Download PDF
Rapid7 > Case Studies > Securing a City: Corpus Christi Assesses, Prioritizes, and Monitors Threats
Rapid7 Logo

Securing a City: Corpus Christi Assesses, Prioritizes, and Monitors Threats

Technology Category
  • Cybersecurity & Privacy - Endpoint Security
  • Cybersecurity & Privacy - Network Security
  • Analytics & Modeling - Predictive Analytics
Applicable Industries
  • Cities & Municipalities
  • Security & Public Safety
Applicable Functions
  • Facility Management
  • Business Operation
Use Cases
  • Intrusion Detection Systems
  • Remote Asset Management
Services
  • System Integration
  • Training
The Challenge
Bob Jones, the Information Security Manager for the City of Corpus Christi, Texas, faced the challenge of increasing security awareness across the organization and detecting and investigating attacks more easily. The city’s infrastructure is unique, akin to about 30 separate SMBs operating under a larger parent company, each with different requirements and compliance regulations. Bob's role was multifaceted, involving duties of an analyst, engineer, and penetration tester. He had to change an embedded culture and establish credibility with the CIO and IT Director. The primary challenge was the lack of visibility into assets on the Corpus Christi network, making it difficult to accurately qualify or quantify the level of risk. Bob needed to prioritize remediation to add value and avoid placing a greater burden on the business.
About The Customer
The City of Corpus Christi, Texas, employs roughly 3,500 people and operates a unique infrastructure that includes various departments such as HR, IT, water, and police. Bob Jones, the Information Security Manager, was tasked with building a comprehensive security program from scratch. The city’s infrastructure is complex, resembling about 30 separate SMBs under a larger parent company, each with different requirements and compliance regulations. Bob's role involves identifying risks, providing recommendations, and performing duties of an analyst, engineer, and penetration tester. His mission includes promoting internal education and awareness about security risks, establishing credibility with senior management, and ensuring tight alignment between security and IT teams.
The Solution
Bob Jones implemented Rapid7’s suite of security solutions, including Nexpose, Metasploit, and InsightUBA, to mitigate risks across all of Corpus Christi’s assets. Nexpose was chosen for its comprehensive reporting features and ability to enumerate software installed on vulnerable machines, saving significant time. The relationship with Rapid7 deepened over time, leading to the purchase of Metasploit Pro, which offered automation and closed-loop vulnerability validation features. This allowed Bob to demonstrate real risks and motivate action. InsightUBA was later added to detect and investigate attacks targeted at users, providing actionable information about threats and simplifying the discovery of risky user behavior. The tool proved invaluable in detecting multiple-location VPN logins and other potential threats, allowing Bob to investigate and respond quickly.
Operational Impact
  • Nexpose provided comprehensive reporting features, saving significant time by enumerating software installed on vulnerable machines.
  • Metasploit Pro’s automation and closed-loop vulnerability validation features allowed Bob to demonstrate real risks and motivate action.
  • InsightUBA detected and investigated attacks targeted at users, providing actionable information about threats and simplifying the discovery of risky user behavior.
Quantitative Benefit
  • Integrating Nexpose into operational procedures dropped the average of missing patches by about 75%.

Related Case Studies.

Contact us

Let's talk!

* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.