In a large university like Virginia Tech, IT security is a major issue. The Office of IT Security conducted a self-assessment of their compliance with the PCI standards and found they needed a commercial scanner with capabilities beyond Nessus.

The cyberattack came in early 2016, when IT manager Tom Brown was on a trip to eastern Europe. Back at headquarters, his staff reported that email had gone into meltdown. Customers were calling in to report that they received emails from Liberty Wines with an unusual attachment, which turned out to be malicious. At the same time, the team was being bombarded by a backscatter of hundreds of thousands of non-delivery receipts related to the malicious email. Tom had to ensure that this wasn’t from an internal breach — that’s when Brown called in the experts at Rapid7. Brown had used Rapid7 software in the past and knew of them as a leader in the security space. He had previously identified a need to track and analyze user authentications and behavior but couldn’t find anything suitable. Until Rapid7 there really wasn’t anything on the market that could easily scale from an SME like Liberty Wines right up to a large enterprise deployment. The architecture of the InsightIDR system allows it to fit any size, both from a scale and a startup cost perspective. He’d arranged for a live demo, been impressed, and allocated budget to install it the next financial year. However, the attackers had other plans.

Sierra View Medical Center faced significant challenges in maintaining real-time visibility and control over its endpoints and servers. The healthcare industry, being a prime target for cyberattacks, required robust security measures to protect sensitive patient data. However, the existing system at Sierra View relied on outdated data from quarterly and biannual scans, which were up to six months old. This outdated information made it difficult to prioritize and assign remediation tasks effectively. The lack of granularity in the CVSS scores further complicated the process, making it nearly impossible to manage vulnerabilities efficiently. As the sole full-time information security practitioner, Scott Cheney needed a more streamlined and automated approach to share risk insights with the IT operations, networks, and systems staff.

Chad Kliewer, the Information Security Officer at Pioneer Telephone, was tasked with implementing a comprehensive security plan and ensuring compliance standards across multiple departments, including corporate, telephone, and broadband services. The challenge was compounded by the absence of a centralized IT group, making it difficult to create a cohesive infrastructure. Additionally, there was no formalized scanning process in place, leading to a lack of visibility into the network assets and vulnerabilities.

Amedisys 是一家领先的家庭医疗保健提供商，在保护患者和员工数据而又不影响系统可用性方面面临着独特的挑战。他们的大部分用户群由在家中为患者提供护理的临床医生组成。为这些医疗专业人员提供无缝且安全的体验至关重要，因为任何中断都可能影响为患者提供的护理。面临的挑战是确保敏感数据的安全，同时保持运营效率。

AMN Healthcare 是一家为医疗保健组织提供全面人才解决方案的领先提供商，在整合最近收购的 28 家组织的网络安全系统方面面临着重大挑战。这些组织规模各异，从拥有 30-50 名员工的初创公司到拥有 2,500 名员工的成熟组织，每个组织都有自己的办公室、政策和框架。 AMN 需要一个面向未来的统一安全平台，将这些组织整合到其企业结构中，确保每个组织都遵循单一的检测和响应安全标准。由于新冠肺炎 (COVID-19) 疫情导致员工转向远程工作，这一挑战变得更加复杂，每个员工的家都变成了区域办公室，导致家庭网络缺乏可见性和控制力。

堪萨斯州蓝谷联合学区的 35 所学校拥有超过 23,000 名学生和 3,100 名教职员工，致力于为学生提供安全的数字学习环境。然而，该地区面临着重大的安全挑战。 2019 年 8 月，该学区遭受了一次成功的勒索软件攻击，促使对其庞大的应用程序和网络基础设施进行全面的安全评估。该学区的网络安全团队将勒索软件攻击、可见性和人员配置视为主要挑战。勒索软件攻击是一个持续的威胁，特别是考虑到公立学区的预算和人力有限。可见性是另一个问题，小团队很难全面了解该地区的安全状况。人员配备也是一个问题，许多学区无法投资必要的人员和软件来满足当今网络安全环境的需求。

