Rapid7
Break down barriers, accelerate innovation, and securely advance.
Overview
|
HQ Location
United States
|
Year Founded
2000
|
Company Type
Public
|
Revenue
$100m-1b
|
|
Employees
1,001 - 10,000
|
Website
|
Company Description
Organizations around the globe rely on Rapid7 technology, services, and research to securely advance. The visibility, analytics, and automation delivered through our Insight cloud simplifies the complex and helps security teams reduce vulnerabilities, monitor for malicious behavior, investigate and shut down attacks, and automate routine tasks.
IoT Snapshot
Rapid7 is a provider of Industrial IoT infrastructure as a service (iaas), platform as a service (paas), analytics and modeling, and cybersecurity and privacy technologies, and also active in the healthcare and hospitals industries.
Technologies
Functional Areas
Industries
Services
Technology Stack
Rapid7’s Technology Stack maps Rapid7’s participation in the infrastructure as a service (iaas), platform as a service (paas), analytics and modeling, and cybersecurity and privacy IoT Technology stack.
-
Devices Layer
-
Edge Layer
-
Cloud Layer
-
Application Layer
-
Supporting Technologies
Technological Capability:
None
Minor
Moderate
Strong
Supplier missing?
Start adding your own!
Register with your work email and create a new supplier profile for your business.
Case Studies.
Case Study
Rapid7 Enables Qlik's Expanding Multi-Cloud Security and Compliance Strategy
Qlik, a leading data integration and analytics platform, was facing the challenge of expanding their cloud footprint while ensuring a cohesive, enterprise-level cloud security strategy. The company, which has grown significantly since its inception in 1993, was already using cloud services across various departments, including Research and Development (R&D) and Security teams. However, they recognized the need for holistic guidance to ensure the adequate protection of their cloud resources and data. As Qlik continued to grow as a Software as a Service (SaaS) technology provider, the use of cloud providers like Azure and Google Cloud Platform also expanded. The challenge was to maintain consistent control of their cloud environments and expand their cloud security best practices into these new environments.
Case Study
Experity's Security Operations Scaling with Rapid7 Managed Services
Experity, a dynamic Health Information Technology company, was formed from the merger of the two largest urgent care Electronic Medical Records (EMR) companies in the country. The merger led to a rapid expansion of personnel, office locations, software, and services, creating unique challenges for the security team. The team was tasked with protecting the company from loss events of any kind, requiring business continuity and standardization. The small security team was overwhelmed with the task of managing security operations and building resilience in their security program. The company's growth also meant that the security team needed a platform to vet alerts from the increasing number of employees and contractors. The existing Managed Detection and Response (MDR) platform was inadequate as it only monitored network and server activity and not endpoint activity.
Case Study
InsightCloudSec Facilitates Continuous Multi-Cloud Security for CoStar Amid Mergers and Acquisitions
CoStar Group, a leading provider of commercial real estate information, analytics, and online marketplaces, has been expanding its reach through mergers and acquisitions (M&A). As of October 1, 2019, CoStar has spent approximately $2 billion acquiring a total of 27 organizations, each with a unique cloud presence and varying levels of cloud competency. The challenge for CoStar is ensuring the security and compliance of its constantly growing and evolving cloud footprint, which spans across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). When growing through M&A, CoStar must be able to understand the cyber risk of the acquisition target, integrate the newly acquired resources, and maintain the ability of these acquired entities to accelerate innovation through the use of cloud services without the loss of control.
Case Study
Domino’s Pizza Enhances Security Operations with Rapid7's Detection and Response Workshop
Domino’s Pizza, the world's largest pizza company, relies heavily on technology for its online ordering and delivery services. The company's security operations center operates 24/7, and one of the biggest security challenges they face is phishing. Spear phishing, in particular, is a significant threat due to the craftiness of threat actors. The company also has a wide attack surface due to its domestic and international markets, making threat hunting a critical task. The company wanted to train its security operations center (SOC) analysts to think like attackers, as many analysts focus solely on detection and response and lack understanding of the tactics used by attackers.
Case Study
Rapid7's IoT Solutions Streamline Operations for Acme Brick's Lean Security Team
Acme Brick, a company with a long history in brickmaking, faced a significant challenge in managing the security of its IT infrastructure. With only two team members responsible for the security of 1200 workstations, servers, and active users, the company was struggling to maintain efficiency and effectiveness in its operations. The lean team was overwhelmed with the volume of work and the need for a tool that could streamline their day-to-day operations was deemed critical. The challenge was to find a solution that could integrate all their security tools into one platform, making it easier to manage and monitor their security posture.
Case Study
Enhancing Security Visibility and Reducing Risk: A Case Study on Alpina Group's Adoption of Rapid7
Alpina Group, a Netherlands-based insurance technology firm, was facing a significant challenge in improving the maturity of its in-house security program. The company was on a steep growth curve, expanding its workforce from 350 to 550 employees in just two years. This rapid growth also led to an increase in the number of IT assets to manage and secure. The insurance sector is a popular target for attackers due to the wealth of sensitive personal and financial information they hold. Alpina Group recognized the need to enhance its visibility into the threat landscape and its own IT infrastructure to proactively manage risk. The company's incumbent SIEM platform created a blind spot after a year-long implementation, as it was too complex for the small security team to operate effectively. Security Officer Joost Dubbelman was tasked with finding vulnerability management and incident detection solutions that could be managed by a small team, provide enhanced insight, and help reduce risk.
