Tony Hamil is responsible for almost everything security-related in his real estate organization. This includes monitoring 2,000 assets and 77 subnets. He’s been using Rapid7 Nexpose/InsightVM* for over 2.5 years, and it's enabled him to scan effectively and create live, customized dashboards for visibility. And with the additions of Rapid7’s Metasploit for pen testing and InsightIDR for incident detection and response, he says that even though his company likes to be vendor agnostic when it comes to security, the success of the Rapid7 portfolio makes that difficult.
*Our Nexpose Now product has evolved into InsightVM, which utilizes the power of the Rapid7 Insight platform, our cloud-based security and data analytics solution.
My name is Tony Hamil. I'm a cybersecurity engineer. My job is pretty much every single thing that is security related in my company. We're in kind of the real estate business for the most part. We do only have about 650 employees, however we are spread all over the entire world. I'm only looking at about 2,000 assets. However, we have about 77 subnets, which for 650 personnel is quite a bit.
Well, we've been using Nexpose for about two and a half years now, and ever since then I've been able to do extremely good scans across our entire network, subnet-based. I've been able to find things on our network that we didn't even know were there sometimes.
The biggest thing that Nexpose Now gives us is the dashboards, is the visibility. The ability to create your own cards, customize the dashboard, put in there what I think is most necessary. And then, with the projects and the ability to assign a project, it shoots off an email, they know they have something to do, and that email also incorporates into our ITSM ticketing system.
My CIO who comes by, he's a very hands-on type person, he'll stop by and he'll say, "Hey, how are things going? Anything I need to know about?" And I can show him that dashboard and say, "These are our problem areas. This is what we're working on. This is what I told you about in that last email and why we're working on it." It's much easier and concise to show him that dashboard than anything else.
With the way that Nexpose allows scanning of subnets and the way it identifies and does its reports, I felt I was getting a lot more benefit to our company than in almost anything else. That was two and a half years ago and it has only compounded since then. And then we also got Metasploit with that, so I've actually used Metasploit a couple times to force my app guys to realize their stuff's not as secure as they thought it was. I'm not a great pen tester, but I do have a few tricks up my sleeves and I'm able to utilize Metasploit to kind of validate a couple items and let them know, "Yes, you are vulnerable and I need you to take care of that."
It has only evolved even further with InsightIDR. We like to be very agnostic when it comes to our vendors. We don't like to stay with any one vendor with what we do, but when that vendor continually is the best in each category, it's kind of hard not to go with them.
Experience the value InsightVM can offer your unique environment with a 30-day free trial.
Hear how one customer is harnessing the power of the Insight platform to drive time savings and increase efficiency.