experiity依靠Rapid7托管服务来扩展安全操作

Challenge

人员迅速膨胀, office locations, software and services as a result of the merger created unique challenges for the security team. “We’ve got a small team and we’re charged with a fairly substantial mission to protect the company from loss events of any kind,” said 卡尔·斯特恩，信息安全总监. This need for business continuity and standardization fueled the Experity team’s search for a provider that could help them manage security operations and build resilience in their security program. 斯特恩解释说:“这就是Rapid7管理服务发挥作用的地方. “Without Rapid7 managed services we would probably need to triple or quadruple the size of our team just to get the coverage we need.”

Solution

经验在Rapid7中找到了答案, 采购MDR用于事件检测和响应, 管理AppSec，以提高应用程序的安全性, 和InsightVM进行漏洞扫描. Through activity monitoring, 动态应用程序安全测试, 以及高级漏洞管理分析, 经验现在可以自动评估, understand, 并对整个IT基础设施的风险做出反应.

斯特恩表示:“Rapid7已经垄断了管理服务市场. “We now lean on MDR to vet alerts and tell us if they’re seeing unusual activity from a user. The majority of the time when we get an alert, it’s already handled by an engineer. 我知道如果我们收到警报，Rapid7的MDR团队会问我们问题, I’m confident telling my SecOps team to stop what they’re doing and address it immediately.

A Comprehensive Solution

Stern was tasked with building a security team and enhancing the caliber of the security tools at their disposal. “The company had been using a 管理检测和响应 (MDR) platform but it became clear to me that while it addressed a need at the time we implemented it, 这个解决方案并没有真正适应所有的变化. For example, it only monitored network and server activity and not endpoint activity. We wanted to be able to monitor desktops and laptops because nine times out of ten, that’s where companies get into trouble -- from a user clicking on something they shouldn’t.”

在合并之前，大多数员工都在一个办公室工作. So, if Stern saw activity from a user, he knew the user and what they should be doing. 有了Experity的新规模，安全团队需要一个平台来审查警报. “我们有更多的员工和承包商, 如果我们看到这些用户的警报或活动, 我们不知道这是否正常,” explained Stern. “这对我们来说是一个非常独特的挑战.”

Stern began looking for an MDR and vulnerability management solution that could monitor all activity and offer a user-friendly and actionable dashboard. “我想要一家拥有合适产品并提供托管服务的公司, because at the time it was just me and there was no way one person could monitor traffic 24 hours-a-day. And I wanted to be able to come in in the morning and look at a single pane of glass and see what had happened over the previous 24 hours and if there was anything I should be concerned about.”

符合法规遵从性标准

These advanced security capabilities have proven helpful for identifying and squashing malicious behavior and ensuring compliance with regulations such as HIPAA and HITRUST. “In one of our solutions, 所有用户帐户现在都在Active Directory中管理, and all of a sudden we were seeing thousands and thousands of users that were clients. Rapid7在这方面非常有帮助, alerting us if there is anomalous behavior that has the potential to put a client’s credentials at risk.”

消除应用程序安全性的混乱

As Experity’s portfolio grew, Stern looked for a robust solution to provide vulnerability management insights across their web applications which the development teams had been managing. Rapid7’s InsightAppSec, Managed AppSec背后的技术, provides all the capabilities they need with the added benefit of offering a managed service. InsightAppSec帮助我们巩固了网络应用的库存. 我们可以看到我们的应用程序在哪里, and essentially we have a place where we can work without impacting the production environment,” explained Stern. “That’s pretty big for us.”

Stern also noted that Rapid7’s Managed AppSec provides validation and context that allows his team to focus on what is critical. “如果我们在内部管理应用程序安全工具, we’d see hundreds of alerts and have to parse through and figure out what’s what. Managed AppSec is a lot more manageable than having a static Excel sheet or a PDF of a hundred things to look into.”

Rapid7’s team also meets directly with the Experity developers that are responsible for remediation. “That’s huge,” stated Stern, “因为它消除了‘在翻译中迷失’的问题, 这些发现在哪里传达给我的团队. My team takes notes. 我的团队去找开发人员. Developers ask questions. 我们试着回答，但我们可能会得到一些错误的答案. And so we cut that part out. That’s been great too.”

Rapid7 Managed AppSec customers have access to view the underlying InsightAppSec dashboards as part of their service subscription, 对于experiity的安全团队来说，这是一个很受欢迎的增值和差异化产品. “有很多其他托管服务, it’s a black box and you only see a portion of what’s going on in your environment,” said Stern. “虽然Rapid7是一个托管服务，但我喜欢它, 我们仍然可以完全访问仪表盘以获得更大的可视性. Our Rapid7 Security Advisor will also email me to let me know about interesting findings. 这更像是一种人与人之间的联系.”

获得内心的平静，专注于下一步

“我们肩负着广泛的责任, there are so many things we need to be doing beyond just looking at environmental alerts,” said Stern. “知道我们有一个24小时的MDR SOC为我们做这件事是很棒的. I’m finally able to focus on the big picture and plan the direction of our program instead of getting bogged down in the minutia of each alert. 我的团队可以把更多的精力放在运营项目上, and policy and audit work, which is a bear, 尤其是当你在谈论HITRUST认证之类的事情时. We’ve made a lot of progress in maturing our policy and audit program thanks to an incredible team,成功的部分原因是我们与Rapid7的合作.”

面向未来的伙伴关系

The relationship with Rapid7 has given Experity’s security team greater confidence in their ability to scale as the company expands. “One of the things I love about Rapid7 is that they’re constantly evolving and improving their products, just like Experity continues to grow and be the market leader in urgent care EMR,” said Stern. “At Experity, 我们的核心价值观之一是“团队第一”。, 我很幸运能和一个非凡的团队一起工作, Rapid7是它的扩展. Rapid7 has been a real partner, staying with us and supporting us through this whole process.”