Case Study
Amedisys Enhances Security and Efficiency with Rapid7 InsightIDR
Amedisys, a leading provider of home healthcare, faced a unique challenge in securing their patients’ and employees' data without impacting the usability of their systems. The majority of their user base consists of clinicians who provide care to patients in their homes. It was crucial to provide these medical professionals with a seamless and secure experience, as any disruption could impact the care provided to patients. The challenge was to ensure the security of sensitive data while maintaining the efficiency of their operations.
Case Study
AMN Healthcare's Digital Transformation: A Cybersecurity Case Study with Rapid7
AMN Healthcare, a leading provider of total talent solutions for healthcare organizations, faced a significant challenge in integrating the cybersecurity systems of 28 recently acquired organizations. These organizations varied in size, from startups with 30-50 employees to established organizations with 2,500 employees, each with their own offices, policies, and frameworks. AMN needed a unified, future-proof security platform to integrate these organizations into their corporate structure, ensuring that every organization was following a singular security standard for detection and response. The challenge was further complicated by the shift to remote work due to COVID-19, which transformed each employee's home into a regional office, creating a lack of visibility and control over home networks.
Case Study
Auden Group's Secure Expansion of Financial Services with Rapid7 Insight Platform
Auden Group, a socially responsible financial services company, was looking to expand its product portfolio while ensuring robust cybersecurity. The company's leadership recognized the importance of cybersecurity for the success of its mission and growth. They brought on a six-person security team, led by Philip Wright, Head of InfoSec, to manage all aspects of cybersecurity from prevention to threat response. Wright was particularly concerned about phishing and human error, and wanted to build a program around the NIST cybersecurity framework: identify, protect, detect, respond, and recover. With only a month until the company’s first product launch, Wright’s priority was obtaining the ability to detect suspicious activity. He turned to InsightIDR - Rapid7’s easy to deploy SIEM (Security Information and Event Management) solution that features built-in threat detection.
Case Study
Securing Critical Patient Data: Bioventus' Success with Rapid7
Bioventus, a global leader in active healing and surgical orthobiologics, faced significant security challenges due to its large distributed workforce, multiple clouds, diverse devices, and the critical nature of patient data. The company's security team had to deal with user compromise and phishing emails on a daily basis. As an international healthcare company based in the US, Bioventus had the additional challenge of safeguarding patient records. A breach of any sort could be damaging, but a breach of patient records could be particularly expensive. The company also faced common security challenges for enterprises of its size, such as attacks on its cloud-based networks.
Case Study
Empowering Security in Education: Blue Valley School District's Partnership with Rapid7
Blue Valley Unified School District in Kansas, with over 23,000 students and 3,100 staff spread across 35 schools, was committed to providing a safe digital learning environment for its students. However, the district faced significant security challenges. In August 2019, the district was targeted by a successful ransomware attack, prompting a comprehensive security assessment of its vast application and network infrastructure. The district's cybersecurity team identified ransomware attacks, visibility, and staffing as the key challenges. Ransomware attacks were a constant threat, especially given the perception that public school districts have limited budgets and manpower. Visibility was another issue, with the small team struggling to maintain a comprehensive view of the district's security landscape. Staffing was also a concern, with many school districts unable to invest in the necessary staffing and software to deal with the demands of today's cybersecurity environment.
Case Study
Brooks Enhances Security Program with Rapid7 SOAR Solution
Brooks, a rapidly growing sports equipment company, faced increasing security vulnerabilities due to its expansion. The company's growth from $500 million to $1 billion in sales, along with an increase in employees to 1,800, led to more hits on their website, more partners, and consequently, more security events, phishing emails, and potential risks. Despite having a security team of three analysts, the company struggled to stay ahead of the alerts. The traditionally manual, time-intensive incident response and vulnerability management processes were not scalable to meet the growing security challenges.
Case Study
Operationalizing Cybersecurity: A Case Study of Domestic & General and Rapid7
Domestic & General (D&G), a leading provider of subscription-based home appliance care, faced a significant challenge in managing its cybersecurity. With a 110-year old business, the company had an accumulation of systems and dozens of IT processes that had evolved over the years. As D&G expanded globally and digitized, its attack surface grew, and the mixed heterogeneous environment created additional challenges in terms of increased cyber risk. The company lacked a modern platform to identify risk and threats in a hybrid environment, at scale and with context. D&G’s Chief Information Officer, Phil, realized the need to enhance the company’s cyber protections and empower the business to own their cyber risk. However, the company was missing a platform that a modern organization needs to ensure it’s protected adequately.
Case Study
Rapid7 and Dragonfly Partner to Enhance Cybersecurity for Electro Optic Systems
Electro Optic Systems (EOS), an Australian technology company operating in the defense, space, and communications markets, was facing a significant challenge as it expanded its international footprint. The primary issue was maintaining their cybersecurity defensive perimeter, a crucial aspect given the sensitive nature of their business, which often intersects with national security interests. As EOS grew from a small organization to a large enterprise, the need to uplift their security posture and maturity became increasingly critical. The company required a solution that would provide continuous protection, monitoring, detection, and incident management tailored to their specific business needs.
Case Study
Rapid7: A Game-Changer for Elara Caring’s Cybersecurity Infrastructure
Elara Caring, one of the largest providers of home health care in the U.S., faced significant challenges following the merger of three home healthcare companies. The consolidation created new opportunities but also posed difficulties for the company’s IT infrastructure and data security. The Chief Information Security Officer (CISO), Eric Bowerman, was primarily concerned with protecting end-users from phishing and ransomware attacks, which are common in the healthcare industry. The shift to a work-from-home environment due to the COVID-19 pandemic further complicated matters. The company had limited management software on the laptops of remote workers, which meant they did not have the same control as when the employees were in the office. This presented compliance issues related to protected health information (PHI).
