Rapid7 > Case Studies > Nebraska Public Power District Fights Phishing, Meets Compliance Requirements with Nexpose and Metasploit

Nebraska Public Power District Fights Phishing, Meets Compliance Requirements with Nexpose and Metasploit

Rapid7 Logo
Customer Company Size
Large Corporate
Region
  • America
Country
  • United States
Product
  • Nexpose Enterprise Edition
  • Metasploit Pro
Tech Stack
  • Vulnerability Management
  • Penetration Testing
Implementation Scale
  • Enterprise-wide Deployment
Impact Metrics
  • Customer Satisfaction
  • Digital Expertise
  • Productivity Improvements
Technology Category
  • Cybersecurity & Privacy - Network Security
  • Cybersecurity & Privacy - Security Compliance
  • Cybersecurity & Privacy - Endpoint Security
Applicable Industries
  • Utilities
Applicable Functions
  • Business Operation
  • Facility Management
Services
  • System Integration
  • Training
About The Customer
Nebraska Public Power District (NPPD) is the largest electric utility in the state of Nebraska, providing electrical power to 86 of the 93 counties. As a vertically integrated utility, NPPD handles generation, transmission, distribution, and retail services. The organization is a political subdivision of the state, meaning it operates independently while adhering to state statutes. NPPD employs a mid-size team dedicated to cybersecurity, with additional support from IT personnel across various sites. The organization has been proactive in cybersecurity training and awareness, particularly in combating phishing attacks.
The Challenge
The Nebraska Public Power District (NPPD) faced a complex compliance situation due to various regulatory mandates, including NERC CIP standards, HIPAA, and specific cyber regulations for their nuclear facility. As a publicly powered state, Nebraska's electric utilities are owned by the public, adding another layer of complexity. NPPD needed to ensure robust cybersecurity measures across its 4,000 assets spread over 19 sites, while also addressing the increasing sophistication of phishing attacks. The organization aimed to improve its overall security posture and meet compliance requirements effectively.
The Solution
NPPD has been a Rapid7 customer since 2009, utilizing Nexpose Enterprise Edition for vulnerability management and Metasploit Pro for penetration testing. The integration of these tools allowed NPPD to efficiently manage and remediate vulnerabilities across its assets. Nexpose provided an intuitive interface and clear remediation steps, making it easy for administrators to perform scans and address vulnerabilities. Metasploit Pro enabled NPPD to conduct phishing exercises and assess user vulnerability, enhancing their overall security posture. The combination of these tools helped NPPD meet compliance requirements and improve cybersecurity awareness among employees.
Operational Impact
  • NPPD's use of Nexpose and Metasploit has significantly improved their ability to manage and remediate vulnerabilities across their assets.
  • The intuitive interface and clear remediation steps of Nexpose made it easy for administrators to perform scans and address issues.
  • Metasploit Pro enabled NPPD to conduct effective phishing exercises, enhancing employee awareness and reducing user vulnerability.
  • The integration of these tools allowed NPPD to efficiently meet compliance requirements and improve their overall security posture.
  • NPPD's proactive approach to cybersecurity training and awareness has helped them stay ahead of the curve in combating phishing attacks.
Quantitative Benefit
  • 45-55% increase in systems meeting goal threshold.
  • Initially, only 25% of systems met the security threshold goal; now, 70-80% of systems meet the goal regularly.

Case Study missing?

Start adding your own!

Register with your work email and create a new case study profile for your business.

Add New Record

Related Case Studies.

Contact us

Let's talk!
* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.