下载PDF
Rapid7 > 实例探究 > Essentia Health Reduces Risk with Nexpose and Metasploit
Rapid7 Logo

Essentia Health Reduces Risk with Nexpose and Metasploit

技术
  • 网络安全和隐私 - 网络安全
  • 网络安全和隐私 - 安全合规
适用行业
  • 医疗保健和医院
适用功能
  • 商业运营
  • 设施管理
用例
  • 入侵检测系统
  • 监管合规监控
  • 远程资产管理
服务
  • 系统集成
  • 测试与认证
挑战
Securing the Essentia Health network is a complex task due to its multi-billion dollar integrated health system that spans multiple states and roughly one hundred facilities in the Midwest. The network includes fifty thousand IPs, from facilities to medical device equipment. The security team must locate and resolve high-risk vulnerabilities to safeguard patient data and other critical information. Compliance with HIPAA, HITECH, and PCI DSS adds another layer of complexity. Despite compliance, security holes such as weak credentials and improper patches were prevalent. The team needed a solution to perform thorough testing against all active systems and demonstrate risk to secure necessary resources for a vulnerability management program.
关于客户
Essentia Health is a multi-billion dollar integrated health system that spans multiple states and roughly one hundred facilities in the Midwest. The organization includes a network of fifty thousand IPs, encompassing facilities and medical device equipment. Essentia Health is committed to safeguarding patient data and other critical information, ensuring compliance with industry standards such as HIPAA, HITECH, and PCI DSS. The security team at Essentia Health is dedicated to proactively scanning and addressing vulnerabilities to prevent potential exploitation by malicious attackers. The organization also maintains a steady cadence of medical record rollouts and acquisitions, necessitating robust security measures.
解决方案
Essentia Health's security team evaluated various Gartner market leaders and narrowed the options to Tenable, Core Security, and Rapid7. After an in-depth vendor evaluation, Rapid7 emerged as the standout, leading to the adoption of Rapid7 Nexpose Enterprise and Rapid7 Metasploit Pro. These tools enabled the team to validate risk and remediation effectively. The acquisition process became smoother, allowing the team to proactively identify and address potential issues before merging systems. The team gained detailed insights into medical device vulnerabilities and worked with manufacturers to find solutions. The ability to prioritize vulnerability reporting to the IT team improved efficiency, and cross-team collaboration increased with the deployment of Nexpose and Metasploit.
运营影响
  • The acquisition process is now much smoother from a network integration point of view, allowing the team to proactively identify and address potential issues before merging systems.
  • The team gained detailed insights into the risks associated with medical devices and took necessary actions, working with manufacturers to find solutions.
  • The ability to prioritize vulnerability reporting to the IT team improved efficiency, reducing the need for extensive reports on every system.
数量效益
  • 98.5% reduction in risk exposure after 8 months of using Metasploit and Nexpose.

相关案例.

联系我们

欢迎与我们交流!

* Required
* Required
* Required
* Invalid email address
提交此表单,即表示您同意 IoT ONE 可以与您联系并分享洞察和营销信息。
不,谢谢,我不想收到来自 IoT ONE 的任何营销电子邮件。
提交

Thank you for your message!
We will contact you soon.