Case Study
Experity's Security Operations Scaling with Rapid7 Managed Services
Experity, a dynamic Health Information Technology company, was formed from the merger of the two largest urgent care Electronic Medical Records (EMR) companies in the country. This merger led to a rapid expansion of personnel, office locations, software, and services, creating unique challenges for the security team. The team was tasked with a substantial mission to protect the company from loss events of any kind, necessitating business continuity and standardization. The team was small and the expansion meant they would need to triple or quadruple their size to get the coverage they needed. The company had been using a Managed Detection and Response (MDR) platform, but it was not sufficient for the new scale of operations. It only monitored network and server activity and not endpoint activity, which was crucial as most security issues arise from user activities on desktops and laptops. The security team needed a platform to vet alerts from the increased number of employees and contractors.
Case Study
Exponent Enhances Data Security with Rapid7 InsightVM and Managed Detection and Response Service
Exponent, a renowned engineering and scientific consulting firm, faced a significant challenge in securing its data across its diverse and constantly evolving environment. With 1,500 employees spread across more than 30 locations and serving clients in the U.S, European Union, and Asia, the firm needed a robust security solution that could provide visibility across its diverse environment. The responsibility of securing the data fell on Daniel Shuler and his information security team. The team's primary focus was to protect their clients' data using the best technology available and demonstrate that they had the right security tools in place. The challenge was further complicated by the firm's constantly evolving roster of clients and projects, new field offices, and diverse technologies.
Case Study
Hypertherm Enhances Security and Efficiency with Rapid7 Solutions
Hypertherm, a leading industrial cutting and shaping company, faced a significant challenge in maintaining the security and smooth operation of its diverse range of assets. These included operational technology, IoT devices, and Hypertherm's proprietary software. James Thompson, Information Security Manager at Hypertherm, was seeking a comprehensive solution that would provide visibility into the complex manufacturing sector, often referred to as the 'wild west' due to its lack of regulation. The company's environment was highly mobile, with many employees using laptops and a significant percentage of engineers using high-powered CAD workstations. Additionally, the company had to deal with old legacy machines running on outdated and difficult-to-secure systems. The challenge was further compounded by the constant movement of manufacturing cells around the organization, which often led to printers being moved to new IP ranges without Thompson's knowledge, causing potential disruptions to production.
Case Study
Maximus Enhances Compliance and Minimizes Risk with Rapid7 Cloud Security
Maximus, a leading strategic partner to governments worldwide, faced a significant challenge in enforcing standards and ensuring consistency across all public cloud environments. With over 200 AWS accounts under management and a growing Azure presence, visibility into numerous projects spanning AWS and Azure was critical. The company needed a solution that would enforce standards across all public cloud accounts and regions, provide visibility into non-compliant resources, create an exception process for certain resources, and deliver an automated way to take remediation action. Enforcing standards across the entire enterprise with hundreds of AWS accounts and Azure subscriptions and different support models was a daunting task.
Case Study
Modine Manufacturing Enhances Cybersecurity with Rapid7’s Portfolio of Security Services and Solutions
Modine Manufacturing Company, a global leader in thermal management technology and solutions, faced a significant challenge in protecting its digital assets and those of its customers. As the business grew, so did the risks. The company's small security team found themselves monitoring thousands of event sources, up from a few hundred. They needed a partner that could help them improve various parts of their security program, addressing both proactive and reactive security needs. This required a strategic partner with multiple centers of product and service excellence.
Case Study
Pearl Data Direct Leverages Rapid7 Insight Platform for Enhanced Security and Compliance
Pearl Data Direct LLC (PDD), a FinTech company and subsidiary of LuLu Financial Holdings, faced two major security challenges. Firstly, as a company managing millions of dollars through their application, they were an attractive target for cyber attackers. Secondly, their business operates in the heavily regulated financial sector, requiring strict compliance with central bank regulations. The company needed to ensure the security of thousands of transactions flowing through their system every second, while also complying with stringent cybersecurity regulations. They also had to protect the personal identifiable information (PII) of their customers, which they were required to collect for compliance purposes. Furthermore, their core banking system was connected to a variety of banks, adding to the complexity of their security challenges.
Case Study
Rackspace Enhances Security and Trust with Rapid7 Solutions
Rackspace Technology, a leading end-to-end multi-cloud technology services company, faced a significant challenge in ensuring the security of their customers' data. As a company that designs, builds, and operates cloud environments across all major technology platforms, it was crucial for Rackspace to instill trust and confidence in their customers. The challenge was to ensure that when customers put their data on the Rackspace platform or chose to interact with Rackspace, their data would be secure and protected as if it was Rackspace's own. The company needed a robust and reliable solution to manage vulnerabilities and threats, and to ensure the highest level of data security.
Case Study
Enhancing Cybersecurity in Commercial Real Estate: A Case Study on Rapid7 Solutions
The case study revolves around the challenges faced by Tony Hamil, a senior cybersecurity engineer for a commercial real estate development company based in Dallas, Texas. The company operates in an industry that is not heavily regulated by the government, but still faces significant cybersecurity challenges. Hamil's role includes a wide range of responsibilities, from application setup to maintenance, integrations, and alert monitoring. The company's IT environment is unique due to the lack of government regulations, but it adheres to the CIS and NIST standards voluntarily. The company has a large number of remote sites and users, making it crucial to maintain security whether the employees are working onsite or remotely. The company's biggest security challenges include patch management and user and asset management. The team often struggles with installing patches properly, leaving the system vulnerable. Additionally, the process of onboarding and offboarding employees from an IT and security perspective was a significant challenge.
