Customer Story:

A Rapid7 Pen Testing Story: From Discovery to Remediation in Four Hours

July 13, 2020

Hear from Gael Frouin, Information Security Officer at a higher education institution, about why he trusts Rapid7 Penetration Testing Services to raise his team's awareness of security risks and gain trust and budget from executive stakeholders. In this customer story, he walks us through the university's internal and external testing engagements, and explains the benefits of the Executive Report delivered as part of the engagement.

Highlights include:

  • "The Executive Report is what I need to get funding or to justify the current security program."
  • "The test was really good, but discovered a major vulnerability within two hours of testing... They gave me direction on what I needed to do, what was the main issue, what they were able to do and within four hours were able to stop the issue."
  • "They were not on site, but still communication was great."

Video Transcript

My name is Gael Frouin, and I'm currently the information security officer of a higher education institution that has around 5,000 students, 2000 staff and faculty and contractors and the main goal is to teach anything related to music.

Show more Show less

Rapid7 Penetration Testing Services

So the benefit of the pen tests that we carry is really two things. Raise my awareness of what are the most critical issues. It's not about just given vulnerabilities, how you got to that point where you missed it or it got introduced into your environment. That's really the benefit and what I expect from a report and what I got from the Rapid7 services.

So that's the first aspect I really liked. The second one is the report. So we have like an Executive Report and a more technical report for people fixing. The Executive Report is what I need to get funding or to justify the current security program.

When we got the first intrusion tests, it was actually a full scope. It was external and internal. It was over two weeks. We had, I believe someone who just joined Rapid7 at that time, it was great. We discussed about what was the scope, how we would organize that, and everything went according to plan.

That was the first one. The second one was just an external penetration test on a given application that went horrific for us. The test was really good, but discovered a major vulnerability within two hours of testing. So they reached out to me straight away. They gave me direction on what I needed to do, what was the main issue, what they were able to do and within four hours were able to stop the issue. Four hours of the beginning of the intrusion tests. They were not onsite, but still communication was great. They reached out to me straight away and were able to fix that fairly quickly. Then they kept going with intrusion tests on that service, and in parallel we start in a more deep in depth investigation on how long the issue had been there for, et cetera, et cetera. So the fact that they reached out to us so quickly allowed us to in our own term react and try to fix that major issue.

Overall Experience with Rapid7

My Rapid7 experience has been great. I mean I got quality service, quality products. Products that are easy to use and to start with, I don't have a certification in those products. Still, again, fairly good with the current documentation with the way the UI on the product is. I get pretty advanced in them.

We always try to compare different vendors, but right now with the satisfaction that we have, there's not really competition security-wise on those, at least the main products that are being offered.

Pen Testing Services

Learn more about Rapid7 Penetration Testing Services, and contact our team of experts.

Learn More