In a large university like Virginia Tech, IT security is a major issue. The Office of IT Security conducted a self-assessment of their compliance with the PCI standards and found they needed a commercial scanner with capabilities beyond Nessus.

The cyberattack came in early 2016, when IT manager Tom Brown was on a trip to eastern Europe. Back at headquarters, his staff reported that email had gone into meltdown. Customers were calling in to report that they received emails from Liberty Wines with an unusual attachment, which turned out to be malicious. At the same time, the team was being bombarded by a backscatter of hundreds of thousands of non-delivery receipts related to the malicious email. Tom had to ensure that this wasn’t from an internal breach — that’s when Brown called in the experts at Rapid7. Brown had used Rapid7 software in the past and knew of them as a leader in the security space. He had previously identified a need to track and analyze user authentications and behavior but couldn’t find anything suitable. Until Rapid7 there really wasn’t anything on the market that could easily scale from an SME like Liberty Wines right up to a large enterprise deployment. The architecture of the InsightIDR system allows it to fit any size, both from a scale and a startup cost perspective. He’d arranged for a live demo, been impressed, and allocated budget to install it the next financial year. However, the attackers had other plans.

Sierra View Medical Center faced significant challenges in maintaining real-time visibility and control over its endpoints and servers. The healthcare industry, being a prime target for cyberattacks, required robust security measures to protect sensitive patient data. However, the existing system at Sierra View relied on outdated data from quarterly and biannual scans, which were up to six months old. This outdated information made it difficult to prioritize and assign remediation tasks effectively. The lack of granularity in the CVSS scores further complicated the process, making it nearly impossible to manage vulnerabilities efficiently. As the sole full-time information security practitioner, Scott Cheney needed a more streamlined and automated approach to share risk insights with the IT operations, networks, and systems staff.

Chad Kliewer, the Information Security Officer at Pioneer Telephone, was tasked with implementing a comprehensive security plan and ensuring compliance standards across multiple departments, including corporate, telephone, and broadband services. The challenge was compounded by the absence of a centralized IT group, making it difficult to create a cohesive infrastructure. Additionally, there was no formalized scanning process in place, leading to a lack of visibility into the network assets and vulnerabilities.

Amedisys, a leading provider of home healthcare, faced a unique challenge in securing their patients’ and employees' data without impacting the usability of their systems. The majority of their user base consists of clinicians who provide care to patients in their homes. It was crucial to provide these medical professionals with a seamless and secure experience, as any disruption could impact the care provided to patients. The challenge was to ensure the security of sensitive data while maintaining the efficiency of their operations.

AMN Healthcare, a leading provider of total talent solutions for healthcare organizations, faced a significant challenge in integrating the cybersecurity systems of 28 recently acquired organizations. These organizations varied in size, from startups with 30-50 employees to established organizations with 2,500 employees, each with their own offices, policies, and frameworks. AMN needed a unified, future-proof security platform to integrate these organizations into their corporate structure, ensuring that every organization was following a singular security standard for detection and response. The challenge was further complicated by the shift to remote work due to COVID-19, which transformed each employee's home into a regional office, creating a lack of visibility and control over home networks.

Blue Valley Unified School District in Kansas, with over 23,000 students and 3,100 staff spread across 35 schools, was committed to providing a safe digital learning environment for its students. However, the district faced significant security challenges. In August 2019, the district was targeted by a successful ransomware attack, prompting a comprehensive security assessment of its vast application and network infrastructure. The district's cybersecurity team identified ransomware attacks, visibility, and staffing as the key challenges. Ransomware attacks were a constant threat, especially given the perception that public school districts have limited budgets and manpower. Visibility was another issue, with the small team struggling to maintain a comprehensive view of the district's security landscape. Staffing was also a concern, with many school districts unable to invest in the necessary staffing and software to deal with the demands of today's cybersecurity environment.

CoStar Group, a leading provider of commercial real estate information, analytics, and online marketplaces, has been expanding its reach through mergers and acquisitions (M&A). As of October 1, 2019, CoStar has spent approximately $2 billion acquiring a total of 27 organizations, each with a unique cloud presence and varying levels of cloud competency. The challenge for CoStar is ensuring the security and compliance of its constantly growing and evolving cloud footprint, which spans across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). When growing through M&A, CoStar must be able to understand the cyber risk of the acquisition target, integrate the newly acquired resources, and maintain the ability of these acquired entities to accelerate innovation through the use of cloud services without the loss of control.

