experiity依靠Rapid7托管服务来扩展安全操作

挑战

人员迅速膨胀, 办公室的位置, software 和 services as a result of the merger created unique challenges for the security team. “We’ve got a small team 和 we’re charged with a fairly substantial mission to protect the company from loss events of any kind,” said 卡尔·斯特恩，信息安全总监. This need for business continuity 和 st和ardization fueled the Experity team’s search for a provider that could help them manage security operations 和 build resilience in their security program. 斯特恩解释说:“这就是Rapid7管理服务发挥作用的地方. “Without Rapid7 managed services we would probably need to triple or quadruple the size of our team just to get the coverage we need.”

解决方案

经验在Rapid7中找到了答案, 采购MDR用于事件检测和响应, 管理AppSec，以提高应用程序的安全性, 和InsightVM进行漏洞扫描. 通过活动监测, 动态应用程序安全测试, 以及高级漏洞管理分析, 经验现在可以自动评估, 理解, 并对整个IT基础设施的风险做出反应.

斯特恩表示:“Rapid7已经垄断了管理服务市场. “We now lean on MDR to vet alerts 和 tell us if they’re seeing unusual activity from a user. The majority of the time when we get an alert, it’s already h和led by an engineer. 我知道如果我们收到警报，Rapid7的MDR团队会问我们问题, I’m confident telling my SecOps team to stop what they’re doing 和 address it immediately.

全面解决方案

Stern was tasked with building a security team 和 enhancing the caliber of the security tools at their disposal. “The company had been using a 管理检测和响应 (MDR) platform but it became clear to me that while it addressed a need at the time we implemented it, 这个解决方案并没有真正适应所有的变化. For example, it only monitored network 和 server activity 和 not endpoint activity. We wanted to be able to monitor desktops 和 laptops because nine times out of ten, that’s where companies get into trouble -- from a user clicking on something they shouldn’t.”

在合并之前，大多数员工都在一个办公室工作. So, if Stern saw activity from a user, he knew the user 和 what they should be doing. 有了Experity的新规模，安全团队需要一个平台来审查警报. “我们有更多的员工和承包商, 如果我们看到这些用户的警报或活动, 我们不知道这是否正常,斯特恩解释道. “这对我们来说是一个非常独特的挑战.”

Stern began looking for an MDR 和 vulnerability management solution that could monitor all activity 和 offer a user-friendly 和 actionable dashboard. “我想要一家拥有合适产品并提供托管服务的公司, because at the time it was just me 和 there was no way one person could monitor traffic 24 hours-a-day. And I wanted to be able to come in in the morning 和 look at a single pane of glass 和 see what had happened over the previous 24 hours 和 if there was anything I should be concerned about.”

符合法规遵从性标准

These advanced security capabilities have proven helpful for identifying 和 squashing malicious behavior 和 ensuring compliance with regulations such as HIPAA 和 HITRUST. “在我们的一个解决方案中, 所有用户帐户现在都在Active 导演y中管理, 和 all of a sudden we were seeing thous和s 和 thous和s of users that were clients. Rapid7在这方面非常有帮助, alerting us if there is anomalous behavior that has the potential to put a client’s credentials at risk.”

消除应用程序安全性的混乱

随着experiity投资组合的增长, Stern looked for a robust solution to provide vulnerability management insights across their web applications which the development teams had been managing. Rapid7的InsightAppSec, 管理AppSec背后的技术, provides all the capabilities they need with the added benefit of offering a managed service. InsightAppSec帮助我们巩固了网络应用的库存. 我们可以看到我们的应用程序在哪里, 和 essentially we have a place where we can work without impacting the production environment,斯特恩解释道. “这对我们来说很重要.”

Stern also noted that Rapid7’s 管理AppSec provides validation 和 context that allows his team to focus on what is critical. “如果我们在内部管理应用程序安全工具, we’d see hundreds of alerts 和 have to parse through 和 figure out what’s what. 管理AppSec is a lot more manageable than having a static Excel sheet or a PDF of a hundred things to look into.”

Rapid7’s team also meets directly with the Experity developers that are responsible for remediation. “这是巨大的,斯特恩说。, “因为它消除了‘在翻译中迷失’的问题, 这些发现在哪里传达给我的团队. 我的团队会做笔记. 我的团队去找开发人员. 开发者问问题. 我们试着回答，但我们可能会得到一些错误的答案. 所以我们把这部分删掉了. 那也很棒.”

Rapid7 管理AppSec customers have access to view the underlying InsightAppSec dashboards as part of their service subscription, 对于experiity的安全团队来说，这是一个很受欢迎的增值和差异化产品. “有很多其他托管服务, it’s a black box 和 you only see a portion of what’s going on in your environment,斯特恩说. “虽然Rapid7是一个托管服务，但我喜欢它, 我们仍然可以完全访问仪表盘以获得更大的可视性. Our Rapid7 Security Advisor will also email me to let me know about interesting findings. 这更像是一种人与人之间的联系.”

获得内心的平静，专注于下一步

“我们肩负着广泛的责任, there are so many things we need to be doing beyond just looking at environmental alerts,斯特恩说. “知道我们有一个24小时的MDR SOC为我们做这件事是很棒的. I’m finally able to focus on the big picture 和 plan the direction of our program instead of getting bogged down in the minutia of each alert. 我的团队可以把更多的精力放在运营项目上, 以及政策和审计工作, 这是一只熊, 尤其是当你在谈论HITRUST认证之类的事情时. We’ve made a lot of progress in maturing our policy 和 audit program thanks to an incredible team,成功的部分原因是我们与Rapid7的合作.”

面向未来的伙伴关系

The relationship with Rapid7 has given Experity’s security team greater confidence in their ability to scale as the company expands. “One of the things I love about Rapid7 is that they’re constantly evolving 和 improving their products, just like Experity continues to grow 和 be the market leader in urgent care EMR,斯特恩说. “在Experity, 我们的核心价值观之一是“团队第一”。, 我很幸运能和一个非凡的团队一起工作, Rapid7是它的扩展. Rapid7 has been a real partner, staying with us 和 supporting us through this whole process.”