Case Study
Security Finance Enhances Security Posture with InsightVM
Security Finance, a financial services company with over 1,000 locations across the United States and Mexico, was facing a significant challenge in maintaining its cybersecurity. As a financial institution, it was a constant target for cyber attacks, necessitating a proactive rather than reactive approach to security. The company's situation was further complicated by its extensive infrastructure, which included in-house software and various systems across multiple data centers. This vast surface area increased the potential for attacks. Additionally, the company's security program was not very mature, and they lacked a comprehensive understanding of their assets and the associated vulnerabilities. Prior to implementing a solution, the company was primarily focused on patch management, without a full understanding of the remaining vulnerabilities in their systems.
Case Study
Enhancing Cybersecurity in Healthcare: A Case Study of The Royal Orthopaedic Hospital and Rapid7 Partnership
The Royal Orthopaedic Hospital in Birmingham, England, one of the largest specialist orthopedic centers in Europe, faced significant cybersecurity challenges. The hospital's IT department, led by Ray Mian and Ajmal Khan, was tasked with protecting patient and healthcare records and the IT infrastructure from ransomware attacks. The stakes were high, as any system downtime could have drastic consequences in the hospital environment. A significant challenge was the lack of visibility in the environment. The team was unable to identify their assets and lacked the necessary tools for visibility, discovery, and analysis to assess their security posture within the organization. This lack of visibility was identified as a key weakness in their cybersecurity strategy.
Case Study
US Signal Enhances Network Security with Rapid7 Platform and Managed Services
US Signal, the largest privately held data center services provider in the Midwest, faced significant security challenges in protecting its customers' networks. The company serves seven of the top ten healthcare systems in Michigan, the largest mental health provider in western Michigan, numerous managed service providers (MSPs), and various financial institutions, which necessitates robust security measures. The company had to deal with a range of threats, including phishing and the increasing pace of vulnerability discovery. The company also had to ensure compliance with various security frameworks and regulations, including SOC 2, PCI, and HIPAA. The vulnerability management software US Signal was using previously was not cloud-friendly and required a lot of on-premises infrastructure, making it challenging to manage their vulnerability assessment program.
Case Study
Enhancing Security and Vulnerability Management with IoT: A Case Study of Visier and Rapid7
Visier, a SaaS-based workforce intelligence solutions provider, faced a significant challenge in ensuring the protection of sensitive customer data. As a company entrusted with a vast amount of sensitive data, understanding their exposure in terms of vulnerabilities, potential threats, and threat actors was of paramount importance. The company needed a solution that would not only help them understand their exposure but also provide a robust system for event correlation, detection, alerting, and investigation of potential incidents. The challenge was to find a comprehensive solution that could offer deep insights into vulnerabilities, help inform remediation plans, and provide a robust communication strategy for vulnerability management.
Case Study
Zoopla's Application Security Enhancement with Rapid7 InsightAppSec
Zoopla, a London-based real estate portal, faced a significant challenge in maintaining the security of its applications. With over 60 million visits a month to its flagship property website and application, the company had to ensure the utmost security for its users. The company's security team, led by Application Security Engineer Alikhan Uzakov, was responsible for guiding hundreds of Zoopla developers through the application security testing process. This included conducting training and helping developers embed security tooling into their processes to ensure the security testing of new features and products before their release. However, with only three staff members, the security team found it challenging to support the vast number of developers.
Case Study
User Monitoring and Log Search: Rapid7 InsightIDR Delivers for UK Investment Bank Evercore
Neil Johnson, security manager at Evercore, needed a robust SIEM solution to handle user behavior monitoring and provide comprehensive log search capabilities for data analysis. The existing vulnerability management solution managed by a third party was not meeting their requirements, prompting the need for a more effective solution. The primary drivers for selecting InsightIDR included the ability to alert on anomalous user logins and provide detailed log search functionalities. The head of IT was particularly interested in monitoring user activities to ensure that employee credentials were not compromised.
Case Study
Nexpose Identifies Vulnerabilities, Assists Remediation at LoneStar College System
Before 2008, LSCS supported separate campus IT operations at each of its five campuses with distributed IT support services. Then a new CIO joined the college, and within a month, the Lone Star College System had completely centralized its IT services to support a new vision. Associate Vice Chancellor of Technology Services Link Alander explains, “Through that process we had a series of changes and challenges that had to be achieved to improve reliability and security.” While the college had so far avoided any significant security incident or data breach, it understood the need for a proactive security posture that would maintain user trust. It also needed tools to help prove compliance with regulations such as the Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), and other regulations. The LSCS security initiatives are part of 11 strategic technology initiatives, incorporated into the overall LSCS strategic plan for 2009 through 2011. One of its primary security goals is to use ISO 27000 standards as a framework.
Case Study
Apptio Enhances Mobile Device Security with Mobilisafe
Apptio faced a significant challenge in managing the security risks associated with employees accessing corporate data via personal mobile devices. The use of smartphones and tablets for work purposes had increased efficiency but also introduced potential security vulnerabilities. Prior to implementing Mobilisafe, gathering information on connecting mobile devices was a tedious process that did not yield adequate results. The company lacked a comprehensive security policy for mobile device usage, which heightened the risk of data breaches and unauthorized access.
Case Study
Rapid7 Metasploit Changes the Security Mindset at AutomationDirect
AutomationDirect, a proactive company, wanted to change the security mindset of its IT staff to stay ahead of the latest threats. The company needed to ensure that its IT security practices were robust enough to prevent both internal and external threats. Tim Lawrence, IT security analyst at AutomationDirect, recognized that administrators often prioritize getting systems up and running over security, which could lead to vulnerabilities. After attending the Black Hat convention in July 2010, Lawrence devised a long-term security strategy to address these issues. The goal was to anticipate and thwart potential hackers and eliminate internal oversights that could create inadvertent vulnerabilities. AutomationDirect was not under any immediate known security threat, but the IT security team needed to promote overall security best practices to the entire IT staff to prevent any possible worst-case scenarios.
