Porter Airlines: Better Reporting, Better Remediation Plans with Nexpose and Metasploit

Jason Deluce, Manager of Technology, Security & Compliance at Porter Airlines, discusses the ways in which Nexpose and Metasploit deliver value through better reporting and remediation plans, so that the security team can clearly communicate what it is they're doing, why they're doing it, and how it affects the business.

Video Transcript

Hi, my name is Jason Deluce. I'm the Manager of Technology and Security and Compliance at Porter Airlines and main focus is PCI compliance at the moment. Currently we're using Nexpose, Metasploit Pro and ControlsInsight. Effective threat and risk management is important to Porter because if we can't visualize the threats then we can't mitigate the risks.

Show more Show less

Prior to using Nexpose, we were using a different vulnerability scanner that we didn't really feel was doing what we needed it to do. It sort of presented a lot of false positives and reporting out of it was nonexistent. Utilizing a product like Nexpose, we're able to really get to the nitty gritty of what the vulnerabilities were, and at the same time, we were able to get reporting, as well as a remediation plan out of the solution.

Because we have to be PCI compliant, there's a requirement for external and internal penetration testing. Rapid7 was able to demonstrate how we could do our own external/internal pen testing using Metasploit Pro.

Every product we've deployed from Rapid7, we've had an opportunity to demo and we've worked closely with product support, sales engineers, and sales representatives in order to determine what solution was the best fit.

I think the benefits we've seen from using these tools is better reporting, remediation plans that make sense, and it's really provided us the ability to communicate within the organization what it is that we're doing and why we're doing it, and how it affects the business.

I would gladly recommend Rapid7 to anybody and everybody that needs a solution.