CoStar Group 是商业房地产信息、分析和在线市场的领先提供商，一直通过并购 (M&A) 扩大其影响力。截至 2019 年 10 月 1 日，CoStar 已斥资约 20 亿美元收购了总共 27 个组织，每个组织都拥有独特的云业务和不同级别的云能力。 CoStar 面临的挑战是确保其不断增长和发展的云足迹（涵盖 Amazon Web Services (AWS)、Microsoft Azure 和 Google Cloud Platform (GCP)）的安全性和合规性。在通过并购实现增长时，CoStar必须能够了解收购目标的网络风险，整合新收购的资源，并保持这些被收购实体在不失去控制权的情况下通过使用云服务加速创新的能力。

Domestic & General (D&G) 是一家领先的订阅式家电护理提供商，在管理网络安全方面面临着重大挑战。作为一家拥有 110 年历史的企业，该公司拥有多年来不断发展的系统和数十个 IT 流程的积累。随着 D&G 在全球范围内扩张和数字化，其攻击面不断扩大，混合异构环境在网络风险增加方面带来了额外的挑战。该公司缺乏一个现代化的平台来识别混合环境中的大规模风险和威胁。 D&G 的首席信息官 Phil 意识到需要加强公司的网络保护并让企业能够承担网络风险。然而，该公司缺少一个现代组织需要确保其得到充分保护的平台。

Elara Caring 是美国最大的家庭医疗保健提供商之一，在三个家庭医疗保健公司合并后面临着重大挑战。此次整合创造了新的机遇，但也给公司的IT基础设施和数据安全带来了困难。首席信息安全官 (CISO) Eric Bowerman 主要关注保护最终用户免受医疗保健行业常见的网络钓鱼和勒索软件攻击。由于 COVID-19 大流行，向在家工作环境的转变使事情变得更加复杂。该公司在远程员工的笔记本电脑上安装的管理软件有限，这意味着他们无法像员工在办公室时那样进行控制。这提出了与受保护的健康信息 (PHI) 相关的合规性问题。

Maximus 是全球政府的领先战略合作伙伴，在执行标准和确保所有公共云环境的一致性方面面临着重大挑战。由于管理着 200 多个 AWS 账户以及不断增长的 Azure 业务，因此对跨 AWS 和 Azure 的众多项目的可见性至关重要。该公司需要一种解决方案，能够在所有公共云帐户和区域中执行标准，提供对不合规资源的可见性，为某些资源创建异常流程，并提供采取补救措施的自动化方式。在拥有数百个 AWS 账户和 Azure 订阅以及不同支持模型的整个企业中执行标准是一项艰巨的任务。

Rackspace Technology 是一家领先的端到端多云技术服务公司，在确保客户数据安全方面面临着重大挑战。作为一家跨所有主要技术平台设计、构建和运营云环境的公司，Rackspace 向客户灌输信任和信心至关重要。面临的挑战是确保当客户将其数据放在 Rackspace 平台上或选择与 Rackspace 交互时，他们的数据将像 Rackspace 自己的数据一样安全并受到保护。该公司需要一个强大而可靠的解决方案来管理漏洞和威胁，并确保最高级别的数据安全。

英国伯明翰皇家骨科医院是欧洲最大的骨科专科中心之一，面临着严峻的网络安全挑战。该医院的 IT 部门由 Ray Mian 和 Ajmal Khan 领导，其任务是保护患者和医疗记录以及 IT 基础设施免受勒索软件攻击。风险很高，因为任何系统停机都可能对医院环境造成严重后果。一个重大挑战是环境中缺乏可见性。该团队无法识别他们的资产，并且缺乏必要的可见性、发现和分析工具来评估他们在组织内的安全状况。这种缺乏可见性被认为是其网络安全战略的一个关键弱点。

US Signal 是中西部最大的私营数据中心服务提供商，在保护客户网络方面面临着重大的安全挑战。该公司为密歇根州十大医疗保健系统中的七个、密歇根州西部最大的心理健康提供商、众多托管服务提供商 (MSP) 以及各种金融机构提供服务，这需要强有力的安全措施。该公司必须应对一系列威胁，包括网络钓鱼和日益加快的漏洞发现速度。该公司还必须确保遵守各种安全框架和法规，包括 SOC 2、PCI 和 HIPAA。 US Signal 之前使用的漏洞管理软件对云不友好，并且需要大量本地基础设施，这使得管理其漏洞评估计划变得具有挑战性。

Apptio faced a significant challenge in managing the security risks associated with employees accessing corporate data via personal mobile devices. The use of smartphones and tablets for work purposes had increased efficiency but also introduced potential security vulnerabilities. Prior to implementing Mobilisafe, gathering information on connecting mobile devices was a tedious process that did not yield adequate results. The company lacked a comprehensive security policy for mobile device usage, which heightened the risk of data breaches and unauthorized access.

