Customer Story:

InsightVM Saves Time, Provides Visibility in Higher Education

Juli 06, 2020

Gael Frouin, Information Security Officer at a higher education institution, came on board with the difficult task of transforming a bareboned, regulation-focused program to an efficient (yet comprehensive) one. With the help of InsightVM, Rapid7's leading vulnerability risk management solution, Gael and his team can now account for the diversity of devices and assets that hop on and off of the school's network, and complete this work without the tedious back-and-forth communications.

Highlights include:

  • "I revisited a little bit what tools we were using. So I looked at different competitors, whether it was Qualys or other platforms, and I really based it on: what am I expecting from such a tool, what am I getting now with the tool I have, which was InsightVM, and is there a reason for change? In that case, really, the tool was great for what I needed. Started learning it fairly quickly because it was easy in terms of user interface and even configuration that I decided to stick with it."
  • "It's a tremendous gain in terms of speed, time to recovery from a misconfiguration. [Before InsightVM] By the time I notice the incident, I have time to deal with it. I push it to the right people. They do the work— it's days. With the automation in InsightVM, it's minutes, or a few hours, or something like that."
  • "My Rapid7 experience has been great. I got quality service, quality products. Products that are easy to use and to start with."

Video Transcript

My name is Gael Frouin, and I'm currently the information security officer of a higher education institution that has around 5,000 students, 2000 staff and faculty and contractors and the main goal is to teach anything related to music.

Show more Show less

Choosing Rapid7

The current security program—it started being built before I arrived and it was really bareboned, regulation oriented. And I transform that into regulation from regulation slash compliance to security by doing first a risk analysis. That risk analysis led to whatever different projects that included intrusion tests that were actually carried by Rapid7 and we use various tools, from SIEM, Security Incident and Event Management to vulnerability management systems. So we use InsightVM as a product to manage all vulnerabilities.

InsightVM, which was named Nexpose at the time, was already in place. But after doing the risk analysis I revisited a little bit what tools we were using. So look at different competitors, whether it was Qualys or other platform. And I really based it on what am I expecting from such a tool, what am I getting now with the tool I have, which was InsightVM, or Nexpose at the time, and is there a reason for change? In that case, really, the tool was great for what I needed. Started learning it fairly quickly because it was easy in terms of user interface and even configuration that I decided to stick with it. Based on the quality of the tool and the other services that we got.

How does InsightVM make your day to day easier?

So I would say the ability to automate. A lot of the scans that are being done are automated. The ability to delegate the responsibility of fixing and following up on those vulnerabilities, now I delegate a lot more to the application owners. At the really beginning when I was running the tool, I was doing the followup, now I can delegate that.

They manage that on their own. I just inform them and follow when I see that there's no evolution, they haven't done their work, then I follow up with them as always. That's really the main feature, is that ability to automate a lot of the things and automate and delegate. We configure a rule and have the ability to act without human intervention. The system acts on that rule or that vulnerability detection. It's a tremendous gain in terms of speed, time to recovery from a misconfiguration, it's a lot faster that way. By the time I notice the incidents, I have time to deal with it. I push it to the right people. They do the work, it's days. With the automation, it's minutes, or a few hours, or thing like that. So that's really the tool that really helps a lot.

Integrating with AWS

Currently we use, as a public cloud provider, we use AWS as the main one. We use some of their server or infrastructure as a service. We also use processing power from AWS API gateway or CloudWatch or things like that. I just today, because again I learned the new capability from InsightVM, I configured it to be able to track the configuration and have an assessment of that configuration from our InsightVM platform, which is such a gain of visibility that I just got and just realized some misconfiguration.

Overall Experience with Rapid7

My Rapid7 experience has been great. I mean I got quality service, quality products. Products that are easy to use and to start with, I don't have a certification in those products. Still, again, fairly good with the current documentation with the way the UI on the product is. I get pretty advanced in them.

We always try to compare different vendors, but right now with the satisfaction that we have, there's not really competition security-wise on those, at least the main products that are being offered.

On-Demand Demo

To see InsightVM in action, watch the on-demand product demo today.

Watch Demo

Vulnerability Management in Higher Ed

How exactly does InsightVM help secure IT environments in higher education?

Read Brief