Rapid7 Inc. has acquired Noetic Cyber Inc., a startup with a platform for detecting vulnerabilities in enterprise networks.

The companies announced the deal on Monday. The acquisition comes amid reports that an activist investor is pushing Rapid7 to explore a sale. The investor, Jana Partners, last week disclosed that it had acquired a “significant” stake in the cybersecurity provider.

Nasdaq-listed Rapid7 provides a suite of software products that companies use to detect and block hacking attempts. One product, InsightAppSec, can launch simulated cyberattacks against an application to find vulnerabilities. Rapid7 also sells tools for related tasks such as investigating breaches.

Noetic, meanwhile, is a Boston-based cybersecurity startup backed by about $20 million in funding. Its flagship product is a platform that can automatically map out the devices in a company’s network and scan them for vulnerabilities. It then prioritizes those vulnerabilities based on their severity.

Noetic obtains data about the devices in a company’s network from the other cybersecurity tools used by its information technology team. Those tools collect a significant amount of telemetry while scanning for breach attempts. By analyzing that telemetry, Noetic can create an inventory of the servers, workstations and other systems on the corporate network.

The company says its platform also identifies gaps in the collected data. The software could, for example, detect if a company doesn’t actively monitor the security settings of a certain server. The fewer potential vulnerabilities go unnoticed, the more difficult it becomes for hackers to launch cyberattacks.

Noetic customers can create automation workflows to speed up certain cybersecurity tasks. According to the company, user-defined workflows can notify the IT team when a particularly urgent vulnerability is detected. Noetic’s platform also makes it possible to automate more advanced tasks such as downloading security patches.

Rapid7 offers two products, InsightConnect and InsightVM, that provide a similar set of features. They can map out the assets in a company’s technology environment and scan them for vulnerabilities. InsightConnect is designed for use in the cloud while InsightVM focuses mainly on securing on-premises hardware.

“Rapid7 customers will now be able to better prioritize exposures based on the meaningful insights from Noetic and take action to identify security gaps and reduce cyber risk,” said Noetic co-founder and Chief Executive Officer Paul Ayers.

Rapid7 expects to close the acquisition of Noetic before Sept. 30, the day its current fiscal quarter ends. It will make the startup’s technology available to customers this summer. The deal is not expected to affect Rapid7’s annual recurring revenue materially.

The cybersecurity provider generated $205 million in sales last quarter, 12% more than the same time a year earlier. The company expects to end its 2024 fiscal year with annual recurring revenue of $850 million to $860 million.

Photo: Rapid7