Rapid7 Case Studies Leveraging Dynamic Asset Groups in Rapid7 Nexpose

Edit This Case Study Record

	Leveraging Dynamic Asset Groups in Rapid7 Nexpose Rapid7

Leveraging Dynamic Asset Groups in Rapid7 Nexpose

Rapid7

Technology Category	Cybersecurity & Privacy - Security Compliance Cybersecurity & Privacy - Network Security
Applicable Industries	Utilities
Applicable Functions	Business Operation Maintenance
Use Cases	Predictive Maintenance Intrusion Detection Systems Remote Asset Management
Services	System Integration Training
Challenge	Identifying how many servers and systems were affected by Heartbleed and other OpenSSL vulnerabilities without having to scan every server manually. PNM Resources needed a way to quickly and accurately identify vulnerabilities across their extensive network of servers and systems. The manual process of scanning each server individually was time-consuming and inefficient, especially during critical incidents like Heartbleed. The challenge was to find a solution that could provide rapid, accurate, and comprehensive visibility into the security status of their assets, enabling timely remediation and risk reduction. Read More
About Customer	PNM Resources is an energy company that relies heavily on robust cybersecurity measures to protect its infrastructure. The company employs security analysts like Bruce, who use advanced tools to manage and mitigate vulnerabilities across their network. Bruce has extensive experience in vulnerability management, having previously worked for a government contractor where he first reviewed Rapid7 Nexpose. At PNM Resources, Bruce is responsible for conducting regular scans of all servers and addressing any identified issues. The company places a high priority on maintaining up-to-date security patches and software updates to minimize risks and ensure the integrity of their systems. PNM Resources' commitment to cybersecurity is evident in their proactive approach to identifying and mitigating vulnerabilities, as well as their reliance on advanced tools like Rapid7 Nexpose to achieve these goals. Read More
Solution	PNM Resources implemented Rapid7 Nexpose Enterprise, leveraging its Dynamic Asset Groups feature to streamline the process of identifying vulnerabilities. This solution allowed Bruce to quickly find relevant information for OpenSSL vulnerabilities, such as Heartbleed, in minutes instead of days. By using Dynamic Asset Groups paired with authenticated scans, Bruce could gain clear visibility into the security status of their assets and create a roadmap for remediation. The solution provided a significant time-saving advantage, enabling Bruce to use CVE IDs to quickly locate vulnerable assets without manually scanning each server. This approach not only improved efficiency but also enhanced the accuracy of vulnerability identification. Additionally, Nexpose's ability to conduct authenticated scans provided detailed data on the network, revealing hidden risks and enabling targeted remediation efforts. The solution also supported PNM Resources' patch management practices by identifying missing third-party patches and providing actionable insights to lower the organization's overall risk score. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Security Compliance

Cybersecurity & Privacy - Network Security

Applicable Industries

Utilities

Applicable Functions

Business Operation

Maintenance

Use Cases

Predictive Maintenance

Intrusion Detection Systems

Remote Asset Management

Services

System Integration

Training

Challenge

Identifying how many servers and systems were affected by Heartbleed and other OpenSSL vulnerabilities without having to scan every server manually. PNM Resources needed a way to quickly and accurately identify vulnerabilities across their extensive network of servers and systems. The manual process of scanning each server individually was time-consuming and inefficient, especially during critical incidents like Heartbleed. The challenge was to find a solution that could provide rapid, accurate, and comprehensive visibility into the security status of their assets, enabling timely remediation and risk reduction.

About Customer

PNM Resources is an energy company that relies heavily on robust cybersecurity measures to protect its infrastructure. The company employs security analysts like Bruce, who use advanced tools to manage and mitigate vulnerabilities across their network. Bruce has extensive experience in vulnerability management, having previously worked for a government contractor where he first reviewed Rapid7 Nexpose. At PNM Resources, Bruce is responsible for conducting regular scans of all servers and addressing any identified issues. The company places a high priority on maintaining up-to-date security patches and software updates to minimize risks and ensure the integrity of their systems. PNM Resources' commitment to cybersecurity is evident in their proactive approach to identifying and mitigating vulnerabilities, as well as their reliance on advanced tools like Rapid7 Nexpose to achieve these goals.

Solution

PNM Resources implemented Rapid7 Nexpose Enterprise, leveraging its Dynamic Asset Groups feature to streamline the process of identifying vulnerabilities. This solution allowed Bruce to quickly find relevant information for OpenSSL vulnerabilities, such as Heartbleed, in minutes instead of days. By using Dynamic Asset Groups paired with authenticated scans, Bruce could gain clear visibility into the security status of their assets and create a roadmap for remediation. The solution provided a significant time-saving advantage, enabling Bruce to use CVE IDs to quickly locate vulnerable assets without manually scanning each server. This approach not only improved efficiency but also enhanced the accuracy of vulnerability identification. Additionally, Nexpose's ability to conduct authenticated scans provided detailed data on the network, revealing hidden risks and enabling targeted remediation efforts. The solution also supported PNM Resources' patch management practices by identifying missing third-party patches and providing actionable insights to lower the organization's overall risk score.

Impact #1	Dynamic Asset Groups in Rapid7 Nexpose allowed PNM Resources to quickly identify vulnerabilities based on user-defined criteria, significantly reducing the time required for vulnerability management.
Impact #2	Authenticated scans provided detailed visibility into the network, uncovering hidden risks and enabling targeted remediation efforts.
Impact #3	The solution supported proactive risk management by providing clear visibility into the security status of assets and creating a roadmap for remediation.

Impact #1

Dynamic Asset Groups in Rapid7 Nexpose allowed PNM Resources to quickly identify vulnerabilities based on user-defined criteria, significantly reducing the time required for vulnerability management.

Impact #2

Authenticated scans provided detailed visibility into the network, uncovering hidden risks and enabling targeted remediation efforts.

Impact #3

The solution supported proactive risk management by providing clear visibility into the security status of assets and creating a roadmap for remediation.

Benefit #1	Reduced time to identify vulnerabilities from days to minutes.
Benefit #2	Saved at least four days of manual scanning for 300 Linux servers during the Heartbleed incident.

Benefit #1

Reduced time to identify vulnerabilities from days to minutes.

Benefit #2

Saved at least four days of manual scanning for 300 Linux servers during the Heartbleed incident.

Download PDF Version

Overview

Leveraging Dynamic Asset Groups in Rapid7 Nexpose

Operational Impact

Quantitative Benefit