下载PDF
Rapid7 > 实例探究 > Securing a City: Corpus Christi Assesses, Prioritizes, and Monitors Threats
Rapid7 Logo

Securing a City: Corpus Christi Assesses, Prioritizes, and Monitors Threats

技术
  • 网络安全和隐私 - 端点安全
  • 网络安全和隐私 - 网络安全
  • 分析与建模 - 预测分析
适用行业
  • 城市与自治市
  • 安全与公共安全
适用功能
  • 设施管理
  • 商业运营
用例
  • 入侵检测系统
  • 远程资产管理
服务
  • 系统集成
  • 培训
挑战
Bob Jones, the Information Security Manager for the City of Corpus Christi, Texas, faced the challenge of increasing security awareness across the organization and detecting and investigating attacks more easily. The city’s infrastructure is unique, akin to about 30 separate SMBs operating under a larger parent company, each with different requirements and compliance regulations. Bob's role was multifaceted, involving duties of an analyst, engineer, and penetration tester. He had to change an embedded culture and establish credibility with the CIO and IT Director. The primary challenge was the lack of visibility into assets on the Corpus Christi network, making it difficult to accurately qualify or quantify the level of risk. Bob needed to prioritize remediation to add value and avoid placing a greater burden on the business.
关于客户
The City of Corpus Christi, Texas, employs roughly 3,500 people and operates a unique infrastructure that includes various departments such as HR, IT, water, and police. Bob Jones, the Information Security Manager, was tasked with building a comprehensive security program from scratch. The city’s infrastructure is complex, resembling about 30 separate SMBs under a larger parent company, each with different requirements and compliance regulations. Bob's role involves identifying risks, providing recommendations, and performing duties of an analyst, engineer, and penetration tester. His mission includes promoting internal education and awareness about security risks, establishing credibility with senior management, and ensuring tight alignment between security and IT teams.
解决方案
Bob Jones implemented Rapid7’s suite of security solutions, including Nexpose, Metasploit, and InsightUBA, to mitigate risks across all of Corpus Christi’s assets. Nexpose was chosen for its comprehensive reporting features and ability to enumerate software installed on vulnerable machines, saving significant time. The relationship with Rapid7 deepened over time, leading to the purchase of Metasploit Pro, which offered automation and closed-loop vulnerability validation features. This allowed Bob to demonstrate real risks and motivate action. InsightUBA was later added to detect and investigate attacks targeted at users, providing actionable information about threats and simplifying the discovery of risky user behavior. The tool proved invaluable in detecting multiple-location VPN logins and other potential threats, allowing Bob to investigate and respond quickly.
运营影响
  • Nexpose provided comprehensive reporting features, saving significant time by enumerating software installed on vulnerable machines.
  • Metasploit Pro’s automation and closed-loop vulnerability validation features allowed Bob to demonstrate real risks and motivate action.
  • InsightUBA detected and investigated attacks targeted at users, providing actionable information about threats and simplifying the discovery of risky user behavior.
数量效益
  • Integrating Nexpose into operational procedures dropped the average of missing patches by about 75%.

相关案例.

联系我们

欢迎与我们交流!

* Required
* Required
* Required
* Invalid email address
提交此表单,即表示您同意 IoT ONE 可以与您联系并分享洞察和营销信息。
不,谢谢,我不想收到来自 IoT ONE 的任何营销电子邮件。
提交

Thank you for your message!
We will contact you soon.