Download PDF
Rapid7 Nexpose Helps to Protect Huge IT Infrastructure at Virginia Tech
Technology Category
- Cybersecurity & Privacy - Network Security
- Cybersecurity & Privacy - Security Compliance
Applicable Industries
- Education
Applicable Functions
- Business Operation
Services
- System Integration
- Training
The Challenge
In a large university like Virginia Tech, IT security is a major issue. The Office of IT Security conducted a self-assessment of their compliance with the PCI standards and found they needed a commercial scanner with capabilities beyond Nessus.
About The Customer
Virginia Tech has long been at the forefront of information technology. The campus has been fully networked since the early 80s, and more than 15 years ago, the school, in collaboration with what was then Bell Atlantic – now Verizon – and the Town of Blacksburg spearheaded the development of the Blacksburg Electronic Village. This project represented the first attempt anywhere in the country to make the vast resources of the Internet available to everyone throughout a university community. Because of the University’s vast size and scope, IT security is a major issue at Virginia Tech. One indication of its importance is that the University’s vice president for IT reports directly to the school’s president. A key element within Virginia Tech’s IT department is the Office of IT Security, which has three components: Awareness, Training, and Policies; Identity Management; and the IT Security Lab. Randy Marchany is director of that lab, and Brad Tilley is an IT security analyst there. Marchany describes the lab in this way, “It is a product testing facility, an academic research facility, and an operational center for security functions within Virginia Tech.”
The Solution
Virginia Tech began using Nexpose to scan all of their assets– servers, web applications, networks, and databases. They found Rapid7’s product and tech support to be tremendously helpful in securing their large network. Tilley remembers the research that preceded their decision. “We had been using Nessus for several years as an inexpensive and easy vulnerability scanner,” he says. “We set up a scan website that uses Nessus as its backend, and we started looking for a commercial scanner that could go beyond the capabilities that Nessus offered, which was how we found out about Rapid7 Nexpose. Now, we use Nexpose to scan everything – servers, Web applications, networks, databases.” One of the guiding principles of the Security Office is “All Security is Local,” and they try to disseminate this philosophy throughout the University. Marchany says, “We were seeking a tool that enabled us to monitor systems from a central standpoint, but one that would also give local system administrators throughout the school the ability to scan their own systems whenever they wished.” The role-based access feature of Rapid7 Nexpose helps the Security Office to do just that. Role-based access enables the security staff to allow an administrator to access the scanner and use it without interfering with anyone else who may be doing the same thing. As Marchany says, “This capability gives system administrators around campus a sense of empowerment. They say, ‘I can run a security scan whenever I need to, and I can review the results before the IT Security Office tells me I need to fix something.’ This functionality has helped them to be more pro-active, and it has helped us tremendously.”
Operational Impact
Quantitative Benefit
Related Case Studies.
Case Study
IoT platform Enables Safety Solutions for U.S. School Districts
Designed to alert drivers when schoolchildren are present, especially in low-visibility conditions, school-zone flasher signals are typically updated manually at each school. The switching is based on the school calendar and manually changed when an unexpected early dismissal occurs, as in the case of a weather-event altering the normal schedule. The process to reprogram the flashers requires a significant effort by school district personnel to implement due to the large number of warning flashers installed across an entire school district.
Case Study
Revolutionizing Medical Training in India: GSL Smart Lab and the LAP Mentor
The GSL SMART Lab, a collective effort of the GSL College of Medicine and the GSL College of Nursing and Health Science, was facing a challenge in providing superior training to healthcare professionals. As clinical medicine was becoming more focused on patient safety and quality of care, the need for medical simulation to bridge the educational gap between the classroom and the clinical environment was becoming increasingly apparent. Dr. Sandeep Ganni, the director of the GSL SMART Lab, envisioned a world-class surgical and medical training center where physicians and healthcare professionals could learn skills through simulation training. He was looking for different simulators for different specialties to provide both basic and advanced simulation training. For laparoscopic surgery, he was interested in a high fidelity simulator that could provide basic surgical and suturing skills training for international accreditation as well as specific hands-on training in complex laparoscopic procedures for practicing physicians in India.
Case Study
Implementing Robotic Surgery Training Simulator for Enhanced Surgical Proficiency
Fundacio Puigvert, a leading European medical center specializing in Urology, Nephrology, and Andrology, faced a significant challenge in training its surgical residents. The institution recognized the need for a more standardized and comprehensive training curriculum, particularly in the area of robotic surgery. The challenge was underscored by two independent studies showing that less than 5% of residents in Italian and German residency programs could perform major or complex procedures by the end of their residency. The institution sought to establish a virtual reality simulation lab that would include endourological, laparoscopic, and robotic platforms. However, they needed a simulator that could replicate both the hardware and software of the robotic Da Vinci console used in the operating room, without being connected to the actual physical console. They also required a system that could provide both basic and advanced simulation training, and a metrics system to assess the proficiency of the trainees before they performed surgical procedures in the operating theater.
Case Study
Edinburgh Napier University streamlines long-distance learning with Cisco WebEX
• Geographically dispersed campus made in-person meetings costly and inconvenient.• Distance-learning programs in Malaysia, India, and China required dependable, user-friendly online tools to maximize interaction in collaborative workspaces.• Virtual learning environment required a separate sign-in process, resulting in a significant administrative burden for IT staff and limited adoption of collaboration technology.
Case Study
8x increased productivity with VKS
Before VKS, a teacher would spend a lot of time showing a group of 22 students how to build a set of stairs within a semester of 120 hours. Along with not leaving the teacher much time to provide one-on-one support for each student to properly learn carpentry, it also left a considerable amount of room for error. Key information would be misinterpreted or lost as the class was taught in the typical show-and-tell way.
Case Study
Scalable IoT Empowering GreenFlex's Sustainable Growth
GreenFlex, a company that supports sustainable development, decarbonization, and energy efficiency, faced several challenges in its quest to expand its business. The company needed to deploy a robust and sustainable IoT technology to support its growth. It was crucial for them to monitor and control devices at customer sites in a safe and reliable manner. They also needed to integrate devices across a range of communication protocols and gather and act on data to meet efficiency targets. GreenFlex had previously built IoT capabilities into its digital platform, GreenFlexIQ, to monitor and manage customer sites remotely. However, they soon realized that they needed a new platform to support their ambitions. They needed a platform that could scale to connect more devices for production management and make it easier for the operations team to manage devices in the field.
