Virginia Tech, 6 Others Adopt Rapid7 Security Software
- By Dian Schaffhauser
Seven colleges and universities have gone public with their adoption of Rapid7 NeXpose security software. The University of Pennsylvania, Virginia Tech, Weill Cornell Medical College, University of Miami, Norwich University, Carnegie Mellon, and the University of Mary Washington are now leveraging NeXpose to locate, assess, and eliminate vulnerabilities across networks, Web applications, servers, and databases.
The University of Pennsylvania in Philadelphia, which consists of four undergraduate and 12 graduate and professional schools, runs a decentralized IT environment that requires its local department IT personnel to have the ability to scan their systems consistently, in addition to the periodic scans conducted by the central IT department of hosts and important systems during IT audit and security work. Rapid7 provides role-based administration, which enables a centrally based resource to broaden the use of NeXpose. As a result, departments can perform self-scans of critical systems and take action in response to vulnerabilities.
"Providing each department with the ability to run self-scans in addition to our work in central IT results in more frequent vulnerability scans," said Melissa Muth, senior information security analyst at Penn. "And, since NeXpose tests each vulnerability to reduce false positives, our results are also more accurate. Combined, these features have reduced our overall risk of exposure, as well as the time and cost of managing and remediating vulnerabilities."
The role-based administration functions also play a role in Virginia Tech's technology security reviews, a major initiative to ensure that the university is in compliance with PCI-DSS when handling payment data, as well as other compliance standards, such as HIPAA and GLBA. NeXpose allows each department to audit its IT infrastructure through security self assessments, to determine vulnerabilities, and to understand remediation next steps. NeXpose then provides reports--both compliance-based and customized policy--that document and demonstrate compliance to both internal and external auditors.
Dian Schaffhauser is a writer who covers technology and business for a number of publications. Contact her at firstname.lastname@example.org.