In 2016, 500 million Yahoo users had their accounts breached and more than 700 current and former Snapchat workers had their personal information stolen when hackers used a phishing scam on an employee.
These types of security breaches are what Boston-based security startup Rapid7 hopes to prevent.
Founded in 2000, Rapid7 was created to help companies find and fix their vulnerabilities while catching suspicious activity on their networks months before they’d notice it otherwise.
While there are dozens of security startups, what makes Rapid7 unique is its product suite, which can identify vulnerabilities across the entire IT environment of network, hardware, software, web and database components.
We caught up with Lee Weiner (pictured below), Rapid7’s chief product officer to learn more about his role and the technology powering the company’s security tools.
Tell us about your role at Rapid7.
My current role is to oversee the strategy, execution and delivery of our products across our portfolio. The way we think about product development at Rapid7 is an integrated approach around market dynamics, so we use a group of product strategists, UX designers, engineers, developers and cloud operations folks to help clients with services. This allows us to think about our products much more holistically and to build more relevant products and solutions for our customers.
What's a typical day like for you?
Typically I focus a lot on how to create an environment for our employees to communicate collaboratively, execute and make decisions. I do a good amount of strategy work, thinking about how we invest our product resources and I spend a good amount of time talking to customers of varying size and type on a frequent basis. I do on-site visits a decent amount as well.
Why did you want to join Rapid7?
Here, we have a very focused effort on addressing a very broad set of customers; we’re not just focused on large companies, but the market at large. We also contribute to research in the community, and we’re supporters of open source software, which made me want to come here. And of course the people at Rapid7 have a tremendous amount of passion for what they do here and for the industry as a whole.
Tell me about Rapid7’s core products.
We really help customers today solve and answer three key questions — ‘Am I vulnerable? Where are those vulnerabilities and how do I remediate them?’ The second one is, ‘Have my users been compromised and has a breach taken place?’ And the third question is, ‘Is my infrastructure and IT team optimized?’ We answer all of these questions, and we’ve evolved as a company over the last 10 years to get to this place.
How have Rapid7’s products evolved over time?
The typical employee uses all kinds of technology every day — messaging tech, email tech, apps — on multiple devices. If you think about that from an IT and security perspective, that’s really challenging. The things making our jobs easier are making their jobs harder. And the only way to manage it is by collecting a lot of info.
You used to have to deploy a lot of technology but today you can deploy cloud tech. So we deployed an insight platform, which is cloud-based technology that allows us and our customers to collect a lot of data and secure and manage it in the cloud. This allows our customers to analyze it and we can provide results from that.
In 2012, we started building models of analytics to decide whether someone’s behavior in a system was good or bad and released additional products to support that in 2014 and 2015. What we’ve evolved to is finding ways of using software and solutions to allow resource-constrained security teams to get their jobs done.
What makes Rapid7’s products unique in the cybersecurity world?
I think the big difference is that we make it very easy for you to collect security data so that you don’t have to be burdened by it. We collect data from the endpoint to the cloud, then integrate and implement that data for you. By giving companies better technology and user experience, they don’t have to invest as much in people.
What is your biggest accomplishment at Rapid7?
I think it’s really about evolving the products and the platform in our offering, which we’ve done quite dramatically in the last five years. That’s a testament to the team we’ve hired and developed.
Are there any emerging trends you’ve noticed in cybersecurity products?
We do a lot of research here on the connected devices that are continuing to grow, whether that means appliances like light bulbs, to your kids’ toys. Our connectivity to the internet is great for consumer but creates a lot of risk and opportunities for attackers to leverage. Enterprises are starting to use connected devices as well, so it will be interesting to see how security companies will deal with this, and how manufacturers of connected devices will build more secure solutions.
What is the hardest part of your job?
The great thing about working in the security space from a product development standpoint is that we have to make our users’ lives easier but we also have to think about what attackers are doing and what they’re thinking about doing next. If you’re in the space of managing risk and defending companies from cybersecurity attacks, you’re always going to be challenged but that’s what makes it fun and intellectually stimulating.
Photos via Built In