The Nebraska Public Power District (NPPD) faced a complex compliance situation due to various regulatory mandates, including NERC CIP standards, HIPAA, and specific cyber regulations for their nuclear facility. As a publicly powered state, Nebraska's electric utilities are owned by the public, adding another layer of complexity. NPPD needed to ensure robust cybersecurity measures across its 4,000 assets spread over 19 sites, while also addressing the increasing sophistication of phishing attacks. The organization aimed to improve its overall security posture and meet compliance requirements effectively.

PNRHA needed to enhance its security posture to comply with Saskatchewan’s Health Information Protection Act (HIPA) and prepare for a province-wide security push. The organization lacked visibility into its security status and had no reporting or charting capabilities to demonstrate compliance. With over 100 servers, 2,500 employees, 1,500 desktops, and two major data centers, PNRHA faced significant challenges in managing and securing its extensive IT infrastructure. The security team, led by Senior Security Analyst Jarvis Meier, needed a solution that could scale with the organization’s growth and provide comprehensive security management.

Most security professionals are strapped for time. In the world of independent consultants, time is even more precious, as their clients prefer engagements to be brief while still yielding business value. Just ask Kevin Beaver, an independent information security consultant with more than 25 years of experience in IT. As the founder of Atlanta-based Principle Logic, LLC, Kevin specializes in performing independent information security assessments for Fortune 1000 companies, nonprofits, and government agencies, among others. For the better part of Kevin’s career, his focus has been on security. “When I graduated high school, computers were the next big thing,” he laughs. “I remember when the concept of people accessing your network first started getting attention.” Fast forward a few years, and he’s now the author of Hacking for Dummies – one of the best-selling books on information security testing that’s currently in its fourth edition.

As Stein Mart extended its IT infrastructure, it developed a security framework to protect it. But it lacked a comprehensive system for scanning and analyzing its security posture. The IT security team initially experimented with freeware that gathered and consolidated security data. However, the biggest problem was taking all the consolidated data and doing something with it. Stein Mart needed a better way to analyze the data, so that they could understand the risks and vulnerabilities in their current security posture and remediate them. Along with Security Audit Analyst Ambar Batista, Beckworth determined that Stein Mart needed an easy-to-use vulnerability and analysis solution with capabilities such as scanning, consolidating, and analyzing data across a multivendor, multiplatform IT infrastructure, scheduling scans on a regular basis, creating comprehensive reports that rank specific risks and vulnerabilities by criticality, suggesting remediation steps, interacting with an existing third-party trouble-ticketing system, and supporting remote scanning at every store.

University of Mary Washington needed to prove their compliance with PCI DSS and state security requirements. The IT department needed to help safeguard its extensive computing infrastructure.

Søren Hansen, the IT Security Manager at Chr. Hansen, faced significant challenges in gaining visibility into user activities on the network and detecting intrusions. The company needed a solution that could alert them to suspicious network activity and streamline incident investigations. The primary challenge was to find a tool that could provide detailed insights into anomalous behavior, such as stolen credentials and lateral movement, without overwhelming the team with excessive alerts. Additionally, the solution needed to be easy to deploy and manage, without requiring additional agents on endpoints.

When Microsoft undertook an extensive evaluation of Web Application Vulnerability scanning solutions on the market, the company’s Cloud and Enterprise Security Services team knew it would be no small task. Microsoft wanted to build a world-class, scalable Web App Vulnerability scanning service that would serve all of their different service teams in building secure applications. With the technology landscape rapidly evolving, Microsoft foresaw that the homegrown solution it had previously relied upon for application security would soon struggle to keep pace with modern applications with rich, dynamic clients and numerous APIs on the back-end. So the team undertook an extensive, thorough evaluation that spanned several months and settled on AppSpider as one of its Web App Vulnerability Scanners, based in large part on the product’s roadmap towards being able to handle complex application ecosystems that have rich clients and RESTful APIs.

The University of Salzburg faced the challenge of ensuring optimal performance and minimizing risk across its campus networks. With approximately 18,000 students and 3,000 staff across 30 locations, the university needed a robust solution to manage its IT and security infrastructure. The IT and security teams needed to collaborate effectively to prioritize and remediate issues based on the organization's needs. The university required a solution that could provide actionable insights, higher accuracy in identifying vulnerabilities, and better visibility into risk.

