runZero provides Granite Edvance with 'eye-opening' insight into their network for a proactive approach to their security program

Problem

Granite Edvance is a non-profit agency committed to helping New Hampshire families plan and pay for higher education for nearly 60 years. They aspire to be recognized as a capable, trusted, and innovative leader in educational loan services that enhance the promotion, advancement, and support of higher education for the state of New Hampshire by providing K-12 and postsecondary students and schools with expertise in the student loan industry.

To ensure that Granite Edvance can continue to achieve their mission-critical goals of helping local families obtain the financial support they need for higher education, Chris Nadeau, VP of Information Security, takes his role very seriously. Along with his small but mighty team of three, it is their responsibility to oversee that all devices and assets connected to the network, from HVAC and OT devices to anything with an IP address, are secure and protected. So when their existing tools, both Lansweeper and Tenable’s Nessus product, were proving to be more difficult, limiting, and time consuming to use and manage than they were worth, they began the search for an improved, alternative solution. “The IT team used Lansweeper to find all the basic IT assets like printers and phones. But it was an old school legacy solution that was very insecure, took a lot of care and feeding to maintain, and required an on-premise server (no SaaS solution). It was spraying the network with domain admin credentials to find everything and we had pentesters come in and they were able to leverage those to attack things. We had just had enough of the product,” explained Nadeau. He went on to add, “On the security side, Tenable’s Nessus has a learning curve to it. I have had issues with the scans impacting database backups, system performance issues with high availability systems, and impacts to other sensitive systems from my previous life in manufacturing where poorly timed and improperly tuned scans had impacted manufacturing equipment processes including SCADA and ICS systems. The problem with using Nessus to do network discovery is that you may not know what you are scanning until the initial scans are run to discover assets, which could impact an unknown number of systems in a negative way. With runZero, I found that I didn’t need to take time to be trained on how to set up scans. I did not need to go through the settings to fine tune everything. It took us 20 minutes to figure out how to use the platform and get it up and running by entering a couple subnet ranges to start scanning. As I expanded the scanning, I found it had no impact on any of our infrastructure and I now have standard subnet ranges scans running on an hourly basis against various subnet ranges. runZero has provided a lot of confidence for us.”

Solution

While they considered a few other options, they first leveraged runZero’s free 21-day trial to determine if it was the best solution for them. “What always helps me in my decision making is when a product has a free trial that I can run at home. On the business side, that goes a long way for me, to unleash it on my home network where I can toy with it,” explained Nadeau. Once they saw runZero’s vast discovery capabilities, leveraging its proprietary, unauthenticated scanner to efficiently extract asset details and accurately fingerprint operating systems, services, and hardware, Nadeau and his team were hooked. “With runZero, we can go out and find everything on the network, including open ports, something we couldn’t do with Nessus. It helped us identify when our HVAC company had a bunch of things connected to our network that no one knew about. We ran runZero and were able to see that these things were on the wrong subnet and shouldn’t be tied into our direct network. That has really helped us,” said Nadeau.

Now with a full and accurate inventory of all the assets and devices they have on their networks, Nadeau and his team are able to perform comprehensive cyber risk management and mitigation for a more proactive approach to their security program. “We’re using runZero to go through and classify all of our systems so that we’re doing risk ranking based on what type of data they are and what kind of services they provide,” Nadeau said. runZero also helps Granite Edvance with cyber asset hygiene by way of discovering new devices on the network and determining if they meet their strict security requirements. “runZero is great for new device discovery. If someone adds a new device to the network and it doesn’t have the proper security controls, we have set up alerts to notify us of that,” explained Nadeau.

Granite Edvance has utilized one of the EDR API integrations runZero has to sync and further enrich their cyber asset inventory in runZero. This has enabled them to discover gaps in their EDR coverage and zero in on endpoints missing endpoint protection to further strengthen their security. “We have runZero linked with our EDR provider. If runZero sees a system and our EDR provider does not, we set it up so that we will get an alert that says, ‘Hey! Our EDR provider is probably not installed on this system,’ and that indicates to us that we need to go check that out,” said Nadeau.