Rapid7 Agrees to Acquire Cyber Asset Attack Surface Management Company, Noetic Cyber, to Give Customers More Comprehensive Visibility of Their Attack Surface

Boston, MA - July 1, 2024

Rapid7, Inc. (NASDAQ: RPD), a leader in extended risk and threat detection, today announced it has signed a definitive agreement to acquire Noetic Cyber, an innovator and a leader in cyber asset attack surface management (CAASM).

The addition of Noetic's CAASM solution to Rapid7's existing cybersecurity solutions will provide more comprehensive visibility of a customer's environment, including visibility into both internal and external assets, on-premise and in the cloud. With this, customers will be empowered to:

• More fully understand their attack surface with a high-context, inside-out view and an adversary aware, outside-in view to efficiently anticipate threats and manage risk
• Enable focused prioritization and fidelity with threat-aware context to recognize the most acute risk signals and exposures
• Drive better signal-to-noise across security teams by effectively and continually improving asset inventory and content to reduce risk and build resiliency with pragmatic remediation guidance and automation
• Create efficiency and productivity for security teams, giving them highly correlated asset and resource views along with searchable risk context

"Fragmented attack surface is stifling security productivity, efficiency, collaboration, and credibility," said Corey Thomas, chief executive officer, Rapid7. "The addition of Noetic's solution to our platform positions Rapid7 to deliver the most productive security operations experience while making it more accessible to the teams who need it most."

According to the 2024 Gartner® Innovation Insight: Attack Surface Management report, "only 17 percent of organizations can clearly identify and inventory a majority (95% or more) of their assets."¹

"The addition of Noetic Cyber to Rapid7's portfolio ensures even more security teams can be confident they have the right visibility of their security data," said Paul Ayers, chief executive officer and co-founder, Noetic Cyber. "Rapid7 customers will now be able to better prioritize exposures based on the meaningful insights from Noetic and take action to identify security gaps and reduce cyber risk."

Noetic Cyber was co-founded in 2019 by Paul Ayers, Allen Hadden, and Allen Rogers to empower security teams to command their attack surface. Noetic Cyber provides a proactive approach to cyber asset and exposure management, empowering security teams to see, understand, and fix their security posture and control drift. Noetic Cyber's goal has been to improve security tools and control efficacy by breaking down existing data silos enhancing the entire security ecosystem.

The acquisition of Noetic Cyber is expected to close during Rapid7's fiscal third quarter and is not expected to have a material impact on the Company's 2024 Annualized Recurring Revenue ("ARR").

Following the close of the transaction, Rapid7 is expected to make Noetic Cyber capabilities available to its customers this summer. To learn more about how Rapid7's acquisition of Noetic Cyber will benefit customers and to get notified as soon as the solution is available, visit https://www.rapid7.com/info/lp/request-caasm-demo/.

# # #

¹Gartner, Inc., Innovation Insight: Attack Surface Management, Mitchell Schneider et al, April 9, 2024

About Rapid7

Rapid7, Inc. (NASDAQ: RPD) is on a mission to create a safer digital world by making cybersecurity simpler and more accessible. We empower security professionals to manage a modern attack surface through our best-in-class technology, leading-edge research, and broad, strategic expertise. Rapid7's comprehensive security solutions help more than 11,000 global customers unite cloud risk management and threat detection to reduce attack surfaces and eliminate threats with speed and precision. For more information, visit our website, check out our blog, or follow us on LinkedIn or X.

Cautionary Language Concerning Forward-Looking Statements

This press release includes forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements include, but are not limited to, the statements regarding the benefits of the acquisition of Noetic Cyber Inc. ("Noetic Cyber"), the impact of the transaction on the Company's ARR for the year and timing of the contemplated closing. Our use of the words "anticipate," "believe," "estimate," "expect," "intend," "may," "will" and similar expressions are intended to identify forward-looking statements. The events described in our forward-looking statements are subject to a number of risks and uncertainties, assumptions and other factors that could cause actual results and the timing of certain events to differ materially from future results expressed or implied by the forward-looking statements. Risks that could cause or contribute to such differences include, but are not limited to, risks and uncertainties related to our pending acquisition of Noetic Cyber, including the failure to satisfy any or all of the closing conditions to the proposed transaction on a timely basis or at all; costs, expenses or difficulties related to the acquisition of Noetic Cyber, including the integration of Noetic Cyber's business; failure to realize the expected benefits and synergies of the proposed transaction in the expected timeframes or at all; failure to grow Noetic Cyber's business at historical rates or at all, or to expand its business geographically; the potential impact of the announcement, pendency or consummation of the proposed transaction on relationships with our and/or Noetic Cyber's employees, customers, suppliers and other business partners; the risk of litigation or regulatory actions to us and/or Noetic Cyber; inability to retain key personnel; changes in legislation or government regulations affecting us or Noetic Cyber. For additional information on other potential risks and uncertainties that could cause actual results to differ from the results predicted, please see our filings with the Securities and Exchange Commission (the "SEC"), including our most recent Annual Report on Form 10-K filed with the SEC on February 26, 2024, particularly in the section entitled "Item 1.A Risk Factors," and in the subsequent reports that we file with the SEC. Moreover, we operate in a very competitive and rapidly changing environment. New risks emerge from time to time. It is not possible for our management to predict all risks, nor can we assess the impact of all factors on our business or the extent to which any factor, or combination of factors, may cause actual results to differ materially from those expressed in any forward-looking statements we may make. Except as required by law, we undertake no obligation to update any forward-looking statements to reflect events or circumstances after the date of such statements. You should, therefore, not rely on these forward-looking statements as representing our views as of any date subsequent to the date of this press release.

Rapid7 Media Relations

Rapid7 Investor Relations

Public link

Please use the above public link if you want to share this noodl on another website.