Case Study: Hillsborough County achieves proactive, cost-effective vulnerability management and HIPAA compliance with Rapid7 Nexpose

Vulnerability Management assists with compliance for Hillsborough County

Hillsborough County ITS, which supports roughly 4,200 clients across 100+ sites in the Tampa area, faced growing audit and compliance demands (HIPAA, ISO17799) while managing more than 250 servers with a three-person security team. Relying on outside vendors for periodic scans left them unable to perform the frequent, detailed, actionable vulnerability assessments they needed, so they sought an in-house, agentless solution that could do stealth and scheduled scans, authenticated and unauthenticated checks, incremental scans, and support Windows and Linux across distributed engines.

They selected Rapid7 Nexpose for its accurate OS/version detection, remediation-focused reporting, intuitive web UI and flexible IP-based licensing. Deployed across three scan engines to cover 254 hosts, Nexpose reduced false positives, streamlined remediation with step-by-step reports, enabled proactive vulnerability management, lowered potential downtime and operating costs, and produced a clear ROI by allowing the small team to maintain strong, audit-ready security.

Hillsborough County

David Rippel

Senior Security Engineer