significant step toward realizing our hybrid mesh security vision,' said Nadav Zafrir, CEO at Check Point Software Technologies. 'It strengthens the Infinity Platform's open-garden approach, enabling seamless, multi-vendor remediation across the entire security stack. With Veriti, we're advancing preemptive, prevention-first security – an imperative in today's AI-driven threat landscape.' AI has brought cyber security to a tipping point, enabling the launch of attacks at scale. At the same time, enterprises are hyperconnected, with assets spread across clouds, datacenters, and endpoints, vastly expanding their attack surface. Traditional reactive security is too slow. Veriti continuously identifies, prioritizes, and remediates risk across your multi-vendor environment through automated patching and collaborative threat intelligence, all without disrupting business. Founded in 2021, Veriti pioneered the Preemptive Exposure Management (PEM) category—actively discovering and mitigating risks across siloed tools. Veriti continuously monitors logs, threat indicators, and vulnerabilities identified across the environment and propagates protections in real time. With integrations into over 70 vendors, it empowers security teams to detect, understand, and prevent attacks without delay. Core capabilities Veriti brings to the Check Point Infinity Platform: Automated, cross-vendor virtual patching: Veriti instantly applies risk-free, non-disruptive protections across dozens of third-party tools, based on vulnerabilities identified by platforms like CrowdStrike, Tenable, and Rapid7, dramatically reducing patching time from weeks to minutes. Veriti instantly applies risk-free, non-disruptive protections across dozens of third-party tools, based on vulnerabilities identified by platforms like CrowdStrike, Tenable, and Rapid7, dramatically reducing patching time from weeks to minutes. Real-time threat intelligence enforcement: Veriti verifies threat indicators from any connected tool and automatically orchestrates protection across firewalls, endpoints, WAFs, and cloud platform, enabling fast, coordinated, multi-vendor threat response. Veriti verifies threat indicators from any connected tool and automatically orchestrates protection across firewalls, endpoints, WAFs, and cloud platform, enabling fast, coordinated, multi-vendor threat response. Seamless integration with 70+ security vendors: Built with a fully API-based architecture, Veriti integrates into existing environments without agents or disruption, supporting the broadest security ecosystem in the market. Built with a fully API-based architecture, Veriti integrates into existing environments without agents or disruption, supporting the broadest security ecosystem in the market. Stronger synergy with Wiz: Veriti ingests Wiz's cloud exposure insights, such as vulnerable, unpatched cloud servers or applications, and enables automatic, safe virtual patching of those assets through Check Point gateways (and other vendors' as well), enhancing Check Point's ability to execute on its strategic partnership with Wiz. Veriti ingests Wiz's cloud exposure insights, such as vulnerable, unpatched cloud servers or applications, and enables automatic, safe virtual patching of those assets through Check Point gateways (and other vendors' as well), enhancing Check Point's ability to execute on its strategic partnership with Wiz. Safe, context-aware remediation: Veriti analyzes each customer's environment, including exposures, configurations, and existing protections, to apply the right controls safely, and without operational impact. 'Security teams today suffer from a lack of action: exposures aren't just detected, they're compounding, hiding in the gaps between tools, teams, and timelines,' said Adi Ikan, CEO and co-founder of Veriti. 'We founded Veriti to help organizations not just see risk, but remediate it safely, at scale, and most importantly – without disruption. By joining Check Point, we're accelerating that mission. Together, we'll help organizations reduce their exposure faster through the security tools they already trust.' Following the closure of the transaction, Veriti's capabilities will be integrated into the Check Point Infinity Platform as part of the Threat Exposure and Risk Management offering. Combined with the recently added External Risk Management (ERM) solution, Veriti enhances Check Point's ability to deliver complete risk lifecycle coverage—proactively managing both internal and external exposures across the entire attack surface. The closing of the transaction is subject to the customary closing conditions and is expected to occur by the end of Q2 2025. 0 0
