Nexpose Busts Security Violations at Redflex Traffic Systems
Customer Company Size
Large Corporate
Region
- America
Country
- United States
Product
- Rapid7 Nexpose Enterprise Edition
- Metasploit
Tech Stack
- Vulnerability Scanning
- Exploit Identification
- Automated Exploitation
Implementation Scale
- Enterprise-wide Deployment
Impact Metrics
- Cost Savings
- Customer Satisfaction
- Productivity Improvements
- Digital Expertise
Technology Category
- Cybersecurity & Privacy - Network Security
- Cybersecurity & Privacy - Endpoint Security
- Cybersecurity & Privacy - Security Compliance
Applicable Industries
- Security & Public Safety
- Transportation
Applicable Functions
- Business Operation
- Quality Assurance
Use Cases
- Intrusion Detection Systems
- Regulatory Compliance Monitoring
- Remote Asset Management
Services
- System Integration
- Cybersecurity Services
- Training
About The Customer
Redflex Traffic Systems, Inc. is the longest consistently operating company in the growing road-safety camera industry in the United States, with more than 20 years of experience partnering with cities to make an impact on dangerous driving behaviors. Redflex technology has proven its impact on U.S. public safety. Its road safety cameras have helped create safer communities. Rates of running stop signs, red lights, and railroad crossings—and subsequent accidents—drop significantly when people know they might get a ticket. Advanced license-plate reading technology cross checks numbers against police databases and alerts law enforcement when matches occur. Redflex video is also valid evidence for court proceedings. The heart of the Redflex solution is a high-end database that receives and processes all traffic video through secure connections. The system identifies violations and, with client approval, generates tickets and mails them to violators. Because Redflex passes financial transactions to processing institutions, its systems must pass SAS 70 audits and comply with data protection standards such as Payment Card Industry Data Security Standard (PCI DSS) to avoid fines. The data center also includes a range of standard business applications on a mix of Windows and Unix servers.
The Challenge
When Eric Nooden joined Redflex as Information Security Specialist, he found many out-of-date server operating systems. Because system stability was a priority with Redflex proprietary solutions, no one wanted to risk outages. The systems administrators were nervous about patching servers, fearing they might break them. The Redflex team had multilayer security in place, with firewalls, anti-virus software, and other technologies, but no dedicated security personnel to manage them. The undermanaged security posture was more reactive than proactive, and Nooden joined Redflex to change that. Additionally, because Redflex passes financial transactions to processing institutions, its systems must pass SAS 70 audits and comply with data protection standards such as Payment Card Industry Data Security Standard (PCI DSS) to avoid fines.
The Solution
Among the solutions Nooden inherited were vulnerability-scanning systems from three vendors. One of these systems was a Rapid7 Nexpose Enterprise Edition appliance. Nooden put it to work, performing a system-wide scan across all databases, Web servers, network components, and user computers. Nexpose scans for more than 14,000 vulnerabilities and performs about 54,500 checks to locate and identify threats and assess their risk to the environment. Integration with Metasploit provides remote scan control, exploit identification, and automated exploitation functionality. The scan report uses SANS guidelines to rank potential vulnerabilities according to severity, helping Nooden to prioritize tasks. The report also includes step-by-step procedures for effective remediation. Initial Nexpose scans found default passwords in many devices, especially in the network, identified easily exploitable vulnerabilities in unpatched server operating systems, and gave step-by-step plans to quickly address them. Nooden says the Nexpose user interface is highly intuitive and the reports are comprehensive. “It’s so straightforward, I didn’t need any formal training,” he says. But he hired a Rapid7 Professional Services consultant to teach him how to fine-tune configurations to look for specific information. Nooden uses Nexpose to scan critical systems daily and others weekly or monthly. He relies upon the information in scan reports to issue change requests with the appropriate server, network, and desktop administrators and track when vulnerabilities are fixed. Rapid7 Technical Support resolves his questions quickly, often within a few minutes.
Operational Impact
Quantitative Benefit
Case Study missing?
Start adding your own!
Register with your work email and create a new case study profile for your business.
Related Case Studies.
Case Study
Airport SCADA Systems Improve Service Levels
Modern airports are one of the busiest environments on Earth and rely on process automation equipment to ensure service operators achieve their KPIs. Increasingly airport SCADA systems are being used to control all aspects of the operation and associated facilities. This is because unplanned system downtime can cost dearly, both in terms of reduced revenues and the associated loss of customer satisfaction due to inevitable travel inconvenience and disruption.
Case Study
IoT-based Fleet Intelligence Innovation
Speed to market is precious for DRVR, a rapidly growing start-up company. With a business model dependent on reliable mobile data, managers were spending their lives trying to negotiate data roaming deals with mobile network operators in different countries. And, even then, service quality was a constant concern.
Case Study
Digitize Railway with Deutsche Bahn
To reduce maintenance costs and delay-causing failures for Deutsche Bahn. They need manual measurements by a position measurement system based on custom-made MEMS sensor clusters, which allow autonomous and continuous monitoring with wireless data transmission and long battery. They were looking for data pre-processing solution in the sensor and machine learning algorithms in the cloud so as to detect critical wear.
Case Study
Cold Chain Transportation and Refrigerated Fleet Management System
1) Create a digital connected transportation solution to retrofit cold chain trailers with real-time tracking and controls. 2) Prevent multi-million dollar losses due to theft or spoilage. 3) Deliver a digital chain-of-custody solution for door to door load monitoring and security. 4) Provide a trusted multi-fleet solution in a single application with granular data and access controls.
Case Study
Vehicle Fleet Analytics
Organizations frequently implement a maintenance strategy for their fleets of vehicles using a combination of time and usage based maintenance schedules. While effective as a whole, time and usage based schedules do not take into account driving patterns, environmental factors, and sensors currently deployed within the vehicle measuring crank voltage, ignition voltage, and acceleration, all of which have a significant influence on the overall health of the vehicle.In a typical fleet, a large percentage of road calls are related to electrical failure, with battery failure being a common cause. Battery failures result in unmet service agreement levels and costly re-adjustment of scheduled to provide replacement vehicles. To reduce the impact of unplanned maintenance, the transportation logistics company was interested in a trial of C3 Vehicle Fleet Analytics.
Case Study
3M Gains Real-Time Insight with Cloud Solution
The company has a long track record of innovative technology solutions. For example, 3M helps its customers optimize parking operations by automating fee collection and other processes. To improve support for this rapidly expanding segment, 3M needed to automate its own data collection and reporting. The company had recently purchased the assets of parking, tolling, and automatic license plate reader businesses, and required better insight into these acquisitions. Chad Reed, Global Business Manager for 3M Parking Systems, says, “With thousands of installations across the world, we couldn’t keep track of our software and hardware deployments, which made it difficult to understand our market penetration.” 3M wanted a tracking application that sales staff could use to get real-time information about the type and location of 3M products in parking lots and garages. So that it could be used on-site with potential customers, the solution would have to provide access to data anytime, anywhere, and from an array of mobile devices. Jason Fox, Mobile Application Architect at 3M, upped the ante by volunteering to deliver the new app in one weekend. For Fox and his team, these requirements meant turning to the cloud instead of an on-premises datacenter. “My first thought was to go directly to the cloud because we needed to provide access not only to our salespeople, but to resellers who didn’t have access to our internal network,” says Fox. “The cloud just seemed like a logical choice.”