Domestic & General (D&G), a leading provider of subscription-based home appliance care, faced a significant challenge in managing its cybersecurity. With a 110-year old business, the company had an accumulation of systems and dozens of IT processes that had evolved over the years. As D&G expanded globally and digitized, its attack surface grew, and the mixed heterogeneous environment created additional challenges in terms of increased cyber risk. The company lacked a modern platform to identify risk and threats in a hybrid environment, at scale and with context. D&G’s Chief Information Officer, Phil, realized the need to enhance the company’s cyber protections and empower the business to own their cyber risk. However, the company was missing a platform that a modern organization needs to ensure it’s protected adequately.

Elara Caring, one of the largest providers of home health care in the U.S., faced significant challenges following the merger of three home healthcare companies. The consolidation created new opportunities but also posed difficulties for the company’s IT infrastructure and data security. The Chief Information Security Officer (CISO), Eric Bowerman, was primarily concerned with protecting end-users from phishing and ransomware attacks, which are common in the healthcare industry. The shift to a work-from-home environment due to the COVID-19 pandemic further complicated matters. The company had limited management software on the laptops of remote workers, which meant they did not have the same control as when the employees were in the office. This presented compliance issues related to protected health information (PHI).

Maximus, a leading strategic partner to governments worldwide, faced a significant challenge in enforcing standards and ensuring consistency across all public cloud environments. With over 200 AWS accounts under management and a growing Azure presence, visibility into numerous projects spanning AWS and Azure was critical. The company needed a solution that would enforce standards across all public cloud accounts and regions, provide visibility into non-compliant resources, create an exception process for certain resources, and deliver an automated way to take remediation action. Enforcing standards across the entire enterprise with hundreds of AWS accounts and Azure subscriptions and different support models was a daunting task.

Rackspace Technology, a leading end-to-end multi-cloud technology services company, faced a significant challenge in ensuring the security of their customers' data. As a company that designs, builds, and operates cloud environments across all major technology platforms, it was crucial for Rackspace to instill trust and confidence in their customers. The challenge was to ensure that when customers put their data on the Rackspace platform or chose to interact with Rackspace, their data would be secure and protected as if it was Rackspace's own. The company needed a robust and reliable solution to manage vulnerabilities and threats, and to ensure the highest level of data security.

The Royal Orthopaedic Hospital in Birmingham, England, one of the largest specialist orthopedic centers in Europe, faced significant cybersecurity challenges. The hospital's IT department, led by Ray Mian and Ajmal Khan, was tasked with protecting patient and healthcare records and the IT infrastructure from ransomware attacks. The stakes were high, as any system downtime could have drastic consequences in the hospital environment. A significant challenge was the lack of visibility in the environment. The team was unable to identify their assets and lacked the necessary tools for visibility, discovery, and analysis to assess their security posture within the organization. This lack of visibility was identified as a key weakness in their cybersecurity strategy.

US Signal, the largest privately held data center services provider in the Midwest, faced significant security challenges in protecting its customers' networks. The company serves seven of the top ten healthcare systems in Michigan, the largest mental health provider in western Michigan, numerous managed service providers (MSPs), and various financial institutions, which necessitates robust security measures. The company had to deal with a range of threats, including phishing and the increasing pace of vulnerability discovery. The company also had to ensure compliance with various security frameworks and regulations, including SOC 2, PCI, and HIPAA. The vulnerability management software US Signal was using previously was not cloud-friendly and required a lot of on-premises infrastructure, making it challenging to manage their vulnerability assessment program.

Apptio faced a significant challenge in managing the security risks associated with employees accessing corporate data via personal mobile devices. The use of smartphones and tablets for work purposes had increased efficiency but also introduced potential security vulnerabilities. Prior to implementing Mobilisafe, gathering information on connecting mobile devices was a tedious process that did not yield adequate results. The company lacked a comprehensive security policy for mobile device usage, which heightened the risk of data breaches and unauthorized access.

