Rapid7 Case Studies Rapid7 Nexpose Helps to Protect Huge IT Infrastructure at Virginia Tech

Edit This Case Study Record

	Rapid7 Nexpose Helps to Protect Huge IT Infrastructure at Virginia Tech Rapid7

Rapid7 Nexpose Helps to Protect Huge IT Infrastructure at Virginia Tech

Rapid7

Technology Category	Cybersecurity & Privacy - Network Security Cybersecurity & Privacy - Security Compliance
Applicable Industries	Education
Applicable Functions	Business Operation
Services	System Integration Training
Challenge	In a large university like Virginia Tech, IT security is a major issue. The Office of IT Security conducted a self-assessment of their compliance with the PCI standards and found they needed a commercial scanner with capabilities beyond Nessus. Read More
About Customer	Virginia Tech has long been at the forefront of information technology. The campus has been fully networked since the early 80s, and more than 15 years ago, the school, in collaboration with what was then Bell Atlantic – now Verizon – and the Town of Blacksburg spearheaded the development of the Blacksburg Electronic Village. This project represented the first attempt anywhere in the country to make the vast resources of the Internet available to everyone throughout a university community. Because of the University’s vast size and scope, IT security is a major issue at Virginia Tech. One indication of its importance is that the University’s vice president for IT reports directly to the school’s president. A key element within Virginia Tech’s IT department is the Office of IT Security, which has three components: Awareness, Training, and Policies; Identity Management; and the IT Security Lab. Randy Marchany is director of that lab, and Brad Tilley is an IT security analyst there. Marchany describes the lab in this way, “It is a product testing facility, an academic research facility, and an operational center for security functions within Virginia Tech.” Read More
Solution	Virginia Tech began using Nexpose to scan all of their assets– servers, web applications, networks, and databases. They found Rapid7’s product and tech support to be tremendously helpful in securing their large network. Tilley remembers the research that preceded their decision. “We had been using Nessus for several years as an inexpensive and easy vulnerability scanner,” he says. “We set up a scan website that uses Nessus as its backend, and we started looking for a commercial scanner that could go beyond the capabilities that Nessus offered, which was how we found out about Rapid7 Nexpose. Now, we use Nexpose to scan everything – servers, Web applications, networks, databases.” One of the guiding principles of the Security Office is “All Security is Local,” and they try to disseminate this philosophy throughout the University. Marchany says, “We were seeking a tool that enabled us to monitor systems from a central standpoint, but one that would also give local system administrators throughout the school the ability to scan their own systems whenever they wished.” The role-based access feature of Rapid7 Nexpose helps the Security Office to do just that. Role-based access enables the security staff to allow an administrator to access the scanner and use it without interfering with anyone else who may be doing the same thing. As Marchany says, “This capability gives system administrators around campus a sense of empowerment. They say, ‘I can run a security scan whenever I need to, and I can review the results before the IT Security Office tells me I need to fix something.’ This functionality has helped them to be more pro-active, and it has helped us tremendously.” Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Network Security

Cybersecurity & Privacy - Security Compliance

Applicable Industries

Education

Applicable Functions

Business Operation

Services

System Integration

Training

Challenge

In a large university like Virginia Tech, IT security is a major issue. The Office of IT Security conducted a self-assessment of their compliance with the PCI standards and found they needed a commercial scanner with capabilities beyond Nessus.

About Customer

Virginia Tech has long been at the forefront of information technology. The campus has been fully networked since the early 80s, and more than 15 years ago, the school, in collaboration with what was then Bell Atlantic – now Verizon – and the Town of Blacksburg spearheaded the development of the Blacksburg Electronic Village. This project represented the first attempt anywhere in the country to make the vast resources of the Internet available to everyone throughout a university community. Because of the University’s vast size and scope, IT security is a major issue at Virginia Tech. One indication of its importance is that the University’s vice president for IT reports directly to the school’s president. A key element within Virginia Tech’s IT department is the Office of IT Security, which has three components: Awareness, Training, and Policies; Identity Management; and the IT Security Lab. Randy Marchany is director of that lab, and Brad Tilley is an IT security analyst there. Marchany describes the lab in this way, “It is a product testing facility, an academic research facility, and an operational center for security functions within Virginia Tech.”

Solution

Virginia Tech began using Nexpose to scan all of their assets– servers, web applications, networks, and databases. They found Rapid7’s product and tech support to be tremendously helpful in securing their large network. Tilley remembers the research that preceded their decision. “We had been using Nessus for several years as an inexpensive and easy vulnerability scanner,” he says. “We set up a scan website that uses Nessus as its backend, and we started looking for a commercial scanner that could go beyond the capabilities that Nessus offered, which was how we found out about Rapid7 Nexpose. Now, we use Nexpose to scan everything – servers, Web applications, networks, databases.” One of the guiding principles of the Security Office is “All Security is Local,” and they try to disseminate this philosophy throughout the University. Marchany says, “We were seeking a tool that enabled us to monitor systems from a central standpoint, but one that would also give local system administrators throughout the school the ability to scan their own systems whenever they wished.” The role-based access feature of Rapid7 Nexpose helps the Security Office to do just that. Role-based access enables the security staff to allow an administrator to access the scanner and use it without interfering with anyone else who may be doing the same thing. As Marchany says, “This capability gives system administrators around campus a sense of empowerment. They say, ‘I can run a security scan whenever I need to, and I can review the results before the IT Security Office tells me I need to fix something.’ This functionality has helped them to be more pro-active, and it has helped us tremendously.”

Impact #1	Better control of the network: With Nexpose, Virginia Tech gained more visibility and a greater ability to manage their vast network than they had with the free tool Nessus.
Impact #2	Large network scan capabilities: 32,000 Nodes scanned with Rapid7 Nexpose.
Impact #3	Great customer support: “They are very responsive and they know what they’re talking about... With Rapid7, the people you deal with are knowledgeable right up front.” said Brad Tilley, IT Security Analyst at Virginia Tech.

Impact #1

Better control of the network: With Nexpose, Virginia Tech gained more visibility and a greater ability to manage their vast network than they had with the free tool Nessus.

Impact #2

Large network scan capabilities: 32,000 Nodes scanned with Rapid7 Nexpose.

Impact #3

Great customer support: “They are very responsive and they know what they’re talking about... With Rapid7, the people you deal with are knowledgeable right up front.” said Brad Tilley, IT Security Analyst at Virginia Tech.

Benefit #1	32,000 nodes scanned with Rapid7 Nexpose.

Benefit #1

32,000 nodes scanned with Rapid7 Nexpose.

Download PDF Version

Overview

Rapid7 Nexpose Helps to Protect Huge IT Infrastructure at Virginia Tech

Operational Impact

Quantitative Benefit