We’re excited to announce our new investment in Rumble, a rapidly growing network and asset discovery company which enables organizations of any size to find all of their networked devices in both cloud and physical environments. Rumble is fast, easy to use, and creates an accurate view of what is known and unknown in any company without requiring credentials, agents, or access to SPAN ports. We were struck by how simple it was for users to build a comprehensive view of their local and cloud assets–one of the most important initiatives for protecting and managing a dynamically changing workforce and computing environment.
Rumble was founded by serial entrepreneur HD Moore, a renowned security researcher who previously started the open-source project Metasploit, the most widely used platform for penetration testing and exploit development today. In 2009, Metasploit was acquired by Rapid7 where he built out the Metasploit Pro product line, opened the Austin office of Rapid7, and served as the company’s Chief Research Officer. During his tenure there, he met Chris Kirsch, now his co-founder and Rumble’s Chief Revenue Officer. We are excited to share our Q&A with the founders here:
HD: I fell in love with computers in elementary school. I used to sneak into the computer lab before school started and teach myself how to code on the Apple IIe systems. By high school, most of my friends were on IRC and I had developed a reputation for building security tools and finding vulnerabilities.
HD: Exploits started to become commercially important in the early 2000s. This had two effects; first that the community stopped sharing quite as much, and second that the software industry rallied to make publishing exploits and vulnerability research as difficult as possible. Metasploit was my response to that; I needed high-quality exploits to use at work and the industry push-back only motivated me to do more, faster, to ensure that exploits were regarded as legitimate security tools. Open-source was the best way to collaborate with the wider security community and make sure folks could trust our exploit code.
Chris: It was clear from the beginning that Metasploit was a movement, and HD had done an amazing job of putting the community first. Our users were nervous that Rapid7 would close-source the product. We were fortunate that Rapid7 was committed to an open core strategy with a lot of community involvement. During the four years we worked together, we grew contributors by 20x and cost-effectively scaled revenue 50x through a freemium model.
HD: A recurring challenge with security assessments and security product development is identifying what to test in the first place. The most vulnerable assets tend to be the ones that you don’t know about or can’t see. When you are defending an organization, you are almost always relying on out-of-date information. Most of the tools used for asset discovery are based on protocols that are decades old and rely on enterprise-wide implementation. Some of these tools actually hand attackers credentials as part of how they work. These approaches are out of date and we wanted to create a modern solution that is easy to use and simple to deploy so everyone can see what is on the network in real-time. To do this, we had to rethink the entire discovery stack from scratch to make it scalable, fast, and accurate.
Chris: I have to give HD a lot of credit - from the beginning he was focused on how to make trying and using Rumble simple and frictionless for the end user. Similarly to Metasploit, our go-to-market model is driven by free tiers and self-driven trials. Small businesses up to 256 people can use our free tier. Companies larger than that can try Rumble for 21 days and then either swipe a credit card or get in touch with us with questions. Most people we talk to have already deployed Rumble before we even start a sales conversation. We haven’t had to do any sales outbounding so far, and have customers around the globe, from small family-owned businesses to a Fortune 5 company. The way people use Rumble changes a little depending on their size, but the product scales both up and down very well. For example, larger companies will feed the data into Splunk and ServiceNow, while smaller ones work directly within the console. We have scale to more than 100 customers without hiring a single sales rep or spending any money on marketing. We are focusing on widespread adoption and user success and will continue to invest most of our energy in having the best product in this space.
HD: Our world is getting more connected through cloud services, and we’re adding more networked devices to our homes, offices, stores, factories than ever before. Knowing what you are connected to, and what is connecting to you, is the single most important question for every IT and security organization large or small. We want to be the best at answering these questions, no matter who or where you are in the world. This problem will never grow old and will only get harder as things become more complex – we’re excited to share more from Rumble soon.