Security Experts:

Rapid 7 Prepares for IPO

Rapid7, a Boston, Mass.-based provider of security analytics software and services, has filed an S-1 registration statement with the Securities and Exchange Commission (SEC) for a proposed initial public offering (IPO) of its common stock.

According the S-1, filed last week, the company is looking to raise roughly $80 million in an IPO.

Corey Thomas, president and CEO of Rapid7, told SecurityWeek in late 2014 that an IPO for a company like Rapid7 would be a natural progression. Apparently the company believes that the time is right to tap public capital markets.

The filing disclosed financials, showing that the company had revenues increase from $31.0 million in 2011 to $76.9 million in 2014, representing a 35% compound annual growth rate. The company’s Q1 2015 revenue totaled $23.6 million, an increase of 41% from 2014.

Rapid7 Logo

While the company is growing quickly, it is not profitable and showed a net loss of $32.6 million last year.

Best known for its Metasploit penetration testing products, which the company gained through its 2009 acquisition of the open source Metasploit Framework, Rapid7 has expand its security software and services significantly in recent years.

In the S-1 filing, Rapid7 expressed concern over The Wassenaar Arrangement, which focuses on export controls for conventional arms and dual-use goods and technologies. There is currently an effort underway to impose additional restrictions on “intrusion software” as part of the Wassenaar Arrangement , which Rapid7 said may encompass its commercial Metasploit products.

“The proposed rule would establish an export license requirement for “intrusion software” and surveillance items for all countries other than the United States and Canada,” the filing noted. “Such proposed modifications to the export regulations applicable to our products could put us at a disadvantage in competing for international sales compared to companies located outside of the United States that would not be subject to these licensing, approval and other requirements. We are evaluating the potential implications of the Wassenaar Arrangement on the commercial versions of Metasploit and plan to submit comments to BIS regarding the proposed rule, which remains subject to public comment, is not currently in effect and may undergo substantial modification before it becomes effective.”

Last month, Rapid7 announced that it had acquired application security testing company NT OBJECTives (NTO), the first acquisition since it acquired Seattle-based Mobilisafe in Oct. 2012 to add mobile security offerings to its security product portfolio.

Rapid7 has raised over $93 million in funding to date, including a $50 million round November 2011, and $30 million in December 2014. In 2014, the company moved into a new 46,000 sq. foot headquarters in Boston’s Financial District.

As of March 31, 2015, Rapid had 554 full-time employees, including 117 in product delivery and support, 245 in sales and marketing, 119 in research and development.

News of the IPO filing came days before the company kicked off its annual UNITED Security Summit, taking place this week in Boston. 

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.