Download PDF
Rapid7 Metasploit Changes the Security Mindset at AutomationDirect
Technology Category
- Cybersecurity & Privacy - Endpoint Security
- Cybersecurity & Privacy - Network Security
- Cybersecurity & Privacy - Security Compliance
Applicable Industries
- Equipment & Machinery
Applicable Functions
- Business Operation
- Quality Assurance
Services
- Cybersecurity Services
- System Integration
- Testing & Certification
The Challenge
AutomationDirect, a proactive company, wanted to change the security mindset of its IT staff to stay ahead of the latest threats. The company needed to ensure that its IT security practices were robust enough to prevent both internal and external threats. Tim Lawrence, IT security analyst at AutomationDirect, recognized that administrators often prioritize getting systems up and running over security, which could lead to vulnerabilities. After attending the Black Hat convention in July 2010, Lawrence devised a long-term security strategy to address these issues. The goal was to anticipate and thwart potential hackers and eliminate internal oversights that could create inadvertent vulnerabilities. AutomationDirect was not under any immediate known security threat, but the IT security team needed to promote overall security best practices to the entire IT staff to prevent any possible worst-case scenarios.
About The Customer
AutomationDirect is a leading supplier of industrial automation equipment and associated components to manufacturers worldwide. Based in Cumming, Georgia, the company is known for its low pricing, award-winning customer support, objective product evaluations, and partnerships with reliable systems integrators. AutomationDirect uses sophisticated automation solutions to pack and ship its orders with high accuracy and efficiency. The company also places a high value on its employees, treating them as 'billion-dollar assets.' Since most of its business is conducted online, AutomationDirect must comply with the Payment Card Industry Data Security Standard (PCI DSS). The company is proactive in its approach to security, aiming to stay ahead of potential threats and ensure a secure environment for its operations.
The Solution
AutomationDirect implemented a comprehensive Rapid7 solution that includes Nexpose Enterprise Edition for vulnerability scanning and Metasploit Pro for penetration testing. Together, these tools provide a complete solution for risk assessment and remediation across the data center, networks, and Web servers. Metasploit Pro, with its extensive database of quality-assured exploits, allows Lawrence to emulate realistic network attacks on specific targets within the AutomationDirect environment. The tool assesses the security of Web applications, network and endpoint systems, and email users. Its user-friendly interface enables Lawrence to automate tasks and leverage multi-level attacks, completing penetration tests faster than with the freeware version. The solution also includes support for Web application exploits, managing client-side campaigns against end users, VPN pivoting, and team collaboration. After using Metasploit to break into a Web server, Lawrence runs the Nexpose vulnerability scanner through the compromised server. He uses VPN pivoting to discover exploitable vulnerabilities in databases hosting confidential customer and employee data. This information can be leveraged to conduct social engineering attacks, such as targeted phishing campaigns, to open new attack vectors on the internal network.
Operational Impact
Related Case Studies.
Case Study
Smart Water Filtration Systems
Before working with Ayla Networks, Ozner was already using cloud connectivity to identify and solve water-filtration system malfunctions as well as to monitor filter cartridges for replacements.But, in June 2015, Ozner executives talked with Ayla about how the company might further improve its water systems with IoT technology. They liked what they heard from Ayla, but the executives needed to be sure that Ayla’s Agile IoT Platform provided the security and reliability Ozner required.
Case Study
IoT enabled Fleet Management with MindSphere
In view of growing competition, Gämmerler had a strong need to remain competitive via process optimization, reliability and gentle handling of printed products, even at highest press speeds. In addition, a digitalization initiative also included developing a key differentiation via data-driven services offers.
Case Study
Predictive Maintenance for Industrial Chillers
For global leaders in the industrial chiller manufacturing, reliability of the entire production process is of the utmost importance. Chillers are refrigeration systems that produce ice water to provide cooling for a process or industrial application. One of those leaders sought a way to respond to asset performance issues, even before they occur. The intelligence to guarantee maximum reliability of cooling devices is embedded (pre-alarming). A pre-alarming phase means that the cooling device still works, but symptoms may appear, telling manufacturers that a failure is likely to occur in the near future. Chillers who are not internet connected at that moment, provide little insight in this pre-alarming phase.
Case Study
Premium Appliance Producer Innovates with Internet of Everything
Sub-Zero faced the largest product launch in the company’s history:It wanted to launch 60 new products as scheduled while simultaneously opening a new “greenfield” production facility, yet still adhering to stringent quality requirements and manage issues from new supply-chain partners. A the same time, it wanted to increase staff productivity time and collaboration while reducing travel and costs.
Case Study
Integration of PLC with IoT for Bosch Rexroth
The application arises from the need to monitor and anticipate the problems of one or more machines managed by a PLC. These problems, often resulting from the accumulation over time of small discrepancies, require, when they occur, ex post technical operations maintenance.
Case Study
Robot Saves Money and Time for US Custom Molding Company
Injection Technology (Itech) is a custom molder for a variety of clients that require precision plastic parts for such products as electric meter covers, dental appliance cases and spools. With 95 employees operating 23 molding machines in a 30,000 square foot plant, Itech wanted to reduce man hours and increase efficiency.