Case Study
Rapid7 Nexpose Enhances PCI Compliance and Overall Network Security for Bob’s Stores
In 2008, Bob’s Stores faced the challenge of meeting new PCI compliance standards, particularly requirement 11 of the PCI DSS, which mandated regular tests of security systems and processes through internal and external scans. The IT department, led by Nick Sorgio, Assistant Vice President and technology manager, needed a vulnerability management system to meet these standards and protect customer data. The pressure to quickly comply with these new requirements was significant, and Bob’s Stores had no existing vulnerability management system in place. This made finding a suitable tool a top business priority. Bob’s Stores conducted a comprehensive assessment of various vulnerability management vendors, ultimately selecting Rapid7 due to its ability to identify vulnerabilities across networks, operating systems, databases, web applications, and a wide range of system platforms. Rapid7 Nexpose provided the necessary vulnerability assessment scanning and monitoring capabilities to meet PCI data security standards and offered sound vulnerability management practices as part of a comprehensive security program.
Case Study
Securing a City: Corpus Christi Assesses, Prioritizes, and Monitors Threats
Bob Jones, the Information Security Manager for the City of Corpus Christi, Texas, faced the challenge of increasing security awareness across the organization and detecting and investigating attacks more easily. The city’s infrastructure is unique, akin to about 30 separate SMBs operating under a larger parent company, each with different requirements and compliance regulations. Bob's role was multifaceted, involving duties of an analyst, engineer, and penetration tester. He had to change an embedded culture and establish credibility with the CIO and IT Director. The primary challenge was the lack of visibility into assets on the Corpus Christi network, making it difficult to accurately qualify or quantify the level of risk. Bob needed to prioritize remediation to add value and avoid placing a greater burden on the business.
Case Study
Vulnerability Management at Diebold: Automation, Prioritization, Remediation
Diebold needed an effective threat exposure management solution that would offer scalability and visibility. Given the pivotal role vulnerability management plays at Diebold, selecting a vulnerability management solution was an important task which the team did not undertake lightly. A main priority for them was the effectiveness of the vulnerability scanner. Diebold needed accurate, up-to-date, real-time data. Scalability was also an important factor; being a global company, they needed the ability to reach around the world without adding administrative overhead.
Case Study
Essentia Health Reduces Risk with Nexpose and Metasploit
Securing the Essentia Health network is a complex task due to its multi-billion dollar integrated health system that spans multiple states and roughly one hundred facilities in the Midwest. The network includes fifty thousand IPs, from facilities to medical device equipment. The security team must locate and resolve high-risk vulnerabilities to safeguard patient data and other critical information. Compliance with HIPAA, HITECH, and PCI DSS adds another layer of complexity. Despite compliance, security holes such as weak credentials and improper patches were prevalent. The team needed a solution to perform thorough testing against all active systems and demonstrate risk to secure necessary resources for a vulnerability management program.
Case Study
Rapid7 Conducts a Penetration Test for Eyelock
Recently, Eyelock set out on a new project: making security airtight for logical access devices. They wanted an external team to take a very close look at their security architecture to implement a design that would allow for access to computers, websites, online banking, and the like. The RFP process kicked off, and the Eyelock team began evaluating various third-party vendors. The top three qualifications were extensive experience with embedded products, a high level of security expertise, and a strong overall reputation within the industry. Through a combination of these factors, Rapid7 won out.
Case Study
Vulnerability Management assists with compliance for Hillsborough County
Before Hillsborough County acquired a vulnerability management solution, ensuring that their over 250 servers were secure and compliant proved difficult for ITS’ team of three security engineers. The County’s process was to contract with outside vendors to run periodic vulnerability assessment scans. With new security requirements increasing the need for more frequent auditing, they needed an in-house solution. The County’s security engineers required detailed reports that identified vulnerabilities to be remedied before they could pose substantial risk to the network environment. To evaluate vulnerability management solutions, ITS defined a set of technical requirements against which to measure selected vulnerability assessment scanners. The desired solution would need the ability to perform stealth scans, schedule routine scans, support multiple platforms including Windows and Linux, scan multiple platforms, applications and devices, support unauthenticated and authenticated scans, scan all systems without installing an agent, perform incremental scans, and provide future support for wireless protocols.
Case Study
MCPHS University Saves Time and Effort with Nexpose
When Allen Basey joined MCPHS University over two and a half years ago, he was tasked with developing new security procedures and policies, including comprehensive vulnerability scanning. As the sole person dedicated to maintaining security, he needed to improve the University's overall security posture without being overburdened. Initially, he opted for Tenable's Nessus due to its low cost, but found it required manual scans and lacked critical context for prioritizing vulnerabilities. This made it difficult to get IT support teams to take action, and researching how to patch vulnerabilities consumed valuable time, leading to crucial patches being neglected.
Case Study
Nebraska Public Power District Fights Phishing, Meets Compliance Requirements with Nexpose and Metasploit
The Nebraska Public Power District (NPPD) faced a complex compliance situation due to various regulatory mandates, including NERC CIP standards, HIPAA, and specific cyber regulations for their nuclear facility. As a publicly powered state, Nebraska's electric utilities are owned by the public, adding another layer of complexity. NPPD needed to ensure robust cybersecurity measures across its 4,000 assets spread over 19 sites, while also addressing the increasing sophistication of phishing attacks. The organization aimed to improve its overall security posture and meet compliance requirements effectively.
