Manchester Metropolitan University (MMU) is one of the five largest further education institutions in the UK, situated in the country’s most popular student city. With two sites, 38,000 students, and 3,000 staff members to manage, there’s plenty to keep network security engineer Steven Fitzsimmons and his team of three busy.
Like their counterparts in the United States and elsewhere in the West, UK universities continue to be a major target for online attackers. Freedom of Information (FoI)-based research released in 2017 revealed that nearly three-quarters (70%) had fallen victim to phishing attacks over the previous 24 months. A separate report later that year claimed data breaches at UK universities had doubled, with sensitive IP and ground-breaking research particularly prized by state-backed snoopers. Ransomware and DDoS outages have also hit many institutions over recent months, and there’s an ever-present risk associated with negligent users. In short, Fitzsimmons and team had a lot of ground to cover, and they needed a way to extend their reach given the resources at hand.
According to Fitzsimmons, part of the challenge of securing a network of MMU’s size lies in its heterogeneity. His team’s job is to manage and maintain endpoint security and firewalls, monitor for unusual network behavior, protect against external threats, and mitigate risk if any vulnerabilities are discovered. That’s a major undertaking when there are Windows, Linux machines, Macs, desktop, and mobile devices across physical and virtualized infrastructures.
After three years with a previous vulnerability management vendor, Fitzsimmons was aware of the rapid advancement of technology in the space and decided to open things up for potential replacements. He spoke to peers at other universities, trawled the online forums, and found Rapid7’s name consistently cropping up as one to watch. Subsequent tests told the MMU team what it needed to know.
“We were looking for things like, how were vulnerabilities displayed? What information did the product tell us? What were the reporting features like?,” he explains. “The more we looked into Rapid7, the more we were impressed with InsightVM. It definitely gave us more than we had with previous solution, so we chose to invest.”
InsightVM is Rapid7’s flagship vulnerability management solution designed with modern, dynamic networks in mind to provide powerful analytics, remediation, and automation capabilities. In the face of an evolving threat landscape, InsightVM leverages Rapid7’s extensive vulnerability research, Metasploit exploit knowledge, attacker-based analytics, internet-wide scanning data, and more—surfaced via real-time reporting.
Migration to the Rapid7 solution went largely without a hitch.
“Sales and support have been really smooth from beginning to end,” says Fitzsimmons. “From our point-of-view, the rules were easy to transport over to InsightVM so there was no downtime as a result of lost scans. Everyone’s had really positive things to say about it.”
The MMU network team are particularly impressed with their newfound ability to run discovery and other scans depending on the requirements of the subnet.
“Being a university, we’ve got different types of machines here—Windows, Linux, Macs—and a massive network, so we needed something which could gather all that information in one place and we could use it as a central inventory for the assets, and then we can run different scans for each one,” he says.
Fitzsimmons is also impressed by the level of granular detail provided about vulnerabilities; for example, if a Metasploit plugin exists, or if proof of concept code is available on ExploitDB, indicating increased exploitability of a vulnerability. And he likes the fact that assets can be filtered by different criteria: for example, by risk or number of vulnerabilities. Overall, InsightVM has provided “great visibility” into the MMU network, allowing the team to drill down into operating systems, software, and services to find out more.
The MMU network team have also seen their lives made easier by the remediation and reporting functionality in InsightVM.
“When we do see vulnerabilities, it’s impressive how it gives us a lot of information. The recommended remediations are really clear and helpful,” says Fitzsimmons. “On other solutions we’ve seen this kind of thing but you sometimes need to translate it for other users to understand. Where patches are required there’s often a direct download link so you don’t have to hunt for it yourself.”
Customizable reports complete the picture, allowing his team to tailor their findings according to the department that needs to view it. Those in charge of web servers may get a different report than teams in charge of unified communications, and so on.
As MMU grows in confidence with InsightVM there’s even more scope to expand the team’s use of the tool in future. This includes the Remediation Projects feature, which integrates with IT ticketing to help teams track the progress of remediation. Meanwhile, Steven Fitzsimmons and team are continuing to evaluate Rapid7 InsightIDR as their SIEM solution.