Rapid7 Case Studies Stein Mart relies upon Rapid7 Nexpose Enterprise Edition to scan its IT infrastructure for vulnerabilities

Edit This Case Study Record

	Stein Mart relies upon Rapid7 Nexpose Enterprise Edition to scan its IT infrastructure for vulnerabilities Rapid7

Stein Mart relies upon Rapid7 Nexpose Enterprise Edition to scan its IT infrastructure for vulnerabilities

Rapid7

Technology Category	Cybersecurity & Privacy - Network Security Cybersecurity & Privacy - Security Compliance
Applicable Industries	Retail
Applicable Functions	Business Operation
Use Cases	Remote Asset Management
Services	Cybersecurity Services System Integration
Challenge	As Stein Mart extended its IT infrastructure, it developed a security framework to protect it. But it lacked a comprehensive system for scanning and analyzing its security posture. The IT security team initially experimented with freeware that gathered and consolidated security data. However, the biggest problem was taking all the consolidated data and doing something with it. Stein Mart needed a better way to analyze the data, so that they could understand the risks and vulnerabilities in their current security posture and remediate them. Along with Security Audit Analyst Ambar Batista, Beckworth determined that Stein Mart needed an easy-to-use vulnerability and analysis solution with capabilities such as scanning, consolidating, and analyzing data across a multivendor, multiplatform IT infrastructure, scheduling scans on a regular basis, creating comprehensive reports that rank specific risks and vulnerabilities by criticality, suggesting remediation steps, interacting with an existing third-party trouble-ticketing system, and supporting remote scanning at every store. Read More
About Customer	Headquartered in Jacksonville, Florida, Stein Mart is a nationwide retailer of fashion merchandise, with service and presentation of a better department or specialty store, at prices up to 60 percent below department store prices. With more than 260 U.S. stores in 30 states, Stein Mart’s assortment of merchandise features current-season, moderate-to-better fashion apparel for women and men, along with accessories, shoes, and home fashions. As a retailer, Stein Mart must comply with the Payment Card Industry Data Security Standard (PCI DSS) to protect financial transactions on its store and corporate servers and Web site. A data breach would trigger an expensive PCI audit and fines, and importantly would also compromise customer trust and damage its reputation, possibly impacting future sales. Read More
Solution	After evaluating vulnerability scanning products from several vendors, Beckworth and Batista chose Rapid7 Nexpose Enterprise Edition software. It can be configured to automatically scan for vulnerabilities and perform checks across Web applications, databases, networks, server operating systems, and other software products. It locates and identifies threats, assesses and ranks their risk to the environment, and offers step-by-step remediation plans. It has a PCI template to track vulnerabilities specific to compliance. It supports remote scanning and offers an API for integration with other IT management systems such as a ticketing system. Currently, Stein Mart uses Nexpose to scan network devices, data center servers, and Web applications. The transition to Nexpose produced the results that were needed right away. It’s easy to run the scans and reports, making it a user-friendly solution for the IT security team. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Network Security

Cybersecurity & Privacy - Security Compliance

Applicable Industries

Retail

Applicable Functions

Business Operation

Use Cases

Remote Asset Management

Services

Cybersecurity Services

System Integration

Challenge

As Stein Mart extended its IT infrastructure, it developed a security framework to protect it. But it lacked a comprehensive system for scanning and analyzing its security posture. The IT security team initially experimented with freeware that gathered and consolidated security data. However, the biggest problem was taking all the consolidated data and doing something with it. Stein Mart needed a better way to analyze the data, so that they could understand the risks and vulnerabilities in their current security posture and remediate them. Along with Security Audit Analyst Ambar Batista, Beckworth determined that Stein Mart needed an easy-to-use vulnerability and analysis solution with capabilities such as scanning, consolidating, and analyzing data across a multivendor, multiplatform IT infrastructure, scheduling scans on a regular basis, creating comprehensive reports that rank specific risks and vulnerabilities by criticality, suggesting remediation steps, interacting with an existing third-party trouble-ticketing system, and supporting remote scanning at every store.

About Customer

Headquartered in Jacksonville, Florida, Stein Mart is a nationwide retailer of fashion merchandise, with service and presentation of a better department or specialty store, at prices up to 60 percent below department store prices. With more than 260 U.S. stores in 30 states, Stein Mart’s assortment of merchandise features current-season, moderate-to-better fashion apparel for women and men, along with accessories, shoes, and home fashions. As a retailer, Stein Mart must comply with the Payment Card Industry Data Security Standard (PCI DSS) to protect financial transactions on its store and corporate servers and Web site. A data breach would trigger an expensive PCI audit and fines, and importantly would also compromise customer trust and damage its reputation, possibly impacting future sales.

Solution

After evaluating vulnerability scanning products from several vendors, Beckworth and Batista chose Rapid7 Nexpose Enterprise Edition software. It can be configured to automatically scan for vulnerabilities and perform checks across Web applications, databases, networks, server operating systems, and other software products. It locates and identifies threats, assesses and ranks their risk to the environment, and offers step-by-step remediation plans. It has a PCI template to track vulnerabilities specific to compliance. It supports remote scanning and offers an API for integration with other IT management systems such as a ticketing system. Currently, Stein Mart uses Nexpose to scan network devices, data center servers, and Web applications. The transition to Nexpose produced the results that were needed right away. It’s easy to run the scans and reports, making it a user-friendly solution for the IT security team.

Impact #1	Batista uses information in Nexpose reports to address risks with server managers and network administrators. If a critical or urgent vulnerability is found, it is resolved as soon as possible. The links in the report enable research prior to presenting it to the team, assisting in understanding the vulnerability and pursuing resolution.
Impact #2	The use of Rapid7 Nexpose has positively impacted the performance of the entire IT staff, fostering more team involvement and accountability. It has made it easier to get buy-in from all teams, improving relationships and speeding up task completion.
Impact #3	The Security team uses Nexpose to pre-scan new data center and Web servers before they go online, improving the patching process such as scheduling the testing and application of server OS patches from Microsoft.

Impact #1

Batista uses information in Nexpose reports to address risks with server managers and network administrators. If a critical or urgent vulnerability is found, it is resolved as soon as possible. The links in the report enable research prior to presenting it to the team, assisting in understanding the vulnerability and pursuing resolution.

Impact #2

The use of Rapid7 Nexpose has positively impacted the performance of the entire IT staff, fostering more team involvement and accountability. It has made it easier to get buy-in from all teams, improving relationships and speeding up task completion.

Impact #3

The Security team uses Nexpose to pre-scan new data center and Web servers before they go online, improving the patching process such as scheduling the testing and application of server OS patches from Microsoft.

Benefit #1	Stein Mart operates more than 260 stores in 30 states.
Benefit #2	The company achieved up to 60 percent savings on department store prices.

Benefit #1

Stein Mart operates more than 260 stores in 30 states.

Benefit #2

The company achieved up to 60 percent savings on department store prices.

Download PDF Version

Overview

Stein Mart relies upon Rapid7 Nexpose Enterprise Edition to scan its IT infrastructure for vulnerabilities

Operational Impact

Quantitative Benefit