The Nebraska Public Power District (NPPD) faced a complex compliance situation due to various regulatory mandates, including NERC CIP standards, HIPAA, and specific cyber regulations for their nuclear facility. As a publicly powered state, Nebraska's electric utilities are owned by the public, adding another layer of complexity. NPPD needed to ensure robust cybersecurity measures across its 4,000 assets spread over 19 sites, while also addressing the increasing sophistication of phishing attacks. The organization aimed to improve its overall security posture and meet compliance requirements effectively.

PNRHA needed to enhance its security posture to comply with Saskatchewan’s Health Information Protection Act (HIPA) and prepare for a province-wide security push. The organization lacked visibility into its security status and had no reporting or charting capabilities to demonstrate compliance. With over 100 servers, 2,500 employees, 1,500 desktops, and two major data centers, PNRHA faced significant challenges in managing and securing its extensive IT infrastructure. The security team, led by Senior Security Analyst Jarvis Meier, needed a solution that could scale with the organization’s growth and provide comprehensive security management.

Most security professionals are strapped for time. In the world of independent consultants, time is even more precious, as their clients prefer engagements to be brief while still yielding business value. Just ask Kevin Beaver, an independent information security consultant with more than 25 years of experience in IT. As the founder of Atlanta-based Principle Logic, LLC, Kevin specializes in performing independent information security assessments for Fortune 1000 companies, nonprofits, and government agencies, among others. For the better part of Kevin’s career, his focus has been on security. “When I graduated high school, computers were the next big thing,” he laughs. “I remember when the concept of people accessing your network first started getting attention.” Fast forward a few years, and he’s now the author of Hacking for Dummies – one of the best-selling books on information security testing that’s currently in its fourth edition.

As Stein Mart extended its IT infrastructure, it developed a security framework to protect it. But it lacked a comprehensive system for scanning and analyzing its security posture. The IT security team initially experimented with freeware that gathered and consolidated security data. However, the biggest problem was taking all the consolidated data and doing something with it. Stein Mart needed a better way to analyze the data, so that they could understand the risks and vulnerabilities in their current security posture and remediate them. Along with Security Audit Analyst Ambar Batista, Beckworth determined that Stein Mart needed an easy-to-use vulnerability and analysis solution with capabilities such as scanning, consolidating, and analyzing data across a multivendor, multiplatform IT infrastructure, scheduling scans on a regular basis, creating comprehensive reports that rank specific risks and vulnerabilities by criticality, suggesting remediation steps, interacting with an existing third-party trouble-ticketing system, and supporting remote scanning at every store.

University of Mary Washington needed to prove their compliance with PCI DSS and state security requirements. The IT department needed to help safeguard its extensive computing infrastructure.

Søren Hansen, the IT Security Manager at Chr. Hansen, faced significant challenges in gaining visibility into user activities on the network and detecting intrusions. The company needed a solution that could alert them to suspicious network activity and streamline incident investigations. The primary challenge was to find a tool that could provide detailed insights into anomalous behavior, such as stolen credentials and lateral movement, without overwhelming the team with excessive alerts. Additionally, the solution needed to be easy to deploy and manage, without requiring additional agents on endpoints.

When Microsoft undertook an extensive evaluation of Web Application Vulnerability scanning solutions on the market, the company’s Cloud and Enterprise Security Services team knew it would be no small task. Microsoft wanted to build a world-class, scalable Web App Vulnerability scanning service that would serve all of their different service teams in building secure applications. With the technology landscape rapidly evolving, Microsoft foresaw that the homegrown solution it had previously relied upon for application security would soon struggle to keep pace with modern applications with rich, dynamic clients and numerous APIs on the back-end. So the team undertook an extensive, thorough evaluation that spanned several months and settled on AppSpider as one of its Web App Vulnerability Scanners, based in large part on the product’s roadmap towards being able to handle complex application ecosystems that have rich clients and RESTful APIs.

The University of Salzburg faced the challenge of ensuring optimal performance and minimizing risk across its campus networks. With approximately 18,000 students and 3,000 staff across 30 locations, the university needed a robust solution to manage its IT and security infrastructure. The IT and security teams needed to collaborate effectively to prioritize and remediate issues based on the organization's needs. The university required a solution that could provide actionable insights, higher accuracy in identifying vulnerabilities, and better visibility into risk.

