Rapid7 > Case Studies > New Mexico Department of Game and Fish Relies on Rapid7 Nexpose for Selling Customer Licenses, Maintaining PCI Compliance

New Mexico Department of Game and Fish Relies on Rapid7 Nexpose for Selling Customer Licenses, Maintaining PCI Compliance

Rapid7 Logo
Customer Company Size
Mid-size Company
Region
  • America
Country
  • United States
Product
  • Nexpose
  • Metasploit Pro
  • InsightIDR
Tech Stack
  • Nexpose
  • Metasploit Pro
  • InsightIDR
Implementation Scale
  • Enterprise-wide Deployment
Impact Metrics
  • Cost Savings
  • Customer Satisfaction
  • Productivity Improvements
Technology Category
  • Cybersecurity & Privacy - Application Security
  • Cybersecurity & Privacy - Network Security
  • Cybersecurity & Privacy - Security Compliance
Applicable Functions
  • Business Operation
Use Cases
  • Intrusion Detection Systems
  • Regulatory Compliance Monitoring
  • Remote Asset Management
Services
  • System Integration
  • Training
About The Customer
The State of New Mexico Department of Game and Fish is a government organization responsible for managing the state's wildlife resources and enforcing related laws. The department employs nearly 300 people, with a significant portion working in the field. The department's operations include selling hunting and fishing licenses to customers, which is a major revenue source, accounting for approximately two-thirds of its budget. The department's IT infrastructure was outdated, and it faced challenges in securely managing its web application for license sales and achieving PCI compliance. Russ Verbofsky, the Chief Information Officer, led the efforts to modernize the department's technology and improve its security posture.
The Challenge
Russ Verbofsky, the Chief Information Officer at the State of New Mexico Department of Game and Fish, faced significant challenges when he joined the organization. The department's technology infrastructure was outdated, and he had to replace almost every piece of hardware, including switches, routers, firewalls, and servers. With a small IT team of 14 people, half of whom were on the help desk and the other half in application development and database administration, Russ had to support nearly 300 employees across the state. A quarter of these employees worked in the field and connected to the network via VPN, adding complexity to the task. Additionally, the department needed to securely manage its web application for selling hunting and fishing licenses, which accounted for two-thirds of its budget. Another critical requirement was achieving PCI compliance, as credit card information had never been processed through the PCI perspective before. This compliance needed to be achieved across 36 different state agencies.
The Solution
To address the challenges, Russ Verbofsky selected Rapid7's Nexpose for vulnerability management. Nexpose was chosen for its intuitive interface and ease of use, allowing Russ to quickly set up and run scans. The tool helped the department reduce critical vulnerabilities from 130-200 to nearly zero within a year. Nexpose's ability to run full auditing scans and prioritize vulnerabilities was particularly valuable, as was its Top Remediations Report. Russ set up auto scans to run monthly and conducted additional manual scans for major releases. The PCI template within Nexpose was used for internal scans to ensure PCI compliance. After the success with Nexpose, Russ added Metasploit Pro for web application penetration testing, which was previously outsourced. The Rapid7 Metasploit 101 training class enabled Russ to insource penetration testing. Metasploit provided cost savings and flexibility, allowing Russ to test major changes before production. Additionally, Russ purchased InsightIDR to gain insights into user behavior across all endpoints, which was crucial for managing incident detection and response, especially with many employees accessing the network via VPN.
Operational Impact
  • Nexpose significantly reduced the number of critical vulnerabilities, enhancing the department's security posture.
  • The tool's intuitive interface and pre-built templates saved time and effort in setting up and running scans.
  • Metasploit Pro enabled the department to insource web application penetration testing, reducing costs and increasing flexibility.
  • InsightIDR provided valuable insights into user behavior, aiding in incident detection and response.
  • Rapid7's support was highly efficient, resolving issues quickly and ensuring continuous improvement in the department's security program.
Quantitative Benefit
  • Reduced critical vulnerabilities from 130-200 to nearly zero within a year.
  • Achieved PCI compliance across 36 different state agencies.
  • Cost savings from insourcing web application penetration testing with Metasploit Pro.

Case Study missing?

Start adding your own!

Register with your work email and create a new case study profile for your business.

Add New Record

Related Case Studies.

Contact us

Let's talk!
* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.