Case Study: Northern California Bank achieves robust vulnerability management and air-gapped network scanning with Rapid7 Nexpose and Penetration Testing

Air-gapped Network No Problem Building Stronger Vulnerability Management at a California Bank

A Northern California community bank ($5B revenue, ~1,000 employees and 80 branches) needed a stronger vulnerability management program to protect customer PII and comply with strict financial-sector requirements. The ISO faced a particular challenge: their production environment was air-gapped, so most off‑the‑shelf scanners wouldn’t work, and they also needed penetration testing reports that were concise enough for the board but detailed enough for IT.

Rapid7’s Nexpose was deployed because it can run fully offline and delivers granular Real Risk Scores and customizable reports for both executives and technical teams. Nexpose uncovered more vulnerabilities than prior scans, was expanded to the internet-facing network, and—together with a Rapid7 penetration test that failed to breach a critical alerting device—produced well‑received, actionable reports. The result: improved visibility, more disciplined monthly remediation, and a stronger, more scalable vulnerability management program with plans to add dashboards, agents, and SIEM integration.

Northern California Bank