Enhancing Security and Transforming Vulnerability Management with Rapid7
Industries
Company Size
Products
Customer Website
About University of South Florida
The University of South Florida, a high-impact research university dedicated to student success and committed to community engagement, contributes an annual economic impact of more than $6 billion. Across campuses in Tampa, St. Petersburg, Sarasota-Manatee and USF Health, USF serves approximately 50,000 students from nearly 150 different countries. U.S. News & World Report has ranked USF as one of the nation's top 50 public universities for six consecutive years and, for the second straight year, as the best value university in Florida. In 2023, USF became the first public university in Florida in nearly 40 years to be invited to join the Association of American Universities, a group of the leading 3% of universities in the United States and Canada. With an all-time high of $692 million in research funding in 2023 and a ranking as a top 15 public university for producing new U.S. patents, USF is a leader in solving global problems and improving lives. USF is a member of the American Athletic Conference. Learn more at www.usf.edu.
Dennis Guillette serves as the Director and Security Architect at USF, overseeing security operations across both the Education Campus and the Health Campus. With a responsibility encompassing thousands of students, full-time staff, and faculty, as well as the security needs of a major high-impact research school, Guillette plays a crucial role in safeguarding the university's extensive community. His role involves managing both the strategic processes and the personnel necessary to maintain a secure environment, ensuring the safety and protection of the entire USF ecosystem.
Fragmented Vulnerability Management
Before adopting Rapid7’s solution, the USF security team lacked a comprehensive tool for capturing vulnerability data across their environment and were relying on a scanner that was inadequate for their needs. With thousands of machines and systems, the fragmented vulnerability management process, combined with an outdated scanner, made managing vulnerabilities a complex task. This lack of a unified tool led to significant difficulties in capturing vulnerability data, communicating risk to senior leadership, and maintaining an effective security posture.
Security Concerns
The security situation was exacerbated by a series of internal observations with their cybersecurity operations that underscored the urgent need for an upgraded security solution. This realization helped prioritize funding to upgrade USF’s overall security stack. The university faced challenges with unmonitored IoT devices, outdated server software, and siloed access within the organization. These issues not only threatened data security but also impeded USF’s ability to prioritize and manage remediation efforts effectively.
Rebuild Vulnerability Management Program
Guillette acknowledged the limitations in their security operations and indicated his team’s desire to obtain an enterprise vulnerability management solution to completely rebuild their vulnerability management program. He pointed out that they required a solution that not only identifies vulnerabilities but also integrates seamlessly with their operations, provides real-time insights, and scales with their evolving needs. It was clear that they needed to invest in a system that would support their long-term security goals and help them stay ahead of emerging threats.
Implementing InsightVM
USF implemented Rapid7’s InsightVM and engaged a Technical Account Manager to address their security challenges. Rapid7’s InsightVM provided the university with a comprehensive vulnerability management tool that allowed for efficient scanning and detailed reporting, which ultimately provided a timely and actionable response to any security challenges they faced.
Implementation Guidance and Support
Additionally, the Technical Account Manager played a pivotal role in guiding USF through the implementation, helping to customize the solution to fit their specific needs and overcoming any hurdles that arose during the transition. “The support we received from Rapid7 was patient and exceptional in finding what worked for us,” Guillette said. This support was instrumental in preventing implementation challenges and ensuring a smooth transition.
Seamless Integration
One of the key benefits of InsightVM was its ability to seamlessly integrate with USF's existing business processes, including JIRA for project management.
This capability enabled USF to translate vulnerability data into actionable tasks and integrate them into broader business processes. The integration with existing project management tools, such as JIRA, was expressed to be crucial for USF in streamlining remediation efforts and ensuring that security measures were prioritized according to their risk levels.
Enhanced Visibility and Control
The adoption of InsightVM brought immediate benefits, including improved visibility into the university’s network. “We were able to identify machines that had fallen under the radar and mitigate or eliminate them,” Guillette explained. “Discovery was a big help, allowing us to find servers that weren’t using traditional server IP addresses and those we didn’t know existed.” This was expressed to be instrumental in advancing the university’s security agenda.
Better Insights & Streamlined Remediation
The detailed reporting and quantification features of InsightVM enabled the USF security team to present actionable insights to senior management, which led to the development of effective remediation strategies and highlighted the need for organization-wide policy changes. Guillette noted, “The ability to prioritize remediation based on risk levels has been transformative. We can now use detailed, quantifiable data to support our security decisions.” By streamlining remediation efforts, InsightVM significantly improved the university’s security posture. Guillette also praised Rapid7’s reporting capabilities, stating, “The level of detail in the reports from Rapid7 exceeds expectations. We can now present actionable data rather than large, unreadable reports.”
Summary
Dennis Guillette highlights the effectiveness of Rapid7's solutions in enhancing security measures at USF. "Rapid7's tools have been instrumental in helping us identify vulnerabilities before they become critical issues and integrate seamlessly with our existing systems. This integration has been invaluable for us," he stated.
In summary, Rapid7 has proven to be a vital partner in USF's journey towards a more secure and resilient IT environment, helping the university navigate its complex security landscape with confidence and effectiveness. Rapid7 is here for that.
一つのプラットフォームで、よりコントロールしやすくなる。Command Platform を使用すると、攻撃可能領域をより明確に把握し、脅威を的確かつプロアクティブに検出できます。