Wiltshire Council, a unitary council established in 2009, faced the challenge of managing and protecting the personal information of its residents. With over 5,000 employees and more than 350 diverse services, the council needed an efficient and effective IT service to support, maintain, and provide strategic advice. Annual penetration tests were part of the compliance mandates, and the council needed a solution that could run pen tests all year round. Additionally, the council required a vulnerability management solution that could provide detailed and actionable reporting to help remediate risks in the environment.

Russ Verbofsky, the Chief Information Officer at the State of New Mexico Department of Game and Fish, faced significant challenges when he joined the organization. The department's technology infrastructure was outdated, and he had to replace almost every piece of hardware, including switches, routers, firewalls, and servers. With a small IT team of 14 people, half of whom were on the help desk and the other half in application development and database administration, Russ had to support nearly 300 employees across the state. A quarter of these employees worked in the field and connected to the network via VPN, adding complexity to the task. Additionally, the department needed to securely manage its web application for selling hunting and fishing licenses, which accounted for two-thirds of its budget. Another critical requirement was achieving PCI compliance, as credit card information had never been processed through the PCI perspective before. This compliance needed to be achieved across 36 different state agencies.

MCSI wanted to test the ability of their back end, role-based access controls to curb attempts to elevate privileges. They needed an official way to inform clients and regulators on the security and integrity of their systems, while also satisfying HIPAA standards with a third-party evaluation.

Financial institutions around the world have always been an attractive target for hackers keen to get their hands on sensitive customer data, launch online extortion attacks, and interfere in internal business processes to siphon away funds. Even in the United Kingdom, one of the most mature global financial services markets, breaches reported to the regulator soared by 480% in 2018 according to RPC. As part of its customer offerings, Resimac issues a credit card, which means that it is also bound by strict PCI compliance rules. This puts extra pressure on an in-house security team already tasked with keeping escalating threats at bay. With just a handful of staff, Mihalek and his team manage a footprint of approximately 600 assets for the 300+ employees across Australia, New Zealand, and Manila. Needing extra help to support its PCI compliance program—and drive best practices to improve security across the organization—Mihalek sought the help of an outside managed security services provider back in 2017. The decision was underlined by a security incident the firm suffered, an incident Smith claims would have been picked up by a managed security service if one had been in place. But there were also good financial reasons for outsourcing security, says Mihalek.

Auden Group, a socially responsible financial services company, was looking to expand its product portfolio while ensuring robust cybersecurity. The company's leadership recognized the importance of cybersecurity for the success of its mission and growth. They brought on a six-person security team, led by Philip Wright, Head of InfoSec, to manage all aspects of cybersecurity from prevention to threat response. Wright was particularly concerned about phishing and human error, and wanted to build a program around the NIST cybersecurity framework: identify, protect, detect, respond, and recover. With only a month until the company’s first product launch, Wright’s priority was obtaining the ability to detect suspicious activity. He turned to InsightIDR - Rapid7’s easy to deploy SIEM (Security Information and Event Management) solution that features built-in threat detection.

Bioventus, a global leader in active healing and surgical orthobiologics, faced significant security challenges due to its large distributed workforce, multiple clouds, diverse devices, and the critical nature of patient data. The company's security team had to deal with user compromise and phishing emails on a daily basis. As an international healthcare company based in the US, Bioventus had the additional challenge of safeguarding patient records. A breach of any sort could be damaging, but a breach of patient records could be particularly expensive. The company also faced common security challenges for enterprises of its size, such as attacks on its cloud-based networks.

Brooks, a rapidly growing sports equipment company, faced increasing security vulnerabilities due to its expansion. The company's growth from $500 million to $1 billion in sales, along with an increase in employees to 1,800, led to more hits on their website, more partners, and consequently, more security events, phishing emails, and potential risks. Despite having a security team of three analysts, the company struggled to stay ahead of the alerts. The traditionally manual, time-intensive incident response and vulnerability management processes were not scalable to meet the growing security challenges.