This page contains a Flash digital edition of a book.
36 CASESTUDY


STEIN MART PROTECTS IT INFRASTRUCTURE FROM VULNERABILITIES


US fashion retailer relies on Rapid7 NeXposeEnterprise Edition to protect its systems and data and comply with compliance requirements


It helps with remediation: the links the report provides enable me to do research prior to presenting it to the team and assists the team in understanding the vulnerability and pursuing resolution


states, offering service and presentation of a high-end department or speciality store, at prices up to 60% below department store prices. As a retailer, Stein Mart must comply with Payment Card Industry Data Security Standards (PCI DSS) to protect fi nancial transactions on its store and corporate servers and website. A data breach would trigger an expensive PCI audit and fi nes, and importantly would also compromise customer trust and damage its reputation, possibly impacting future sales. As Stein Mart extended its IT infrastructure, it


H


developed a security framework to protect it. But it lacked a comprehensive system for scanning and analysing its security posture. The IT security team initially experimented with freeware that gathered and consolidated security data. “Our biggest problem was taking all the consolidated data and doing something with it,” said Monica Beckworth, IT security and compliance manager at Stein Mart. The company needed a better way to analyse the data, so that they could understand the risks and vulnerabilities in their current security posture and remediate them. Along with security audit analyst Ambar Batista,


Beckworth evaluated a number of vulnerability scanning products from several vendors and chose Rapid7 NeXpose Enterprise Edition software. It can be confi gured to automatically scan for more than 14,000 vulnerabilities and perform more than 54,500 checks across web applications, databases, networks, server operating systems, and other software products. NeXpose locates and identifi es threats, assesses and ranks their risk to the environment, and offers step-by-


eadquartered in Jacksonville, Florida, Stein Mart is a nationwide US retailer of fashion merchandise with over 260 stores in 30


step remediation plans. It has a PCI template to track vulnerabilities specifi c to compliance. It supportsremote scanning and offers an application programming interface (API) for integration with other IT management systems such as a ticketing system. Currently, Stein Mart uses NeXpose to scan network


devices, data centre servers and web applications. Batista uses information in NeXpose reports to address risks with server managers and network administrators. “If I see a critical or urgent vulnerability on the report, that tells me I need to get it resolved as soon as possible,” she said. “It helps with remediation: the links the report provides enable me to do research prior to presenting it to the team and assists the team in understanding the vulnerability and pursuing resolution.” The use of Rapid7 NeXpose has positively impacted the collaborative performance of the entire IT staff, made up of six teams in all. It uses NeXpose to pre-scan new data centre and web servers before they go online. The successful integration of NeXpose into security management also improved Stein Mart’s patching process, such as scheduling the testing and application of server operating system (OS) patches from Microsoft. Beckworth and Batista plan to extend their use of Rapid7 NeXpose. First, with the help of Rapid7 Professional Services, they plan to leverage the NeXpose API interface to automate information exchange with the trouble-ticketing system for thorough problem tracking and resolution.


They want to extend scans to include databases, which the tool already supports.


They also plan to install client software at all 260-plus


Stein Mart stores to automate remote scans. Until now Batista has been scanning stores remotely through a laptop that is confi gured with NeXpose software and shipped from store to store. A store manager plugs the laptop into the store network. Batista then confi gures the engine for the store’s network and schedules the scan from her console in the central data centre. Both Beckworth and Batista would recommend Rapid7 NeXpose without hesitation. “I’ve been very impressed with the product. Any beginner would be able to use it and understand it,” said Batista. “There’s a lot of value for the price,” Beckworth added.“But, it has all the bells and whistles you need. NeXpose helped us become more secure and smarter about how we do things.”


RETAIL TECHNOLOGY JULY/AUGUST 2011


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40