Executive Summary
Trying to oversee an information-sharing network with 700 individual storefronts was challenging for Batteries Plus Bulb, which runs on a lean IT department. Status reports and actions were hard to manage with its existing tools. Bringing NopSec into the mix boosted the slim staff’s capabilities by consolidating all the information and assigning priorities to vulnerability issues. While more personnel additions may be needed in the future, NopSec was just the spark that Batteries Plus Bulbs needed to keep its security operations humming.
The Company
Batteries Plus Bulbs (formerly Batteries Plus) is a Wisconsin-based merchant of power and lighting products as well as phone repair and key services. The company franchises stores across the United States, with more than 700 individual locations. From its home office in Hartland, WI, Batteries Plus Bulbs coordinates data and information-sharing with its network of franchises.
Infrastructure and Security Manager, Jason Thelen: "Before NopSec, we had to hunt and peck and guess which were our worst vulnerabilities. Unified VRM allows us to work faster from that regard because we can get right into the critical things and get them remediated. We’re five times as effective now compared to before.”
Business & Solution Goals
- Consolidate information gathered from other cybersecurity tools (Nessus, CrowdStrike, Datadog) for greater visibility
- Drive efficiencies with automated prioritization of threats
- Help small SecOps department manage heavy workload
- Inform C-Suite of cybersecurity status with well-designed, complete reports
The Challenges
Batteries Plus Bulbs, a retailer of batteries, lighting and repair services, provides support information to its network of franchises across the United States. While its revenue levels would classify it as a mid-market company, its staffing levels are intended to maximize efficiencies. Consequently, the security team consists of a leader, an administrator and an engineer who is assigned to the department on a half-time basis.
The team was using other security tools, Nessus’s vulnerability scanner and CrowdStrike’s endpoint security system, to be aware of potential issues in their infrastructure. But with a thin staff, it was challenging to effectively track the information gathered from these platforms and take the steps needed. In addition, Batteries Plus Bulbs wanted to add Datadog and possibly Rapid7 and Qualys later.
In addition, the leader of the team, Infrastructure and Security Manager Jason Thelen, wanted to provide clear and concise reports of the company’s cybersecurity status to senior leadership. The existing toolset didn’t provide an optimal way of doing so, given the separate information that each generated.
The Solution
At a trade show, Jason heard about NopSec. He was immediately impressed by the platform’s interface and the knowledgeable, helpful NopSec representative he talked to. Following a proof of concept demonstration, he purchased NopSec’s Unified VRM.
With Unified VRM in place, the security team was able to seamlessly integrate the information garnered from Nessus and CrowdStrike using NopSec’s pre-existing configuration assistants. Learning to use NopSec was not difficult, Jason said. He was pleased with how well the Unified VRM prioritizes risks and lays out where attention is needed.
Customer Benefits & ROI
- Overall efficiency increased by 500 percent, reducing the pressure to add headcount
- Executives receive clear reports from one source rather than a compilation from different tools
- Overall security level elevated from previous status
- Threats from other communications methods identified, promptly their replacement with better options