Rapid7 Case Studies Securing a City: Corpus Christi Assesses, Prioritizes, and Monitors Threats

Edit This Case Study Record

	Securing a City: Corpus Christi Assesses, Prioritizes, and Monitors Threats Rapid7

Securing a City: Corpus Christi Assesses, Prioritizes, and Monitors Threats

Rapid7

Technology Category	Analytics & Modeling - Predictive Analytics Cybersecurity & Privacy - Endpoint Security Cybersecurity & Privacy - Network Security
Applicable Industries	Cities & Municipalities Security & Public Safety
Applicable Functions	Business Operation Facility Management
Use Cases	Intrusion Detection Systems Remote Asset Management
Services	System Integration Training
Challenge	Bob Jones, the Information Security Manager for the City of Corpus Christi, Texas, faced the challenge of increasing security awareness across the organization and detecting and investigating attacks more easily. The city’s infrastructure is unique, akin to about 30 separate SMBs operating under a larger parent company, each with different requirements and compliance regulations. Bob's role was multifaceted, involving duties of an analyst, engineer, and penetration tester. He had to change an embedded culture and establish credibility with the CIO and IT Director. The primary challenge was the lack of visibility into assets on the Corpus Christi network, making it difficult to accurately qualify or quantify the level of risk. Bob needed to prioritize remediation to add value and avoid placing a greater burden on the business. Read More
About Customer	The City of Corpus Christi, Texas, employs roughly 3,500 people and operates a unique infrastructure that includes various departments such as HR, IT, water, and police. Bob Jones, the Information Security Manager, was tasked with building a comprehensive security program from scratch. The city’s infrastructure is complex, resembling about 30 separate SMBs under a larger parent company, each with different requirements and compliance regulations. Bob's role involves identifying risks, providing recommendations, and performing duties of an analyst, engineer, and penetration tester. His mission includes promoting internal education and awareness about security risks, establishing credibility with senior management, and ensuring tight alignment between security and IT teams. Read More
Solution	Bob Jones implemented Rapid7’s suite of security solutions, including Nexpose, Metasploit, and InsightUBA, to mitigate risks across all of Corpus Christi’s assets. Nexpose was chosen for its comprehensive reporting features and ability to enumerate software installed on vulnerable machines, saving significant time. The relationship with Rapid7 deepened over time, leading to the purchase of Metasploit Pro, which offered automation and closed-loop vulnerability validation features. This allowed Bob to demonstrate real risks and motivate action. InsightUBA was later added to detect and investigate attacks targeted at users, providing actionable information about threats and simplifying the discovery of risky user behavior. The tool proved invaluable in detecting multiple-location VPN logins and other potential threats, allowing Bob to investigate and respond quickly. Read More Log in to view content
Contents

Technology Category

Analytics & Modeling - Predictive Analytics

Cybersecurity & Privacy - Endpoint Security

Cybersecurity & Privacy - Network Security

Applicable Industries

Cities & Municipalities

Security & Public Safety

Applicable Functions

Business Operation

Facility Management

Use Cases

Intrusion Detection Systems

Remote Asset Management

Services

System Integration

Training

Challenge

Bob Jones, the Information Security Manager for the City of Corpus Christi, Texas, faced the challenge of increasing security awareness across the organization and detecting and investigating attacks more easily. The city’s infrastructure is unique, akin to about 30 separate SMBs operating under a larger parent company, each with different requirements and compliance regulations. Bob's role was multifaceted, involving duties of an analyst, engineer, and penetration tester. He had to change an embedded culture and establish credibility with the CIO and IT Director. The primary challenge was the lack of visibility into assets on the Corpus Christi network, making it difficult to accurately qualify or quantify the level of risk. Bob needed to prioritize remediation to add value and avoid placing a greater burden on the business.

About Customer

The City of Corpus Christi, Texas, employs roughly 3,500 people and operates a unique infrastructure that includes various departments such as HR, IT, water, and police. Bob Jones, the Information Security Manager, was tasked with building a comprehensive security program from scratch. The city’s infrastructure is complex, resembling about 30 separate SMBs under a larger parent company, each with different requirements and compliance regulations. Bob's role involves identifying risks, providing recommendations, and performing duties of an analyst, engineer, and penetration tester. His mission includes promoting internal education and awareness about security risks, establishing credibility with senior management, and ensuring tight alignment between security and IT teams.

Solution

Bob Jones implemented Rapid7’s suite of security solutions, including Nexpose, Metasploit, and InsightUBA, to mitigate risks across all of Corpus Christi’s assets. Nexpose was chosen for its comprehensive reporting features and ability to enumerate software installed on vulnerable machines, saving significant time. The relationship with Rapid7 deepened over time, leading to the purchase of Metasploit Pro, which offered automation and closed-loop vulnerability validation features. This allowed Bob to demonstrate real risks and motivate action. InsightUBA was later added to detect and investigate attacks targeted at users, providing actionable information about threats and simplifying the discovery of risky user behavior. The tool proved invaluable in detecting multiple-location VPN logins and other potential threats, allowing Bob to investigate and respond quickly.

Impact #1	Nexpose provided comprehensive reporting features, saving significant time by enumerating software installed on vulnerable machines.
Impact #2	Metasploit Pro’s automation and closed-loop vulnerability validation features allowed Bob to demonstrate real risks and motivate action.
Impact #3	InsightUBA detected and investigated attacks targeted at users, providing actionable information about threats and simplifying the discovery of risky user behavior.

Impact #1

Nexpose provided comprehensive reporting features, saving significant time by enumerating software installed on vulnerable machines.

Impact #2

Metasploit Pro’s automation and closed-loop vulnerability validation features allowed Bob to demonstrate real risks and motivate action.

Impact #3

InsightUBA detected and investigated attacks targeted at users, providing actionable information about threats and simplifying the discovery of risky user behavior.

Benefit #1	Integrating Nexpose into operational procedures dropped the average of missing patches by about 75%.

Benefit #1

Integrating Nexpose into operational procedures dropped the average of missing patches by about 75%.

Download PDF Version

Overview

Securing a City: Corpus Christi Assesses, Prioritizes, and Monitors Threats

Operational Impact

Quantitative Benefit