Download PDF
Rapid7 > Case Studies > MCPHS University Saves Time and Effort with Nexpose
Rapid7 Logo

MCPHS University Saves Time and Effort with Nexpose

Technology Category
  • Cybersecurity & Privacy - Security Compliance
Applicable Industries
  • Education
Applicable Functions
  • Business Operation
  • Facility Management
Services
  • System Integration
  • Training
The Challenge
When Allen Basey joined MCPHS University over two and a half years ago, he was tasked with developing new security procedures and policies, including comprehensive vulnerability scanning. As the sole person dedicated to maintaining security, he needed to improve the University's overall security posture without being overburdened. Initially, he opted for Tenable's Nessus due to its low cost, but found it required manual scans and lacked critical context for prioritizing vulnerabilities. This made it difficult to get IT support teams to take action, and researching how to patch vulnerabilities consumed valuable time, leading to crucial patches being neglected.
About The Customer
MCPHS University, one of the oldest universities in Boston, Massachusetts, has a rich legacy of providing valuable education in medical sciences. The university operates three physical campuses in New England—Boston, MA; Worcester, MA; and Manchester, NH—alongside an online campus. Allen Basey, the Senior Security Analyst, manages security for all campuses from his office in Manchester. His responsibilities include ensuring compliance with standards like HIPAA/HITECH, FERPA, and Mass 201 CMR 17, securing sensitive data, and monitoring security controls to minimize incidents and risks while maintaining high efficiency.
The Solution
Allen realized that Nessus's low upfront cost did not outweigh the inconvenience of manual operations. He needed a solution that offered automated reporting and prioritization to reduce overhead and manpower requirements. After being initially turned down by his CIO, Allen built a comprehensive business case for Rapid7 Nexpose. He identified key needs such as compliance with security standards, automatic periodic scans, ad hoc scans for new equipment, and easy vulnerability prioritization. By mapping out the manual steps required to emulate Nexpose's automated capabilities, he successfully convinced the CIO to make the switch.
Operational Impact
  • With Rapid7 Nexpose, Allen benefited from automated capabilities, which had a cascading effect on other teams as well. The system support group saved hours of work in researching and completing patches.
  • Nexpose continuously discovers assets, including virtual ones, and prioritizes discovered vulnerabilities, making it easier for Allen to request key fixes from the system support groups.
  • Allen has had positive interactions with Rapid7 staff and support, who have been proactive and professional in assisting him.

Related Case Studies.

Contact us

Let's talk!

* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.