Virginia Tech, 6 Others Adopt Rapid7 Security Software

  • By Dian Schaffhauser
  • 03/13/09

Seven colleges and universities have gone public with their adoption of Rapid7 NeXpose security software. The University of Pennsylvania, Virginia Tech, Weill Cornell Medical College, University of Miami, Norwich University, Carnegie Mellon, and the University of Mary Washington are now leveraging NeXpose to locate, assess, and eliminate vulnerabilities across networks, Web applications, servers, and databases.

The University of Pennsylvania in Philadelphia, which consists of four undergraduate and 12 graduate and professional schools, runs a decentralized IT environment that requires its local department IT personnel to have the ability to scan their systems consistently, in addition to the periodic scans conducted by the central IT department of hosts and important systems during IT audit and security work. Rapid7 provides role-based administration, which enables a centrally based resource to broaden the use of NeXpose. As a result, departments can perform self-scans of critical systems and take action in response to vulnerabilities.

"Providing each department with the ability to run self-scans in addition to our work in central IT results in more frequent vulnerability scans," said Melissa Muth, senior information security analyst at Penn. "And, since NeXpose tests each vulnerability to reduce false positives, our results are also more accurate. Combined, these features have reduced our overall risk of exposure, as well as the time and cost of managing and remediating vulnerabilities."

The role-based administration functions also play a role in Virginia Tech's technology security reviews, a major initiative to ensure that the university is in compliance with PCI-DSS when handling payment data, as well as other compliance standards, such as HIPAA and GLBA. NeXpose allows each department to audit its IT infrastructure through security self assessments, to determine vulnerabilities, and to understand remediation next steps. NeXpose then provides reports--both compliance-based and customized policy--that document and demonstrate compliance to both internal and external auditors.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • data professionals in a meeting

    Data Fluency as a Strategic Imperative

    As an institution's highest level of data capabilities, data fluency taps into the agency of technical experts who work together with top-level institutional leadership on issues of strategic importance.

  • stylized AI code and a neural network symbol, paired with glitching code and a red warning triangle

    New Anthropic AI Models Demonstrate Coding Prowess, Behavior Risks

    Anthropic has released Claude Opus 4 and Claude Sonnet 4, its most advanced artificial intelligence models to date, boasting a significant leap in autonomous coding capabilities while simultaneously revealing troubling tendencies toward self-preservation that include attempted blackmail.

  • university building with classical architecture is partially overlaid by a glowing digital brain graphic

    NSF Invests $100 Million in National AI Research Institutes

    The National Science Foundation has announced a $100 million investment in National Artificial Intelligence Research Institutes, part of a broader White House strategy to maintain American leadership as competition with China intensifies.

  • black analog alarm clock sits in front of a digital background featuring a glowing padlock symbol and cybersecurity icons

    The Clock Is Ticking: Higher Education's Big Push Toward CMMC Compliance

    With the United States Department of Defense's Cybersecurity Maturity Model Certification 2.0 framework entering Phase II on Dec. 16, 2025, institutions must develop a cybersecurity posture that's resilient, defensible, and flexible enough to keep up with an evolving threat landscape.