Rapid7 Is A ‘Force Multiplier’ For 木卫七关怀’s CyberSecurity Team

挑战

和他职位上的大多数安全经理一样, 埃里克·鲍尔曼, 木卫七关怀’s Chief Information Security Officer (CISO) spends the bulk of his time focused on protecting his end-users. “Phishing is probably the biggest concern that I have. And ransomware, of course, because we’re a healthcare company the ransomware gangs target us.”

An additional challenge for 木卫七关怀 is the work-from-home environment. Bowerman acknowledges that having so many remote workers presents compliance issues related to protected health information (PHI). “Previously most of our back-office folks were working in-office, then when COVID hit last year they went home with laptops thinking it would be only for three or four months. 当时, we had limited management software on those laptops, which means we didn’t have the same control as when they were in the office.”

解决方案

鲍尔曼做了研究, 与供应商交谈, conducted POCs 和 narrowed his selection list down to two vendors. 他选择了Rapid7 InsightVM, the leading vulnerability management solution along with the Rapid7 管理检测和响应(MDR) 24/7威胁检测和响应服务.

鲍尔曼是信息安全领域的资深人士. 当他18个月前加入艾拉拉关怀公司时, he zeroed in on the most critical security areas he needed to address first 和 foremost. “I was looking at all our basic operations, which I consider endpoint security controls. So, 包括EDR解决方案, 杀毒, 内容过滤和web代理, 然后是治理, 风险与合规. 漏洞管理也是关键.”

Bowerman is clear-eyed about what he 和 his security team can h和le given the diverse infrastructure they protect. “I’m the CISO that still pushes buttons, conducts investigations 和 everything else. There are only two of us in security right now so we can’t run a SIEM ourselves, 和 we don’t have the resources to create our own SOC. As a small team, anything we buy has to be a force multiplier.” 

“I looked at Rapid7 和 one other vendor for vulnerability management, but when I found out that Rapid7 had a 管理检测和响应(MDR) solution, 这对我们来说是一个简单的决定. 我们在找一个SIEM, 和 with Rapid7 MDR we got that plus a team of experts, 24/7的监控, 主动寻找威胁. We think of our Rapid7 Customer Advisor as having another person on our team.”

Another factor in Bowerman’s selection of Rapid7 is that he didn’t want to deploy 和 manage two separate agents for MDR/SIEM 和 vulnerability management solutions. “It made a lot of sense to have just one agent doing everything I wanted, 这是一个很有说服力的论点.” 

获得关键能见度 

Like turning on a powerful flashlight in a dark warehouse, the InsightVM agents deployed gave Bowerman the visibility he needed. “当我们开始部署Rapid7代理时, we were able to start gathering the telemetry 和 identify vulnerabilities on the systems we needed to remediate. 我们还获得了缺失补丁的可见性. I knew I had to have a SIEM in order to start collecting the logs, 把它们联系起来，看看我的差距在哪里. 这是重要的第一步.”

Bowerman also has seen an improvement in the quality of his metrics. “InsightVM helps us in our metrics when we present to the executive council each month. So, being able to show that we reduced vulnerabilities is key. 我喜欢它有api这个事实, so we can actually create our own security dashboard from all of our disparate tools 和 pull it all in 和 say, “Here are the needles 和 the gauges 和 all the information; this is where we want to be, 这就是我们今天的处境. 这很酷.”

积极主动的伙伴关系

A security professional like Bowerman knows that spotting vulnerabilities is very much a team effort. “We have a good partnership with Rapid7,” Bowerman says. “I can buy a product from anybody, but are they going to be there 和 support me? Will they actually come to me 和 say, ‘Hey, we’re seeing this in your environment.’ Our Rapid7 customer advisors are great – it’s been a good experience 和 partnership.”

As for the overall impact of Rapid7 on 木卫七关怀’s security environment, 鲍尔曼解释说, Rapid7工具有效. The partnership with Rapid7 has absolutely been spot on with my expectations.”