Rapid7 Case Studies Nebraska Public Power District Fights Phishing, Meets Compliance Requirements with Nexpose and Metasploit

Edit This Case Study Record

	Nebraska Public Power District Fights Phishing, Meets Compliance Requirements with Nexpose and Metasploit Rapid7

Nebraska Public Power District Fights Phishing, Meets Compliance Requirements with Nexpose and Metasploit

Rapid7

Technology Category	Cybersecurity & Privacy - Endpoint Security Cybersecurity & Privacy - Network Security Cybersecurity & Privacy - Security Compliance
Applicable Industries	Utilities
Applicable Functions	Business Operation Facility Management
Services	System Integration Training
Challenge	The Nebraska Public Power District (NPPD) faced a complex compliance situation due to various regulatory mandates, including NERC CIP standards, HIPAA, and specific cyber regulations for their nuclear facility. As a publicly powered state, Nebraska's electric utilities are owned by the public, adding another layer of complexity. NPPD needed to ensure robust cybersecurity measures across its 4,000 assets spread over 19 sites, while also addressing the increasing sophistication of phishing attacks. The organization aimed to improve its overall security posture and meet compliance requirements effectively. Read More
About Customer	Nebraska Public Power District (NPPD) is the largest electric utility in the state of Nebraska, providing electrical power to 86 of the 93 counties. As a vertically integrated utility, NPPD handles generation, transmission, distribution, and retail services. The organization is a political subdivision of the state, meaning it operates independently while adhering to state statutes. NPPD employs a mid-size team dedicated to cybersecurity, with additional support from IT personnel across various sites. The organization has been proactive in cybersecurity training and awareness, particularly in combating phishing attacks. Read More
Solution	NPPD has been a Rapid7 customer since 2009, utilizing Nexpose Enterprise Edition for vulnerability management and Metasploit Pro for penetration testing. The integration of these tools allowed NPPD to efficiently manage and remediate vulnerabilities across its assets. Nexpose provided an intuitive interface and clear remediation steps, making it easy for administrators to perform scans and address vulnerabilities. Metasploit Pro enabled NPPD to conduct phishing exercises and assess user vulnerability, enhancing their overall security posture. The combination of these tools helped NPPD meet compliance requirements and improve cybersecurity awareness among employees. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Endpoint Security

Cybersecurity & Privacy - Network Security

Cybersecurity & Privacy - Security Compliance

Applicable Industries

Utilities

Applicable Functions

Business Operation

Facility Management

Services

System Integration

Training

Challenge

The Nebraska Public Power District (NPPD) faced a complex compliance situation due to various regulatory mandates, including NERC CIP standards, HIPAA, and specific cyber regulations for their nuclear facility. As a publicly powered state, Nebraska's electric utilities are owned by the public, adding another layer of complexity. NPPD needed to ensure robust cybersecurity measures across its 4,000 assets spread over 19 sites, while also addressing the increasing sophistication of phishing attacks. The organization aimed to improve its overall security posture and meet compliance requirements effectively.

About Customer

Nebraska Public Power District (NPPD) is the largest electric utility in the state of Nebraska, providing electrical power to 86 of the 93 counties. As a vertically integrated utility, NPPD handles generation, transmission, distribution, and retail services. The organization is a political subdivision of the state, meaning it operates independently while adhering to state statutes. NPPD employs a mid-size team dedicated to cybersecurity, with additional support from IT personnel across various sites. The organization has been proactive in cybersecurity training and awareness, particularly in combating phishing attacks.

Solution

NPPD has been a Rapid7 customer since 2009, utilizing Nexpose Enterprise Edition for vulnerability management and Metasploit Pro for penetration testing. The integration of these tools allowed NPPD to efficiently manage and remediate vulnerabilities across its assets. Nexpose provided an intuitive interface and clear remediation steps, making it easy for administrators to perform scans and address vulnerabilities. Metasploit Pro enabled NPPD to conduct phishing exercises and assess user vulnerability, enhancing their overall security posture. The combination of these tools helped NPPD meet compliance requirements and improve cybersecurity awareness among employees.

Impact #1	NPPD's use of Nexpose and Metasploit has significantly improved their ability to manage and remediate vulnerabilities across their assets.
Impact #2	The intuitive interface and clear remediation steps of Nexpose made it easy for administrators to perform scans and address issues.
Impact #3	Metasploit Pro enabled NPPD to conduct effective phishing exercises, enhancing employee awareness and reducing user vulnerability.

Impact #1

NPPD's use of Nexpose and Metasploit has significantly improved their ability to manage and remediate vulnerabilities across their assets.

Impact #2

The intuitive interface and clear remediation steps of Nexpose made it easy for administrators to perform scans and address issues.

Impact #3

Metasploit Pro enabled NPPD to conduct effective phishing exercises, enhancing employee awareness and reducing user vulnerability.

Benefit #1	45-55% increase in systems meeting goal threshold.
Benefit #2	Initially, only 25% of systems met the security threshold goal; now, 70-80% of systems meet the goal regularly.

Benefit #1

45-55% increase in systems meeting goal threshold.

Benefit #2

Initially, only 25% of systems met the security threshold goal; now, 70-80% of systems meet the goal regularly.

Download PDF Version

Overview

Nebraska Public Power District Fights Phishing, Meets Compliance Requirements with Nexpose and Metasploit

Operational Impact

Quantitative Benefit