Rapid7, a Boston-based security company has announced the acquisition of Mobilisafe, a Seattle-based mobile risk management (MRM) provider.
The combined companies can now leverage a combination of security, pen testing and mobile device security in an age when bring your own device (BYOD) has become a major technology trend.
"Our customers are concerned about the BYOD phenomenon plus the amount of malware and automated exploit kits that are targeting the users," said Corey Thomas, president of Rapid7. "We wanted to answer those customer concerns, and we needed to do that in a way that is easy to manage for customers. And, this team understands that you can't just address security issues, you have to do that in a way that the customer can manage and have it work in their environment. It's not just solving the problem. It's about how you solve the problem."
Because both companies are privately held, the terms of the transaction were not released.
Mobilisafe was founded in 2010 by CEO Giri Sreenivas and CTO Dirk Sigurdson, both of whom were executives at T-Mobile.
"Our product identifies which users in an organization are using a mobile device, and which mobile device they are using," explained Sreenivas. "And we do all this without any software that goes on the phone. There are no agents required for the solution to work. Then we do a risk assessment based on proprietary algorithms and map the vulnerabilities to the device configuration. We can then tell the administrator what vulnerabilities they need to be concerned with. I think that's what caught Rapid7's eye."
The product then uses a policy framework that enables companies to allow or deny access based on a trust score quantified on a scale of one to 10. "You can set policies, such as, 'Block all devices with good trust score below six.' That can be set by the administrator, but the administrator can also set other types of policies, as well," Sreenivas said.
The system can also determine which devices are running on outdated firmware, which usually translates to being susceptible to vulnerabilities. It can then send alerts to employees and give them a link to the necessary update. The policy can also be set up to block access to devices that are outdated for a given period of time.
Pricing is on a per-user basis, with introductory pricing starting at $24 per user per year for an annual contract commissioned by the end of the year.
"Rapid7 has a pretty broad channel ecosystem, and our partners were looking for us to provide more solutions," added Thomas. "You're going to see us take a more end-to-end approach to looking at risk."
Rapid7’s product line includes Nexpose and Metasploit, two security assessment and management tools.
PUBLISHED OCT. 9, 2012