TriNet: Nexpose and Metasploit Go Hand-in-Hand

To quickly process and act upon security risks, Sean Duffy, IS Team Lead, TriNet, relies on Nexpose and Metasploit. In this clip Sean talks about why these solutions are better together, and how security professionals can respond when colleagues say, "Really? Prove it!"

Video Transcript

TriNet allows companies to achieve their ambitions by meeting their human resources, payroll, benefits, and workers comp needs. It helps companies reduce risks, it helps them maintain costs, reduce administrative overhead, and basically allows them to spend their time building a better mousetrap. We are using Nexpose, the enterprise edition, we have been using that for approximately three years. We also use the Metasploit product. We've been using Metasploit for about six months and we participated in the beta for UserInsight and we've been using that for about four months.

Show more Show less

Nexpose is a product that we actually inherited from a company that we had acquired. But we found it was a fantastic resource for us in order to gauge the potential vulnerabilities on our network, either at the perimeter or internally. And it's one that is personally my go-to device for assessing risks on the servers and we use that for reporting said risks to the appropriate teams and then working with them to remediate or mitigate that risk.

Metasploit was a natural progression. Nexpose, for example, when it will enumerate a vulnerability, will know whether or not it's Metasploitable, whether that exploit is there for anybody to plug in. When we were presenting that to the company, often we'd hear, "Really? Prove it." Well, that allows us to prove it.

We've had a very good experience working with Rapid7. From the sales staff to the implementation, the customer service has been great. I like that it's 24/7. Fortunately, it's not often that we need to call at 2 in the morning, but it has happened and I love it that I can call and hear a human voice and they're right on top of it.

Simplified compliance is critical because we're a growing company and we need a scalable architecture in place so that we can process security risks and act upon them. And we find that Rapid7 helps deliver that.