Rapid7 Case Studies MCPHS University Saves Time and Effort with Nexpose

Edit This Case Study Record

	MCPHS University Saves Time and Effort with Nexpose Rapid7

MCPHS University Saves Time and Effort with Nexpose

Rapid7

Technology Category	Cybersecurity & Privacy - Security Compliance
Applicable Industries	Education
Applicable Functions	Business Operation Facility Management
Services	System Integration Training
Challenge	When Allen Basey joined MCPHS University over two and a half years ago, he was tasked with developing new security procedures and policies, including comprehensive vulnerability scanning. As the sole person dedicated to maintaining security, he needed to improve the University's overall security posture without being overburdened. Initially, he opted for Tenable's Nessus due to its low cost, but found it required manual scans and lacked critical context for prioritizing vulnerabilities. This made it difficult to get IT support teams to take action, and researching how to patch vulnerabilities consumed valuable time, leading to crucial patches being neglected. Read More
About Customer	MCPHS University, one of the oldest universities in Boston, Massachusetts, has a rich legacy of providing valuable education in medical sciences. The university operates three physical campuses in New England—Boston, MA; Worcester, MA; and Manchester, NH—alongside an online campus. Allen Basey, the Senior Security Analyst, manages security for all campuses from his office in Manchester. His responsibilities include ensuring compliance with standards like HIPAA/HITECH, FERPA, and Mass 201 CMR 17, securing sensitive data, and monitoring security controls to minimize incidents and risks while maintaining high efficiency. Read More
Solution	Allen realized that Nessus's low upfront cost did not outweigh the inconvenience of manual operations. He needed a solution that offered automated reporting and prioritization to reduce overhead and manpower requirements. After being initially turned down by his CIO, Allen built a comprehensive business case for Rapid7 Nexpose. He identified key needs such as compliance with security standards, automatic periodic scans, ad hoc scans for new equipment, and easy vulnerability prioritization. By mapping out the manual steps required to emulate Nexpose's automated capabilities, he successfully convinced the CIO to make the switch. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Security Compliance

Applicable Industries

Education

Applicable Functions

Business Operation

Facility Management

Services

System Integration

Training

Challenge

When Allen Basey joined MCPHS University over two and a half years ago, he was tasked with developing new security procedures and policies, including comprehensive vulnerability scanning. As the sole person dedicated to maintaining security, he needed to improve the University's overall security posture without being overburdened. Initially, he opted for Tenable's Nessus due to its low cost, but found it required manual scans and lacked critical context for prioritizing vulnerabilities. This made it difficult to get IT support teams to take action, and researching how to patch vulnerabilities consumed valuable time, leading to crucial patches being neglected.

About Customer

MCPHS University, one of the oldest universities in Boston, Massachusetts, has a rich legacy of providing valuable education in medical sciences. The university operates three physical campuses in New England—Boston, MA; Worcester, MA; and Manchester, NH—alongside an online campus. Allen Basey, the Senior Security Analyst, manages security for all campuses from his office in Manchester. His responsibilities include ensuring compliance with standards like HIPAA/HITECH, FERPA, and Mass 201 CMR 17, securing sensitive data, and monitoring security controls to minimize incidents and risks while maintaining high efficiency.

Solution

Allen realized that Nessus's low upfront cost did not outweigh the inconvenience of manual operations. He needed a solution that offered automated reporting and prioritization to reduce overhead and manpower requirements. After being initially turned down by his CIO, Allen built a comprehensive business case for Rapid7 Nexpose. He identified key needs such as compliance with security standards, automatic periodic scans, ad hoc scans for new equipment, and easy vulnerability prioritization. By mapping out the manual steps required to emulate Nexpose's automated capabilities, he successfully convinced the CIO to make the switch.

Impact #1	With Rapid7 Nexpose, Allen benefited from automated capabilities, which had a cascading effect on other teams as well. The system support group saved hours of work in researching and completing patches.
Impact #2	Nexpose continuously discovers assets, including virtual ones, and prioritizes discovered vulnerabilities, making it easier for Allen to request key fixes from the system support groups.
Impact #3	Allen has had positive interactions with Rapid7 staff and support, who have been proactive and professional in assisting him.

Impact #1

With Rapid7 Nexpose, Allen benefited from automated capabilities, which had a cascading effect on other teams as well. The system support group saved hours of work in researching and completing patches.

Impact #2

Nexpose continuously discovers assets, including virtual ones, and prioritizes discovered vulnerabilities, making it easier for Allen to request key fixes from the system support groups.

Impact #3

Allen has had positive interactions with Rapid7 staff and support, who have been proactive and professional in assisting him.

Download PDF Version

Overview

MCPHS University Saves Time and Effort with Nexpose

Operational Impact