Rapid7 > 实例探究 > Securing a City: Corpus Christi Assesses, Prioritizes, and Monitors Threats

Securing a City: Corpus Christi Assesses, Prioritizes, and Monitors Threats

公司规模

1,000+

地区

America

国家

United States

产品

InsightUBA
Nexpose
Metasploit

技术栈

Vulnerability Scanning
Penetration Testing
User Behavior Analytics

实施规模

Enterprise-wide Deployment

影响指标

Cost Savings
Customer Satisfaction
Employee Satisfaction
Productivity Improvements

技术

分析与建模 - 预测分析
网络安全和隐私 - 端点安全
网络安全和隐私 - 网络安全

适用行业

城市与自治市
安全与公共安全

适用功能

商业运营
设施管理

用例

入侵检测系统
远程资产管理

服务

系统集成
培训

关于客户

The City of Corpus Christi, Texas, employs roughly 3,500 people and operates a unique infrastructure that includes various departments such as HR, IT, water, and police. Bob Jones, the Information Security Manager, was tasked with building a comprehensive security program from scratch. The city’s infrastructure is complex, resembling about 30 separate SMBs under a larger parent company, each with different requirements and compliance regulations. Bob's role involves identifying risks, providing recommendations, and performing duties of an analyst, engineer, and penetration tester. His mission includes promoting internal education and awareness about security risks, establishing credibility with senior management, and ensuring tight alignment between security and IT teams.

登录后查看完整内容

挑战

Bob Jones, the Information Security Manager for the City of Corpus Christi, Texas, faced the challenge of increasing security awareness across the organization and detecting and investigating attacks more easily. The city’s infrastructure is unique, akin to about 30 separate SMBs operating under a larger parent company, each with different requirements and compliance regulations. Bob's role was multifaceted, involving duties of an analyst, engineer, and penetration tester. He had to change an embedded culture and establish credibility with the CIO and IT Director. The primary challenge was the lack of visibility into assets on the Corpus Christi network, making it difficult to accurately qualify or quantify the level of risk. Bob needed to prioritize remediation to add value and avoid placing a greater burden on the business.

登录后查看完整内容

解决方案

Bob Jones implemented Rapid7’s suite of security solutions, including Nexpose, Metasploit, and InsightUBA, to mitigate risks across all of Corpus Christi’s assets. Nexpose was chosen for its comprehensive reporting features and ability to enumerate software installed on vulnerable machines, saving significant time. The relationship with Rapid7 deepened over time, leading to the purchase of Metasploit Pro, which offered automation and closed-loop vulnerability validation features. This allowed Bob to demonstrate real risks and motivate action. InsightUBA was later added to detect and investigate attacks targeted at users, providing actionable information about threats and simplifying the discovery of risky user behavior. The tool proved invaluable in detecting multiple-location VPN logins and other potential threats, allowing Bob to investigate and respond quickly.

登录后查看完整内容

运营影响

Nexpose provided comprehensive reporting features, saving significant time by enumerating software installed on vulnerable machines.
Metasploit Pro’s automation and closed-loop vulnerability validation features allowed Bob to demonstrate real risks and motivate action.
InsightUBA detected and investigated attacks targeted at users, providing actionable information about threats and simplifying the discovery of risky user behavior.
The tools helped Bob establish credibility with senior management and align security efforts with IT teams, fostering a collaborative work environment.
Bob used Rapid7’s solutions to measure and improve endpoint security, track progress, and promote internal awareness to mitigate user risk.

登录后查看完整内容

数量效益