Rapid7 > 实例探究 > New Mexico Department of Game and Fish Relies on Rapid7 Nexpose for Selling Customer Licenses, Maintaining PCI Compliance

New Mexico Department of Game and Fish Relies on Rapid7 Nexpose for Selling Customer Licenses, Maintaining PCI Compliance

Rapid7 Logo
公司规模
Mid-size Company
地区
  • America
国家
  • United States
产品
  • Nexpose
  • Metasploit Pro
  • InsightIDR
技术栈
  • Nexpose
  • Metasploit Pro
  • InsightIDR
实施规模
  • Enterprise-wide Deployment
影响指标
  • Cost Savings
  • Customer Satisfaction
  • Productivity Improvements
技术
  • 网络安全和隐私 - 应用安全
  • 网络安全和隐私 - 网络安全
  • 网络安全和隐私 - 安全合规
适用功能
  • 商业运营
用例
  • 入侵检测系统
  • 监管合规监控
  • 远程资产管理
服务
  • 系统集成
  • 培训
关于客户
The State of New Mexico Department of Game and Fish is a government organization responsible for managing the state's wildlife resources and enforcing related laws. The department employs nearly 300 people, with a significant portion working in the field. The department's operations include selling hunting and fishing licenses to customers, which is a major revenue source, accounting for approximately two-thirds of its budget. The department's IT infrastructure was outdated, and it faced challenges in securely managing its web application for license sales and achieving PCI compliance. Russ Verbofsky, the Chief Information Officer, led the efforts to modernize the department's technology and improve its security posture.
挑战
Russ Verbofsky, the Chief Information Officer at the State of New Mexico Department of Game and Fish, faced significant challenges when he joined the organization. The department's technology infrastructure was outdated, and he had to replace almost every piece of hardware, including switches, routers, firewalls, and servers. With a small IT team of 14 people, half of whom were on the help desk and the other half in application development and database administration, Russ had to support nearly 300 employees across the state. A quarter of these employees worked in the field and connected to the network via VPN, adding complexity to the task. Additionally, the department needed to securely manage its web application for selling hunting and fishing licenses, which accounted for two-thirds of its budget. Another critical requirement was achieving PCI compliance, as credit card information had never been processed through the PCI perspective before. This compliance needed to be achieved across 36 different state agencies.
解决方案
To address the challenges, Russ Verbofsky selected Rapid7's Nexpose for vulnerability management. Nexpose was chosen for its intuitive interface and ease of use, allowing Russ to quickly set up and run scans. The tool helped the department reduce critical vulnerabilities from 130-200 to nearly zero within a year. Nexpose's ability to run full auditing scans and prioritize vulnerabilities was particularly valuable, as was its Top Remediations Report. Russ set up auto scans to run monthly and conducted additional manual scans for major releases. The PCI template within Nexpose was used for internal scans to ensure PCI compliance. After the success with Nexpose, Russ added Metasploit Pro for web application penetration testing, which was previously outsourced. The Rapid7 Metasploit 101 training class enabled Russ to insource penetration testing. Metasploit provided cost savings and flexibility, allowing Russ to test major changes before production. Additionally, Russ purchased InsightIDR to gain insights into user behavior across all endpoints, which was crucial for managing incident detection and response, especially with many employees accessing the network via VPN.
运营影响
  • Nexpose significantly reduced the number of critical vulnerabilities, enhancing the department's security posture.
  • The tool's intuitive interface and pre-built templates saved time and effort in setting up and running scans.
  • Metasploit Pro enabled the department to insource web application penetration testing, reducing costs and increasing flexibility.
  • InsightIDR provided valuable insights into user behavior, aiding in incident detection and response.
  • Rapid7's support was highly efficient, resolving issues quickly and ensuring continuous improvement in the department's security program.
数量效益
  • Reduced critical vulnerabilities from 130-200 to nearly zero within a year.
  • Achieved PCI compliance across 36 different state agencies.
  • Cost savings from insourcing web application penetration testing with Metasploit Pro.

Case Study missing?

Start adding your own!

Register with your work email and create a new case study profile for your business.

Add New Record

相关案例.

联系我们

欢迎与我们交流!
* Required
* Required
* Required
* Invalid email address
提交此表单,即表示您同意 IoT ONE 可以与您联系并分享洞察和营销信息。
不,谢谢,我不想收到来自 IoT ONE 的任何营销电子邮件。
提交

感谢您的信息!
我们会很快与你取得联系。