Case Study
Nexpose Enables a Small IT Staff to Manage a Large IT Infrastructure at Norwich University
With a constantly growing network environment, Norwich University’s IT department found it increasingly difficult to have a clear view into all network equipment and servers—and their vulnerabilities—while still only conducting manual scans.
Case Study
Permission Interactive Turns to Rapid7 for Help Enhancing its Security with Comprehensive Vulnerability Management
Permission Interactive, an e-commerce company handling sensitive customer information, faced challenges in meeting PCI compliance standards. Their existing McAfee vulnerability management solution was only helping them 'check the box' for PCI compliance without improving their overall security landscape. A full audit revealed significant gaps in security best practices and overall compliance, prompting the company to seek a more robust solution.
Case Study
Leveraging Dynamic Asset Groups in Rapid7 Nexpose
Identifying how many servers and systems were affected by Heartbleed and other OpenSSL vulnerabilities without having to scan every server manually. PNM Resources needed a way to quickly and accurately identify vulnerabilities across their extensive network of servers and systems. The manual process of scanning each server individually was time-consuming and inefficient, especially during critical incidents like Heartbleed. The challenge was to find a solution that could provide rapid, accurate, and comprehensive visibility into the security status of their assets, enabling timely remediation and risk reduction.
Case Study
Prairie North Regional Health Authority Uses Automated Security Reporting to Free Up Resources
PNRHA needed to enhance its security posture to comply with Saskatchewan’s Health Information Protection Act (HIPA) and prepare for a province-wide security push. The organization lacked visibility into its security status and had no reporting or charting capabilities to demonstrate compliance. With over 100 servers, 2,500 employees, 1,500 desktops, and two major data centers, PNRHA faced significant challenges in managing and securing its extensive IT infrastructure. The security team, led by Senior Security Analyst Jarvis Meier, needed a solution that could scale with the organization’s growth and provide comprehensive security management.
Case Study
Principle Logic, LLC Leverages Rapid7 for Efficient Security Assessments
Most security professionals are strapped for time. In the world of independent consultants, time is even more precious, as their clients prefer engagements to be brief while still yielding business value. Just ask Kevin Beaver, an independent information security consultant with more than 25 years of experience in IT. As the founder of Atlanta-based Principle Logic, LLC, Kevin specializes in performing independent information security assessments for Fortune 1000 companies, nonprofits, and government agencies, among others. For the better part of Kevin’s career, his focus has been on security. “When I graduated high school, computers were the next big thing,” he laughs. “I remember when the concept of people accessing your network first started getting attention.” Fast forward a few years, and he’s now the author of Hacking for Dummies – one of the best-selling books on information security testing that’s currently in its fourth edition.
Case Study
Stein Mart relies upon Rapid7 Nexpose Enterprise Edition to scan its IT infrastructure for vulnerabilities
As Stein Mart extended its IT infrastructure, it developed a security framework to protect it. But it lacked a comprehensive system for scanning and analyzing its security posture. The IT security team initially experimented with freeware that gathered and consolidated security data. However, the biggest problem was taking all the consolidated data and doing something with it. Stein Mart needed a better way to analyze the data, so that they could understand the risks and vulnerabilities in their current security posture and remediate them. Along with Security Audit Analyst Ambar Batista, Beckworth determined that Stein Mart needed an easy-to-use vulnerability and analysis solution with capabilities such as scanning, consolidating, and analyzing data across a multivendor, multiplatform IT infrastructure, scheduling scans on a regular basis, creating comprehensive reports that rank specific risks and vulnerabilities by criticality, suggesting remediation steps, interacting with an existing third-party trouble-ticketing system, and supporting remote scanning at every store.
Case Study
Weill Cornell Medical College Relies on Rapid7 Nexpose for a Secure Environment
Weill Cornell Medical College, located separate from the main university campus, serves as an academic medical center requiring HIPAA compliance. They have complex IT security needs and needed a solution to prioritize and protect from threats as well as grow with the college.
Case Study
WildTangent's Successful Implementation of Mobilisafe for BYOD Security
WildTangent, an online games service company, faced significant security challenges due to its bring-your-own-device (BYOD) policy. The company had a highly mobile and geographically dispersed workforce, which necessitated the use of personal mobile devices for work purposes. While this approach increased productivity and employee satisfaction, it also introduced security risks. The initial mobile device management (MDM) solution implemented by WildTangent was difficult to configure, had a non-intuitive user interface, and required frequent manual updates. Additionally, not all features were available on every mobile platform, making it an inefficient solution for the company's needs.
Case Study
Rapid7 UserInsight Enables Acosta Sales & Marketing to Effectively Manage and Reduce User Risk for a Highly Mobile Workforce
Acosta has a highly mobile, geographically distributed workforce. They needed an efficient way to gain actionable insight into user behavior, effectively identify when a user’s account may have been compromised, and shorten the time needed for investigation of security incidents. The company’s large remote workforce and high degree of travel create a complex security environment, necessitating vigilant detection of compromised credentials and unusual user behavior. The challenge is further compounded by the need to manage user risk in a distributed work environment where employees frequently perform in-store marketing evaluations using mobile devices.
Case Study
Specialized Security Service, Inc. Discusses Their Strategic Partnership with Rapid7
As a Managed Security Service Provider, S3 needs to offer clients a security portfolio with the best tools and provide great value, all while maintaining a trusting relationship with the vendor. With attackers becoming more sophisticated, IT environments growing increasingly complex, and a shortage of skilled cybersecurity professionals, it’s no wonder that businesses are increasingly turning to Managed Security Service Providers (MSSPs) to ensure their security program stays current with industry best practices. The MSSP relationship offers a cost-efficient way to mitigate risk, combat threats, and keep pace with compliance regulations.
