Download PDF
Nexpose Identifies Vulnerabilities, Assists Remediation at LoneStar College System
Technology Category
- Cybersecurity & Privacy - Security Compliance
- Cybersecurity & Privacy - Application Security
- Cybersecurity & Privacy - Network Security
Applicable Industries
- Education
Applicable Functions
- Business Operation
- Facility Management
Use Cases
- Regulatory Compliance Monitoring
Services
- System Integration
- Training
The Challenge
Before 2008, LSCS supported separate campus IT operations at each of its five campuses with distributed IT support services. Then a new CIO joined the college, and within a month, the Lone Star College System had completely centralized its IT services to support a new vision. Associate Vice Chancellor of Technology Services Link Alander explains, “Through that process we had a series of changes and challenges that had to be achieved to improve reliability and security.” While the college had so far avoided any significant security incident or data breach, it understood the need for a proactive security posture that would maintain user trust. It also needed tools to help prove compliance with regulations such as the Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), and other regulations. The LSCS security initiatives are part of 11 strategic technology initiatives, incorporated into the overall LSCS strategic plan for 2009 through 2011. One of its primary security goals is to use ISO 27000 standards as a framework.
About The Customer
The LoneStar College System is a thriving community college system serving over 90,000 credit and continuing education students per semester. It offers a broad variety of academic and vocational programs on five campuses and 10 instructional outreach centers located in the North Houston, Texas metropolitan area. Like most educational institutions, the IT infrastructure at LSCS supports a wide variety of end-user devices, operating systems, and applications. The college system’s Office of Technology Services (OTS) support two main datacenters and fourteen campus datacenters with over 900 physical and virtual servers supported. The college system has an extensive Wintel and Linux server environment and a robust voice/video/data network environment. Students, faculty, and staff can access IT services from anywhere through the wireless network. Such an open computing environment is inherently difficult to protect from breaches, disruptions, and intrusions.
The Solution
After the fourth assessment, an account manager from Rapid7 contacted the LSCS team, who agreed to evaluate Rapid7 Nexpose Enterprise Edition, a vulnerability assessment, policy compliance, and remediation management solution. Deployable as software or as an appliance, Rapid7 Nexpose scans for vulnerabilities and performs checks across Web applications, databases, networks, operating systems, and other software products. It locates and identifies threats, assesses their risk to the environment, and offers step-by-step remediation plans. Nexpose ended the team’s frustrations. “Our initial review of Nexpose matured very quickly,” says Alander. “We put in the demo set and saw immediate results with it. From there, we integrated Nexpose as part of our security strategy. It’s shown us things that we’ve never seen before. Out of all the reports we saw before Nexpose, the tool showed us so many more vulnerabilities that were easy to close and fix.” During deployment, the LSCS team hired three temporary technicians to help remediate the long list of vulnerabilities discovered by Rapid7 Nexpose Enterprise Edition. Two weeks after deployment, the systems administrators met to discuss procedures for getting the most value from the tool. The team had had no formal training for the tool, yet Alander says, “It didn’t take any time at all to find out exactly how it fit into the organization, how we would utilize it, and how we would manage it going forward.”
Operational Impact
Quantitative Benefit
Related Case Studies.
Case Study
IoT platform Enables Safety Solutions for U.S. School Districts
Designed to alert drivers when schoolchildren are present, especially in low-visibility conditions, school-zone flasher signals are typically updated manually at each school. The switching is based on the school calendar and manually changed when an unexpected early dismissal occurs, as in the case of a weather-event altering the normal schedule. The process to reprogram the flashers requires a significant effort by school district personnel to implement due to the large number of warning flashers installed across an entire school district.
Case Study
Revolutionizing Medical Training in India: GSL Smart Lab and the LAP Mentor
The GSL SMART Lab, a collective effort of the GSL College of Medicine and the GSL College of Nursing and Health Science, was facing a challenge in providing superior training to healthcare professionals. As clinical medicine was becoming more focused on patient safety and quality of care, the need for medical simulation to bridge the educational gap between the classroom and the clinical environment was becoming increasingly apparent. Dr. Sandeep Ganni, the director of the GSL SMART Lab, envisioned a world-class surgical and medical training center where physicians and healthcare professionals could learn skills through simulation training. He was looking for different simulators for different specialties to provide both basic and advanced simulation training. For laparoscopic surgery, he was interested in a high fidelity simulator that could provide basic surgical and suturing skills training for international accreditation as well as specific hands-on training in complex laparoscopic procedures for practicing physicians in India.
Case Study
Implementing Robotic Surgery Training Simulator for Enhanced Surgical Proficiency
Fundacio Puigvert, a leading European medical center specializing in Urology, Nephrology, and Andrology, faced a significant challenge in training its surgical residents. The institution recognized the need for a more standardized and comprehensive training curriculum, particularly in the area of robotic surgery. The challenge was underscored by two independent studies showing that less than 5% of residents in Italian and German residency programs could perform major or complex procedures by the end of their residency. The institution sought to establish a virtual reality simulation lab that would include endourological, laparoscopic, and robotic platforms. However, they needed a simulator that could replicate both the hardware and software of the robotic Da Vinci console used in the operating room, without being connected to the actual physical console. They also required a system that could provide both basic and advanced simulation training, and a metrics system to assess the proficiency of the trainees before they performed surgical procedures in the operating theater.
Case Study
Edinburgh Napier University streamlines long-distance learning with Cisco WebEX
• Geographically dispersed campus made in-person meetings costly and inconvenient.• Distance-learning programs in Malaysia, India, and China required dependable, user-friendly online tools to maximize interaction in collaborative workspaces.• Virtual learning environment required a separate sign-in process, resulting in a significant administrative burden for IT staff and limited adoption of collaboration technology.
Case Study
8x increased productivity with VKS
Before VKS, a teacher would spend a lot of time showing a group of 22 students how to build a set of stairs within a semester of 120 hours. Along with not leaving the teacher much time to provide one-on-one support for each student to properly learn carpentry, it also left a considerable amount of room for error. Key information would be misinterpreted or lost as the class was taught in the typical show-and-tell way.
Case Study
Scalable IoT Empowering GreenFlex's Sustainable Growth
GreenFlex, a company that supports sustainable development, decarbonization, and energy efficiency, faced several challenges in its quest to expand its business. The company needed to deploy a robust and sustainable IoT technology to support its growth. It was crucial for them to monitor and control devices at customer sites in a safe and reliable manner. They also needed to integrate devices across a range of communication protocols and gather and act on data to meet efficiency targets. GreenFlex had previously built IoT capabilities into its digital platform, GreenFlexIQ, to monitor and manage customer sites remotely. However, they soon realized that they needed a new platform to support their ambitions. They needed a platform that could scale to connect more devices for production management and make it easier for the operations team to manage devices in the field.