Wiltshire Council, a unitary council established in 2009, faced the challenge of managing and protecting the personal information of its residents. With over 5,000 employees and more than 350 diverse services, the council needed an efficient and effective IT service to support, maintain, and provide strategic advice. Annual penetration tests were part of the compliance mandates, and the council needed a solution that could run pen tests all year round. Additionally, the council required a vulnerability management solution that could provide detailed and actionable reporting to help remediate risks in the environment.

Russ Verbofsky, the Chief Information Officer at the State of New Mexico Department of Game and Fish, faced significant challenges when he joined the organization. The department's technology infrastructure was outdated, and he had to replace almost every piece of hardware, including switches, routers, firewalls, and servers. With a small IT team of 14 people, half of whom were on the help desk and the other half in application development and database administration, Russ had to support nearly 300 employees across the state. A quarter of these employees worked in the field and connected to the network via VPN, adding complexity to the task. Additionally, the department needed to securely manage its web application for selling hunting and fishing licenses, which accounted for two-thirds of its budget. Another critical requirement was achieving PCI compliance, as credit card information had never been processed through the PCI perspective before. This compliance needed to be achieved across 36 different state agencies.

MCSI wanted to test the ability of their back end, role-based access controls to curb attempts to elevate privileges. They needed an official way to inform clients and regulators on the security and integrity of their systems, while also satisfying HIPAA standards with a third-party evaluation.

Financial institutions around the world have always been an attractive target for hackers keen to get their hands on sensitive customer data, launch online extortion attacks, and interfere in internal business processes to siphon away funds. Even in the United Kingdom, one of the most mature global financial services markets, breaches reported to the regulator soared by 480% in 2018 according to RPC. As part of its customer offerings, Resimac issues a credit card, which means that it is also bound by strict PCI compliance rules. This puts extra pressure on an in-house security team already tasked with keeping escalating threats at bay. With just a handful of staff, Mihalek and his team manage a footprint of approximately 600 assets for the 300+ employees across Australia, New Zealand, and Manila. Needing extra help to support its PCI compliance program—and drive best practices to improve security across the organization—Mihalek sought the help of an outside managed security services provider back in 2017. The decision was underlined by a security incident the firm suffered, an incident Smith claims would have been picked up by a managed security service if one had been in place. But there were also good financial reasons for outsourcing security, says Mihalek.

Auden Group 是一家具有社会责任感的金融服务公司，希望扩大其产品组合，同时确保强大的网络安全。公司领导层认识到网络安全对其使命成功和发展的重要性。他们组建了一个由信息安全主管 Philip Wright 领导的六人安全团队，负责管理从预防到威胁响应的网络安全的各个方面。 Wright 特别关注网络钓鱼和人为错误，并希望围绕 NIST 网络安全框架构建一个程序：识别、保护、检测、响应和恢复。距离公司首款产品发布仅剩一个月，Wright 的首要任务是获得检测可疑活动的能力。他转向 InsightIDR——Rapid7 易于部署的 SIEM（安全信息和事件管理）解决方案，具有内置威胁检测功能。

Bioventus 是主动治疗和外科骨科生物制剂领域的全球领导者，由于其庞大的分布式员工队伍、多个云、多样化的设备以及患者数据的关键性质，面临着重大的安全挑战。该公司的安全团队必须每天处理用户泄露和网络钓鱼电子邮件。作为一家总部位于美国的国际医疗保健公司，Bioventus 面临着保护患者记录的额外挑战。任何形式的泄露都可能造成损害，但泄露患者记录的代价可能特别昂贵。该公司还面临着同等规模企业的常见安全挑战，例如针对其云网络的攻击。

Brooks 是一家快速发展的运动器材公司，由于其扩张，面临着越来越多的安全漏洞。该公司的销售额从 5 亿美元增长到 10 亿美元，员工人数增加到 1,800 人，导致网站点击量增加、合作伙伴增多，从而导致更多安全事件、网络钓鱼电子邮件和潜在风险。尽管拥有由三名分析师组成的安全团队，该公司仍难以领先于警报。传统的手动、耗时的事件响应和漏洞管理流程无法扩展，无法应对日益增长的安全挑战。