Brennon Thomas and Trevor Steen are vulnerability analysts and penetration testers at Rackspace, a managed cloud computing company based in Texas but with offices and data centers around the globe. They’re part of a small team that had a big task; they needed a vulnerability management solution with a robust application programming interface that could automate and scale quickly and efficiently.
*Our Nexpose Now product has evolved into InsightVM, which utilizes the power of the Rapid7 Insight platform, our cloud-based security and data analytics solution.
Brennon Thomas:Show more Show less
I am Brennon Thomas and I'm a vulnerability analyst and penetration tester with Rackspace.
When I arrived at Rackspace we were a team of three, and we were using another scanning product that had some challenges with scaling and having a robust application programming interface that we could use to drive automation. When we cut over to Nexpose, our team actually decreased by one, and there were two of us, but because of Nexpose's API and automation capabilities, we were able to scale very quickly and go from almost 20,000 assets and we're looking at about 100,000 assets right now.
We decided to go with Rapid7, Nexpose solution because the ability to scale and automate, because we had a small team and we needed to quickly be able to build out our vulnerability management program, and Nexpose allowed us to do that quickly, and to leverage the application program and interface in order to drive a lot of automation and scale.
The amount of time that we'd have to spend towards maintaining the configuration of Nexpose and having it running, has become very minimal, at first it was quite a bit of work, but because we've been able to leverage the API to tell us if there's any failed scans, or failed reports, or to generate reports and automatically send them to the relevant system owners and groups, the people that care about them. It's greatly reduced the burden on our small team.
My name is Trevor Steen, and I'm a vulnerability analyst and penetration tester at Rackspace. We have locations all over the world, we have six data centers, plus multiple office locations globally. What's nice is that with the Nexpose scan engines we can deploy those directly into the environments, which allows us to have a little better scan efficiency for the assets that are in those different locations versus having to try and scan everything from one central location.
Nexpose Now seems like it's going to be a very heavy hitter for us. Earlier this year we were looking at solutions for dashboarding our vulnerability results so that our business leaders and system owners could see the bigger picture of what's going on with vulnerabilities, and right about that same time we got the email from Rapid7 saying Nexpose Now is being released in the next update push of Nexpose. We've just started exploring what that's going to do for us, but what we've seen so far seems very promising.