Download PDF
Rapid7 Nexpose Enhances PCI Compliance and Overall Network Security for Bob’s Stores
Technology Category
- Cybersecurity & Privacy - Network Security
- Cybersecurity & Privacy - Security Compliance
- Cybersecurity & Privacy - Application Security
Applicable Industries
- Retail
Applicable Functions
- Business Operation
- Quality Assurance
Services
- System Integration
- Cybersecurity Services
- Training
The Challenge
In 2008, Bob’s Stores faced the challenge of meeting new PCI compliance standards, particularly requirement 11 of the PCI DSS, which mandated regular tests of security systems and processes through internal and external scans. The IT department, led by Nick Sorgio, Assistant Vice President and technology manager, needed a vulnerability management system to meet these standards and protect customer data. The pressure to quickly comply with these new requirements was significant, and Bob’s Stores had no existing vulnerability management system in place. This made finding a suitable tool a top business priority. Bob’s Stores conducted a comprehensive assessment of various vulnerability management vendors, ultimately selecting Rapid7 due to its ability to identify vulnerabilities across networks, operating systems, databases, web applications, and a wide range of system platforms. Rapid7 Nexpose provided the necessary vulnerability assessment scanning and monitoring capabilities to meet PCI data security standards and offered sound vulnerability management practices as part of a comprehensive security program.
About The Customer
Bob’s Stores, a retail company, was looking to enhance its security tools in 2008 to meet new PCI compliance standards. The company needed to comply with requirement 11 of the PCI DSS, which called for regular tests of security systems and processes through internal and external scans. Bob’s IT department, led by Nick Sorgio, Assistant Vice President and technology manager, was responsible for information security and oversaw a cross-functional IT team handling the entire technology infrastructure. The company faced significant pressure to quickly meet these compliance standards and protect customer data. Bob’s Stores conducted a thorough assessment of various vulnerability management vendors to find a suitable tool that would help them achieve compliance and ensure the security of their customer data.
The Solution
Bob’s Stores selected Rapid7 Nexpose for its vulnerability assessment scanning and monitoring capabilities, which met the required PCI data security standards. Nexpose provided comprehensive vulnerability management practices as part of a robust security program. The solution included audience-based PCI reporting, detailed step-by-step instructions for vulnerability remediation, and automated compliance. Working with Nexpose, Bob’s IT team quickly realized the potential of the tool. Nexpose fit into a time-saving process that required minimal changes or additional employee resources, allowing the IT team to scan and view all servers at once. Rapid7 also provided expert support to help the IT team understand PCI requirements and analyze scan results. This partnership allowed Bob’s Stores to prioritize compliance risks effectively. Beyond PCI compliance, Bob’s Stores recognized the value of comprehensive vulnerability management. They increased their Nexpose licenses by 50% to scan their entire environment and began using Metasploit for penetration testing to meet PCI requirements. The experience with Rapid7 Nexpose demonstrated that a strong vulnerability management program is the foundation of a successful security program.
Operational Impact
Quantitative Benefit
Related Case Studies.
Case Study
Improving Production Line Efficiency with Ethernet Micro RTU Controller
Moxa was asked to provide a connectivity solution for one of the world's leading cosmetics companies. This multinational corporation, with retail presence in 130 countries, 23 global braches, and over 66,000 employees, sought to improve the efficiency of their production process by migrating from manual monitoring to an automatic productivity monitoring system. The production line was being monitored by ABB Real-TPI, a factory information system that offers data collection and analysis to improve plant efficiency. Due to software limitations, the customer needed an OPC server and a corresponding I/O solution to collect data from additional sensor devices for the Real-TPI system. The goal is to enable the factory information system to more thoroughly collect data from every corner of the production line. This will improve its ability to measure Overall Equipment Effectiveness (OEE) and translate into increased production efficiencies. System Requirements • Instant status updates while still consuming minimal bandwidth to relieve strain on limited factory networks • Interoperable with ABB Real-TPI • Small form factor appropriate for deployment where space is scarce • Remote software management and configuration to simplify operations
Case Study
How Sirqul’s IoT Platform is Crafting Carrefour’s New In-Store Experiences
Carrefour Taiwan’s goal is to be completely digital by end of 2018. Out-dated manual methods for analysis and assumptions limited Carrefour’s ability to change the customer experience and were void of real-time decision-making capabilities. Rather than relying solely on sales data, assumptions, and disparate systems, Carrefour Taiwan’s CEO led an initiative to find a connected IoT solution that could give the team the ability to make real-time changes and more informed decisions. Prior to implementing, Carrefour struggled to address their conversion rates and did not have the proper insights into the customer decision-making process nor how to make an immediate impact without losing customer confidence.
Case Study
Digital Retail Security Solutions
Sennco wanted to help its retail customers increase sales and profits by developing an innovative alarm system as opposed to conventional connected alarms that are permanently tethered to display products. These traditional security systems were cumbersome and intrusive to the customer shopping experience. Additionally, they provided no useful data or analytics.
Case Study
Ensures Cold Milk in Your Supermarket
As of 2014, AK-Centralen has over 1,500 Danish supermarkets equipped, and utilizes 16 operators, and is open 24 hours a day, 365 days a year. AK-Centralen needed the ability to monitor the cooling alarms from around the country, 24 hours a day, 365 days a year. Each and every time the door to a milk cooler or a freezer does not close properly, an alarm goes off on a computer screen in a control building in southwestern Odense. This type of alarm will go off approximately 140,000 times per year, equating to roughly 400 alarms in a 24-hour period. Should an alarm go off, then there is only a limited amount of time to act before dairy products or frozen pizza must be disposed of, and this type of waste can quickly start to cost a supermarket a great deal of money.
Case Study
Supermarket Energy Savings
The client had previously deployed a one-meter-per-store monitoring program. Given the manner in which energy consumption changes with external temperature, hour of the day, day of week and month of year, a single meter solution lacked the ability to detect the difference between a true problem and a changing store environment. Most importantly, a single meter solution could never identify root cause of energy consumption changes. This approach never reduced the number of truck-rolls or man-hours required to find and resolve issues.