Case Study
US Naval Academy Alumni Association & Foundation Relies on Rapid7 UserInsight for Identifying Compromise and Risky User Behavior
In a non-profit organization, cost-effectiveness is essential. The USNA Alumni Association & Foundation needed to build a security architecture to protect personal information of alumni. Ken Kurz, the Director of Information Services, faced the challenge of managing an infrastructure that supports 70,000 living alumni without leveraging government resources. The primary concern was to ensure the security of personal information while operating within the constraints of a non-profit budget. Ken's extensive background in information assurance and high-level security engineering made him well-suited for the task, but the challenge remained significant due to the unique constraints of the non-profit sector.
Case Study
Rapid7 Nexpose Meets Carnegie Mellon University’s Requirements for Vulnerability Management, Co-Development and Higher Education Expertise
Carnegie Mellon University needed a vulnerability management solution that would scan its assets broadly and offer centralized control for close monitoring and analysis of security threats, as well as the ability to create and export customized reports.
Case Study
Nexpose Busts Security Violations at Redflex Traffic Systems
When Eric Nooden joined Redflex as Information Security Specialist, he found many out-of-date server operating systems. Because system stability was a priority with Redflex proprietary solutions, no one wanted to risk outages. The systems administrators were nervous about patching servers, fearing they might break them. The Redflex team had multilayer security in place, with firewalls, anti-virus software, and other technologies, but no dedicated security personnel to manage them. The undermanaged security posture was more reactive than proactive, and Nooden joined Redflex to change that. Additionally, because Redflex passes financial transactions to processing institutions, its systems must pass SAS 70 audits and comply with data protection standards such as Payment Card Industry Data Security Standard (PCI DSS) to avoid fines.
Case Study
American Chemical Society Lauds Rapid7 Customer Support, Nexpose® Reporting Features
Shackerah, the primary user of Rapid7 Nexpose at the American Chemical Society (ACS), faced challenges in ensuring security holes were quickly plugged and handling PCI DSS compliance requirements. Initially using Qualys, the ACS team sought a new solution due to dissatisfaction with customer service. They needed a vulnerability management solution with robust reporting features, comprehensive vulnerability coverage, and excellent customer support.
Case Study
Ezenta and Rapid7 Help Chr. Hansen Gain Security Visibility
Søren Hansen, the IT Security Manager at Chr. Hansen, faced significant challenges in gaining visibility into user activities on the network and detecting intrusions. The company needed a solution that could alert them to suspicious network activity and streamline incident investigations. The primary challenge was to find a tool that could provide detailed insights into anomalous behavior, such as stolen credentials and lateral movement, without overwhelming the team with excessive alerts. Additionally, the solution needed to be easy to deploy and manage, without requiring additional agents on endpoints.
Case Study
Microsoft Trusts Rapid7 AppSpider
When Microsoft undertook an extensive evaluation of Web Application Vulnerability scanning solutions on the market, the company’s Cloud and Enterprise Security Services team knew it would be no small task. Microsoft wanted to build a world-class, scalable Web App Vulnerability scanning service that would serve all of their different service teams in building secure applications. With the technology landscape rapidly evolving, Microsoft foresaw that the homegrown solution it had previously relied upon for application security would soon struggle to keep pace with modern applications with rich, dynamic clients and numerous APIs on the back-end. So the team undertook an extensive, thorough evaluation that spanned several months and settled on AppSpider as one of its Web App Vulnerability Scanners, based in large part on the product’s roadmap towards being able to handle complex application ecosystems that have rich clients and RESTful APIs.
Case Study
IT/Security Alignment Paves Way for Effective Risk Management at University of Salzburg
The University of Salzburg faced the challenge of ensuring optimal performance and minimizing risk across its campus networks. With approximately 18,000 students and 3,000 staff across 30 locations, the university needed a robust solution to manage its IT and security infrastructure. The IT and security teams needed to collaborate effectively to prioritize and remediate issues based on the organization's needs. The university required a solution that could provide actionable insights, higher accuracy in identifying vulnerabilities, and better visibility into risk.
Case Study
Rapid7 Nexpose Helps to Protect Huge IT Infrastructure at Virginia Tech
In a large university like Virginia Tech, IT security is a major issue. The Office of IT Security conducted a self-assessment of their compliance with the PCI standards and found they needed a commercial scanner with capabilities beyond Nessus.
Case Study
Rapid7 Nexpose® and Metasploit® “Make Life Easier” at Wiltshire Council
Wiltshire Council, a unitary council established in 2009, faced the challenge of managing and protecting the personal information of its residents. With over 5,000 employees and more than 350 diverse services, the council needed an efficient and effective IT service to support, maintain, and provide strategic advice. Annual penetration tests were part of the compliance mandates, and the council needed a solution that could run pen tests all year round. Additionally, the council required a vulnerability management solution that could provide detailed and actionable reporting to help remediate risks in the environment.
Case Study
New Mexico Department of Game and Fish Relies on Rapid7 Nexpose for Selling Customer Licenses, Maintaining PCI Compliance
Russ Verbofsky, the Chief Information Officer at the State of New Mexico Department of Game and Fish, faced significant challenges when he joined the organization. The department's technology infrastructure was outdated, and he had to replace almost every piece of hardware, including switches, routers, firewalls, and servers. With a small IT team of 14 people, half of whom were on the help desk and the other half in application development and database administration, Russ had to support nearly 300 employees across the state. A quarter of these employees worked in the field and connected to the network via VPN, adding complexity to the task. Additionally, the department needed to securely manage its web application for selling hunting and fishing licenses, which accounted for two-thirds of its budget. Another critical requirement was achieving PCI compliance, as credit card information had never been processed through the PCI perspective before. This compliance needed to be achieved across 36 different state agencies.
