我们的信号 Adds Rapid7 Platform 和 Managed 服务 to Protect Its 客户’ Networks

挑战

Doing security well for customers means paying attention to a range of threats, large 和 small. 与许多公司一样，网络钓鱼是一个主要问题. As is the accelerating pace of vulnerability discovery 和 the required patching 和 mitigation of vulnerabilities.迪福解释说:“这似乎是随着时间的推移而加速的事情。. “它似乎来得越来越快.”

我们的信号 also ensures compliance with various security frameworks 和 regulations, 包括SOC 2, PCI和HIPAA. “We maintain high levels of compliance to ensure we are doing what’s needed to keep our company 和 our customers' data safe.”

解决方案

两年前, 我们的信号 replaced its existing 脆弱性管理 platform with Rapid7 InsightVM. 一年后, 他们增加了Rapid7管理检测和响应(MDR)服务, 包括访问insighttidr, Rapid7 SIEM / XDR. 

不幸的是, the 脆弱性管理 software 我们的信号 was using before Rapid7 couldn’t keep pace with 我们的信号’s evolving environment. 迪福指出:“之前的产品并不特别支持云计算. “It required a lot of on-premises infrastructures to get coverage into all of our various environments. 因为这种复杂性, 管理我们的脆弱性评估项目更具挑战性. 那时我们开始寻找其他供应商.” 

我们的信号 had worked with several SIEM tools over the past three years but wanted a cloud-based tool, 因此，无论端点在哪里，它们都可以轻松地从端点收集数据, 而且不需要管理本地的基础设施.

“一旦我们切换到Rapid7平台, we found that the ability to collect vulnerability metrics via a more cloud-friendly approach greatly improved our ability to assess all of our systems,笛福说。. “作为我们纵深防御战略的一部分, we enforce network segmentation between our enterprise 和 production services environments. Being able to assess those environments in real time while maintaining segmentation between them is important to us.” 

开箱即用的价值 

A key factor in Defoe’s selection of Rapid7 was the quality of the Rapid7 Insight Agent 和 how it operates in a cloud environment. “We can use the Rapid7 Insight Agent to do assessments in a more cloud-friendly 和 remote worker-friendly way. 当我们评估MDR服务时, 利用洞察特工是关键, 所以我们能够很快地使用MDR. 洞察特工变得更有价值了，当, because of its dual role in both 脆弱性管理 和 detection 和 response, we had log collection instantly from all of our hosts since the agent was already in place.”

“The deployment of MDR was super easy compared to our previous tool,” Defoe says. “你所要做的就是安装代理. 我们开启了洞察代理为MDR收集数据, 几分钟之内, 我们完成了75%. Insight Agent提供出色的遥测技术. 我们很快从一无所有变成了提供真正安全价值的POC. The other thing that was just a huge relief to us is that the alerts we get out of the MDR service are much more accurate than what we saw from our previous SIEM.”

让所有团队参与漏洞管理

Another key difference with Rapid7 InsightVM is the ability for Defoe to get other team’s directly involved in using the platform for 脆弱性管理. “We’ve got at least five different teams that have responsibility for their own systems, 包括企业IT, 安全操作, 软件开发, 云工程和我们的设施团队,笛福解释道。. “使用仪表板界面, we’ve been able to build out the reporting for each individual team to get the high-level overview of where they’re at 和 what they need to do to keep up with 脆弱性管理. Getting these disparate groups all into one platform where they can see what they need to do for 脆弱性管理 has been critical to our success.”

Defoe holds a weekly 脆弱性管理 meeting with all the teams to review the upcoming issues they are seeing, 每个团队都需要加快修补的关键漏洞, 以及每个团队的总体状态. “It’s part of our 脆弱性管理 policy that we follow certain requirements. Everything is tracked 和 reported to our auditors 和 our executive security team. 漏洞管理是我们在我们的信号做的事情的关键部分.

扩展SOC的容量

笛福还管理着一个5人的SOC，其中包括一名自动化工程师, 一个安全工程师和三个分析师. 他们负责事件审查, 脆弱性管理, 安全测试和渗透测试，以及电子邮件网络钓鱼和用户教育. Although the 我们的信号 Security Operations Center does respond to critical security events 24/7, 该团队依靠Rapid7 MDR, with its follow-the-sun SOC model to enhance their decision making 和 responsiveness. “全天候盯着玻璃看MDR, to be able to raise 和 escalate alerts that are of critical importance around the clock is a big relief. 降低警觉性当然也有助于我们睡得更好. We’re not flooded with false-positive alerts day in 和 day out like we were previously. 拥有Rapid7 MDR SOC作为后盾绝对是非常有帮助的.”

“The user interface for MDR - InsightIDR - also is a lot better than our previous SIEM,” Defoe says. “Before we would have to drill down two levels to get to the alerts we were trying to review 和 close. We had such a volume of alerts they got buried in this weird user interface 和 we would actually miss alerts. 现在，我们可以在队列的最前面收到更高质量的警报.” 

In the coming year, Defoe will be focusing on automation using Rapid7 InsightConnect. “我们真的想在自动化方面加倍努力, so that we’re making sure that we continue to scale our capabilities faster than we’re having to scale the number of people that are here on our team.” 

当一个强大的安全团队, 就像美国信号中心的那个, 是否有合适的安全工具, 事情有一种变得更可预测和更少的三警报火灾的方式. “All of the alerts that we’ve gotten out of the Rapid7 MDR service over the past few months have been either security testing or legitimate activity. 我们还没有发生任何可以归类为重大安全事故的事件.” 

最后，笛福的安全方法简单明了. “It’s important that our organization has the right people to meet our security dem和s, 而且我们有合适的工具, 解决方案, 和 services in place to assist us - which is something we’re constantly evaluating. We are setting ourselves up for success when it comes to managing ongoing vulnerabilities, 检测和响应异常行为, 并识别可能使我们和我们的客户面临风险的弱点.”