下载PDF

Rapid7 > 实例探究 > Stein Mart relies upon Rapid7 Nexpose Enterprise Edition to scan its IT infrastructure for vulnerabilities

Stein Mart relies upon Rapid7 Nexpose Enterprise Edition to scan its IT infrastructure for vulnerabilities

技术

网络安全和隐私 - 网络安全
网络安全和隐私 - 安全合规

适用行业

零售

适用功能

商业运营

用例

远程资产管理

服务

网络安全服务
系统集成

挑战

As Stein Mart extended its IT infrastructure, it developed a security framework to protect it. But it lacked a comprehensive system for scanning and analyzing its security posture. The IT security team initially experimented with freeware that gathered and consolidated security data. However, the biggest problem was taking all the consolidated data and doing something with it. Stein Mart needed a better way to analyze the data, so that they could understand the risks and vulnerabilities in their current security posture and remediate them. Along with Security Audit Analyst Ambar Batista, Beckworth determined that Stein Mart needed an easy-to-use vulnerability and analysis solution with capabilities such as scanning, consolidating, and analyzing data across a multivendor, multiplatform IT infrastructure, scheduling scans on a regular basis, creating comprehensive reports that rank specific risks and vulnerabilities by criticality, suggesting remediation steps, interacting with an existing third-party trouble-ticketing system, and supporting remote scanning at every store.

关于客户

Headquartered in Jacksonville, Florida, Stein Mart is a nationwide retailer of fashion merchandise, with service and presentation of a better department or specialty store, at prices up to 60 percent below department store prices. With more than 260 U.S. stores in 30 states, Stein Mart’s assortment of merchandise features current-season, moderate-to-better fashion apparel for women and men, along with accessories, shoes, and home fashions. As a retailer, Stein Mart must comply with the Payment Card Industry Data Security Standard (PCI DSS) to protect financial transactions on its store and corporate servers and Web site. A data breach would trigger an expensive PCI audit and fines, and importantly would also compromise customer trust and damage its reputation, possibly impacting future sales.

解决方案

After evaluating vulnerability scanning products from several vendors, Beckworth and Batista chose Rapid7 Nexpose Enterprise Edition software. It can be configured to automatically scan for vulnerabilities and perform checks across Web applications, databases, networks, server operating systems, and other software products. It locates and identifies threats, assesses and ranks their risk to the environment, and offers step-by-step remediation plans. It has a PCI template to track vulnerabilities specific to compliance. It supports remote scanning and offers an API for integration with other IT management systems such as a ticketing system. Currently, Stein Mart uses Nexpose to scan network devices, data center servers, and Web applications. The transition to Nexpose produced the results that were needed right away. It’s easy to run the scans and reports, making it a user-friendly solution for the IT security team.

运营影响

Batista uses information in Nexpose reports to address risks with server managers and network administrators. If a critical or urgent vulnerability is found, it is resolved as soon as possible. The links in the report enable research prior to presenting it to the team, assisting in understanding the vulnerability and pursuing resolution.
The use of Rapid7 Nexpose has positively impacted the performance of the entire IT staff, fostering more team involvement and accountability. It has made it easier to get buy-in from all teams, improving relationships and speeding up task completion.
The Security team uses Nexpose to pre-scan new data center and Web servers before they go online, improving the patching process such as scheduling the testing and application of server OS patches from Microsoft.

数量效益