Rapid7 > 实例探究 > Vulnerability Management assists with compliance for Hillsborough County

Vulnerability Management assists with compliance for Hillsborough County

Rapid7 Logo
公司规模
Large Corporate
地区
  • America
国家
  • United States
产品
  • Rapid7 Nexpose
技术栈
  • Network Intrusion Prevention
  • Patch Management
  • Security Information Management
  • Policy Compliance
  • Vulnerability Assessment
实施规模
  • Enterprise-wide Deployment
影响指标
  • Cost Savings
  • Customer Satisfaction
  • Productivity Improvements
技术
  • 网络安全和隐私 - 网络安全
  • 网络安全和隐私 - 安全合规
适用功能
  • 商业运营
服务
  • 系统集成
  • 培训
关于客户
Hillsborough County, situated midway along the west coast of Florida, includes the city of Tampa as its county seat. The County’s IT Services (ITS) department provides technology integration and support services to approximately 4,200 clients at over 100 administrative sites. To improve manageability of this large network infrastructure the Hillsborough County ITS team identified five key security and administrative initiatives for 2005. This project encompassed selecting a set of security technologies to ensure compliance with HIPAA regulations, security policies and standards based on ISO17799, and audit findings. Technology implemented in 2005 included network intrusion prevention, patch management, security information management, policy compliance and vulnerability assessment. Facilitating network security and complying with HIPAA regulations lead the County’s Information Security team to Rapid7 and Nexpose.
挑战
Before Hillsborough County acquired a vulnerability management solution, ensuring that their over 250 servers were secure and compliant proved difficult for ITS’ team of three security engineers. The County’s process was to contract with outside vendors to run periodic vulnerability assessment scans. With new security requirements increasing the need for more frequent auditing, they needed an in-house solution. The County’s security engineers required detailed reports that identified vulnerabilities to be remedied before they could pose substantial risk to the network environment. To evaluate vulnerability management solutions, ITS defined a set of technical requirements against which to measure selected vulnerability assessment scanners. The desired solution would need the ability to perform stealth scans, schedule routine scans, support multiple platforms including Windows and Linux, scan multiple platforms, applications and devices, support unauthenticated and authenticated scans, scan all systems without installing an agent, perform incremental scans, and provide future support for wireless protocols.
解决方案
After testing several vulnerability assessment products, Hillsborough County selected Nexpose. David Rippel, a senior security engineer for Hillsborough County ITS, led the process for selecting the software. He states, “Our customers ultimately are the taxpayers of Hillsborough County. Any tool that assists us in better protecting our information assets and frees up available staff hours helps us to keep operating costs low and ensures that we are providing quality service to the citizens.” After a thorough evaluation and selection process, the County purchased Rapid7’s system stating that Nexpose is the most accurate at operating system detection. Nexpose is able to enumerate exact software revisions and minor version numbers. This is critical to reducing the number of false positives in a penetration test. Nexpose provides comprehensive reporting. Scan results are organized for the types of reports and analysis customers need, including a management summary, trend analysis and detailed remediation reports. The Remediation Report has step-by-step directions that provide system administrators information on how to resolve a specific security issue and an estimated duration of how long the work will take. Nexpose is intuitive and easy to use such that our security engineers were immediately productive with the Nexpose web-based user interface. It’s a more natural end-user experience compared to other products and has clearly defined steps for setting up and running a scan. Nexpose offers flexible licensing based on IP address and supports both the Windows and Linux platforms. Clients are not bound to using unfamiliar hardware found in similar appliance-based products.
运营影响
  • Hillsborough County currently uses Nexpose to audit 254 hosts from three scan engines. “Installing the product is a snap,” said David. “Deployment options are flexible including support for multiple operating systems and distributed scan engines. The web-based user interface makes it easy to support scanning from a remote office. Nexpose has given us the foundation we needed to build a strong vulnerability assessment practice.”
  • Nexpose has already shown a return on Hillsborough County’s initial investment. According to David, “Being proactive about identifying vulnerabilities in our computing infrastructure equates to reduced potential downtime of mission-critical services that we provide for the public. Not having to commit countless staff hours to penetration testing enables us to employ a smaller staff than our peers, based on an administrator to server ratio, which helps to keep operating costs low.”
数量效益
  • 254 hosts scanned from 3 scan engines

Case Study missing?

Start adding your own!

Register with your work email and create a new case study profile for your business.

Add New Record

联系我们

欢迎与我们交流!
* Required
* Required
* Required
* Invalid email address
提交此表单,即表示您同意 IoT ONE 可以与您联系并分享洞察和营销信息。
不,谢谢,我不想收到来自 IoT ONE 的任何营销电子邮件。
提交

感谢您的信息!
我们会很快与你取得联系。