Case Study
Managed Care Systems Inc. Leverages Rapid7 Pen Testing to Evaluate User Roles and Privileges
MCSI wanted to test the ability of their back end, role-based access controls to curb attempts to elevate privileges. They needed an official way to inform clients and regulators on the security and integrity of their systems, while also satisfying HIPAA standards with a third-party evaluation.
Case Study
From Crisis to Confidence in Only Hours: How Rapid7 Became a Security Sommelier
The cyberattack came in early 2016, when IT manager Tom Brown was on a trip to eastern Europe. Back at headquarters, his staff reported that email had gone into meltdown. Customers were calling in to report that they received emails from Liberty Wines with an unusual attachment, which turned out to be malicious. At the same time, the team was being bombarded by a backscatter of hundreds of thousands of non-delivery receipts related to the malicious email. Tom had to ensure that this wasn’t from an internal breach — that’s when Brown called in the experts at Rapid7. Brown had used Rapid7 software in the past and knew of them as a leader in the security space. He had previously identified a need to track and analyze user authentications and behavior but couldn’t find anything suitable. Until Rapid7 there really wasn’t anything on the market that could easily scale from an SME like Liberty Wines right up to a large enterprise deployment. The architecture of the InsightIDR system allows it to fit any size, both from a scale and a startup cost perspective. He’d arranged for a live demo, been impressed, and allocated budget to install it the next financial year. However, the attackers had other plans.
Case Study
Rapid7 InsightVM and InsightIDR Integrate to Drive 60% Time Savings and Ease Compliance for Energie Suedbayern
One of Benjamin Nawrath’s biggest challenges is maintaining compliance with Germany’s IT Security Act (ITSG), which became law in 2015 but applies from July 2017 onward. The law requires all critical infrastructure providers to run an advanced cybersecurity program designed to ensure the availability, integrity, authenticity, and confidentiality of their IT infrastructure. It also demands that organizations regularly provide certification proving their compliance. Failure to do so could result in a fine of hundreds of thousands Euro. With a large and complex environment to monitor (including 2,000 IP addresses), limited IT staff resources, a growing compliance burden, and ever-determined hackers to keep at bay, Benjamin Nawrath needed robust technology solutions to help overcome these major challenges.
Case Study
Italian University Gains a “Panorama” View of Overall Risk with Rapid7 InsightIDR
The University of Palermo faced significant challenges in managing and securing a vast number of assets with a small IT team. They needed a solution that could provide comprehensive visibility into vulnerabilities and overall risk, as well as streamline the process of querying and analyzing log data. The university also required a secure method for log retention to meet compliance requirements and sought flexible visibility across a range of operating systems, including Windows, Mac, Linux, iOS, Android, and Windows phones. Prior to adopting Rapid7's solutions, the university relied on Snort and AlienVault OSSIM for incident detection and response, which proved to be less efficient and intuitive.
Case Study
Rapid7 Nexpose Helps Sierra View Medical Center Prioritize Risk and Remediate Fast
Sierra View Medical Center faced significant challenges in maintaining real-time visibility and control over its endpoints and servers. The healthcare industry, being a prime target for cyberattacks, required robust security measures to protect sensitive patient data. However, the existing system at Sierra View relied on outdated data from quarterly and biannual scans, which were up to six months old. This outdated information made it difficult to prioritize and assign remediation tasks effectively. The lack of granularity in the CVSS scores further complicated the process, making it nearly impossible to manage vulnerabilities efficiently. As the sole full-time information security practitioner, Scott Cheney needed a more streamlined and automated approach to share risk insights with the IT operations, networks, and systems staff.
Case Study
Rapid7 Managed Services Help Australian Lender Minimize Risk and Maximize InHouse Resources
Financial institutions around the world have always been an attractive target for hackers keen to get their hands on sensitive customer data, launch online extortion attacks, and interfere in internal business processes to siphon away funds. Even in the United Kingdom, one of the most mature global financial services markets, breaches reported to the regulator soared by 480% in 2018 according to RPC. As part of its customer offerings, Resimac issues a credit card, which means that it is also bound by strict PCI compliance rules. This puts extra pressure on an in-house security team already tasked with keeping escalating threats at bay. With just a handful of staff, Mihalek and his team manage a footprint of approximately 600 assets for the 300+ employees across Australia, New Zealand, and Manila. Needing extra help to support its PCI compliance program—and drive best practices to improve security across the organization—Mihalek sought the help of an outside managed security services provider back in 2017. The decision was underlined by a security incident the firm suffered, an incident Smith claims would have been picked up by a managed security service if one had been in place. But there were also good financial reasons for outsourcing security, says Mihalek.
Case Study
Pioneer Telephone Uses Rapid7 InsightIDR and Nexpose to Unite Disparate Departments and Networks
Chad Kliewer, the Information Security Officer at Pioneer Telephone, was tasked with implementing a comprehensive security plan and ensuring compliance standards across multiple departments, including corporate, telephone, and broadband services. The challenge was compounded by the absence of a centralized IT group, making it difficult to create a cohesive infrastructure. Additionally, there was no formalized scanning process in place, leading to a lack of visibility into the network assets and vulnerabilities.
Case Study
InsightUBA on a University Campus
The University of Texas at Dallas faced significant challenges in managing vulnerabilities across its campus network. The primary goal was to reduce vulnerabilities, detect and investigate security incidents faster, and manage threat exposure effectively. The security team needed a solution that could provide comprehensive visibility into information security risks, correlate user behavior with events, and improve incident response times. Additionally, they wanted to ensure that new technology purchases underwent thorough security assessments before going into production.
