2009 Press Releases

PDF Version

Rapid7 Continues Education Market Momentum By Addressing Complex University Vulnerability Management Challenges

University of Pennsylvania, Virginia Tech and University of Mary Washington among others join Institutions Using Nexpose to Assess and Remediate Threats without IT Burdene

Boston - March 9, 2009 - Rapid7, the leading provider of unified vulnerability management solutions, today announced the addition of multiple leading universities to its roster of educational institutions using Rapid7 Nexpose as a key step in their defense-in-depth security strategy.  The University of Pennsylvania, Weill-Cornell Medical College, University of Miami, Virginia Tech, Norwich University, Carnegie Mellon, and the University of Mary Washington are now leveraging Nexpose to locate, assess, and eliminate numerous vulnerabilities across networks, Web applications, servers, and databases.  

According to the Identity Resource Center, 20 percent of the 2008 data breaches occurred within the education market.  With small IT departments and thousands of student, faculty, and staff records housed and accessed across multiple assets, universities require the deepest level of vulnerability scanning coupled with a prioritized remediation plan.  Rapid7 Nexpose locates vulnerabilities across all vital resources and chains those vulnerabilities together to detect real threats and reduce false positives.  Nexpose then delivers prioritized reports and remediation plans that highlight the most critical vulnerabilities for immediate remediation.  Using Nexpose, educational institutions can also achieve compliance to a variety of industry standards when handling specific sensitive data. 

For the University of Mary Washington, Nexpose’s accurate scan results and prioritization of threats enable the school’s limited IT security department to eliminate manual processes when finding vulnerabilities, such as SQL injections and cross-site scripting (XSS), and determine the risk of each issue.  At the same time, Nexpose checks the school’s security configuration of servers and other network equipment to ensure that the security settings are correct and that patches are updated.

Many universities have complex environments with IT administrators dispersed throughout the campus, and Rapid7’s role-based administration enables a centrally based resource to broaden the use of Nexpose.  As a result, departments can perform self-scans of critical systems and take immediate action in response to vulnerabilities, limiting exposure and damage.  For example, the University of Pennsylvania, one of the nation's most selective and competitive universities, is comprised of four undergraduate and 12 graduate and professional schools, with multiple departments under each.  Its decentralized IT environment requires that, in many cases, its local department IT personnel have the ability to scan their systems consistently, in addition to the periodic scans conducted by the central IT department of critical hosts and other vital systems during IT audit and security work. 

“Providing each department with the ability to run self-scans in addition to our work in central IT results in more frequent vulnerability scans,” said Melissa Muth, senior information security analyst at Penn.  “And, since Nexpose tests each vulnerability to reduce false positives, our results are also more accurate.  Combined, these features have reduced our overall risk of exposure, as well as the time and cost of managing and remediating vulnerabilities.”

Nexpose plays a vital role in Virginia Tech’s Technology Security Reviews, a major initiative to ensure that the university is in compliance with PCI-DSS when handling payment data, as well as other compliance standards, such as HIPAA and GLBA.  The role-based administration feature within the product enables each department to audit its IT infrastructure through security self assessments, to determine vulnerabilities and to understand remediation next steps.  Nexpose then provides reports - both compliance-based and customized policy - that document and demonstrate compliance to both internal and external auditors.

“In 2008, the industry saw a significant number of data breaches occur at educational institutions, leaving many students and faculty at risk for identity theft and universities in jeopardy of exposing intellectual property,” said Mike Tuchen, president and COO.  “Nexpose is the best solution for organizations, including educational institutions, seeking to locate and remediate vulnerabilities across all assets, a critical component of complex IT infrastructures.”

About Rapid7

Rapid7 is the leading provider of security risk intelligence solutions. Rapid7's integrated vulnerability management and penetration testing products, Nexpose and Metasploit, empower organizations to obtain accurate, actionable and contextual intelligence into their threat and risk posture. Rapid7's solutions are being used by more than 1,700 enterprises and government agencies in more than 65 countries worldwide, while the Company's free products are downloaded more than one million times per year and enhanced further by over 125,000 security community users and contributors. Rapid7 has been recognized as one of the fastest growing security companies by Inc. Magazine and as a "Top Place to Work" by the Boston Globe. The Company is backed by Bain Capital Ventures and Technology Crossover Ventures. For more information about Rapid7, please visit http://www.rapid7.com.

Awards
SC Magazine Finalist Deloitte Fast 500 Award Logo ASC Award inc500 Award Logo 2009 Redherring Winner Logo 2009 Best Prodcuts Logo 2009 Tomorrow Tech Logo 2009 GPE Awrads Logo Finalist Hot Companies 2009 Logo Rapid7 Star100 Revised Graphic SC Award Nominee 2008 Nominee 2008 Global Exeellence SC Awards 2007 Finalist Hot Companies of 2007 Customer Trust Logo Hot Company 2006 Logo SC 2006 Awards Winner
Most Read
Most Downloaded
Press Releases