下载PDF
Rapid7 > 实例探究 > Nexpose Identifies Vulnerabilities, Assists Remediation at LoneStar College System
Rapid7 Logo

Nexpose Identifies Vulnerabilities, Assists Remediation at LoneStar College System

技术
  • 网络安全和隐私 - 安全合规
  • 网络安全和隐私 - 应用安全
  • 网络安全和隐私 - 网络安全
适用行业
  • 教育
适用功能
  • 商业运营
  • 设施管理
用例
  • 监管合规监控
服务
  • 系统集成
  • 培训
挑战
Before 2008, LSCS supported separate campus IT operations at each of its five campuses with distributed IT support services. Then a new CIO joined the college, and within a month, the Lone Star College System had completely centralized its IT services to support a new vision. Associate Vice Chancellor of Technology Services Link Alander explains, “Through that process we had a series of changes and challenges that had to be achieved to improve reliability and security.” While the college had so far avoided any significant security incident or data breach, it understood the need for a proactive security posture that would maintain user trust. It also needed tools to help prove compliance with regulations such as the Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), and other regulations. The LSCS security initiatives are part of 11 strategic technology initiatives, incorporated into the overall LSCS strategic plan for 2009 through 2011. One of its primary security goals is to use ISO 27000 standards as a framework.
关于客户
The LoneStar College System is a thriving community college system serving over 90,000 credit and continuing education students per semester. It offers a broad variety of academic and vocational programs on five campuses and 10 instructional outreach centers located in the North Houston, Texas metropolitan area. Like most educational institutions, the IT infrastructure at LSCS supports a wide variety of end-user devices, operating systems, and applications. The college system’s Office of Technology Services (OTS) support two main datacenters and fourteen campus datacenters with over 900 physical and virtual servers supported. The college system has an extensive Wintel and Linux server environment and a robust voice/video/data network environment. Students, faculty, and staff can access IT services from anywhere through the wireless network. Such an open computing environment is inherently difficult to protect from breaches, disruptions, and intrusions.
解决方案
After the fourth assessment, an account manager from Rapid7 contacted the LSCS team, who agreed to evaluate Rapid7 Nexpose Enterprise Edition, a vulnerability assessment, policy compliance, and remediation management solution. Deployable as software or as an appliance, Rapid7 Nexpose scans for vulnerabilities and performs checks across Web applications, databases, networks, operating systems, and other software products. It locates and identifies threats, assesses their risk to the environment, and offers step-by-step remediation plans. Nexpose ended the team’s frustrations. “Our initial review of Nexpose matured very quickly,” says Alander. “We put in the demo set and saw immediate results with it. From there, we integrated Nexpose as part of our security strategy. It’s shown us things that we’ve never seen before. Out of all the reports we saw before Nexpose, the tool showed us so many more vulnerabilities that were easy to close and fix.” During deployment, the LSCS team hired three temporary technicians to help remediate the long list of vulnerabilities discovered by Rapid7 Nexpose Enterprise Edition. Two weeks after deployment, the systems administrators met to discuss procedures for getting the most value from the tool. The team had had no formal training for the tool, yet Alander says, “It didn’t take any time at all to find out exactly how it fit into the organization, how we would utilize it, and how we would manage it going forward.”
运营影响
  • Nexpose began delivering value to LSCS immediately, delivering measurable results in employee productivity and security within just a month. Nexpose automatically scans all fourteen datacenters and the network core every weekend, generating reports that Alander, the systems administrators, and the executive OTS management team review every Monday. Remediation tasks are prioritized and delegated. The software provides easy-to-follow remediation instructions, and Nexpose reports inform Alander that his staff has followed up on each task. The reports also assist LSCS with proving regulatory compliance.
  • In complex IT environments, explains Alander, “Typically, major security fixes require senior-level network and systems administrators. What we’ve found with Nexpose is that the information provided on the risk, and how to fix it, is so clear that any systems administrator can take action without causing other damage to the system.” And, “the tool provides clear remediation tasks and is easy to use to secure our environment,” states Allen Sweeney, Senior Systems Administrator at LSCS.
  • Alander says his team is evaluating integration of Nexpose through its extensible, XML-based API into the emerging security infrastructure at LSCS, including helpdesk, software patch management, and other datacenter management systems. The team may also use Nexpose to scan (and remediate) workstations and other user devices. Alander views the capabilities of Nexpose as foundational to the college’s efforts to attain ISO 27000 compliance.
数量效益
  • Serving over 90,000 credit and continuing education students per semester.
  • Supports over 900 physical and virtual servers.
  • Nexpose scans all fourteen datacenters and the network core weekly.

相关案例.

联系我们

欢迎与我们交流!

* Required
* Required
* Required
* Invalid email address
提交此表单,即表示您同意 IoT ONE 可以与您联系并分享洞察和营销信息。
不,谢谢,我不想收到来自 IoT ONE 的任何营销电子邮件。
提交

Thank you for your message!
We will contact you soon.