指数 Secures Clients’ Data With Rapid7 InsightVM Platform 和 管理检测和响应 Service
关于指数
指数 is an engineering 和 scientific consulting firm whose customers include corporations, 保险公司, 政府机构, 律师事务所. The firm is best known for its analysis of accidents 和 other failures to determine their root causes. NASA hired 指数 to examine possible causes of the Space Shuttle 挑战r disaster. FEMA contracted with the firm to examine the damage in the aftermath of the deadly Oklahoma City bombing. 指数 was also called in to investigate the infamous Exxon Valdez oil spill. 最近, 指数 has expanded its services to analyze new products or processes to help avert potential future problems.
挑战
With 1,500 employees distributed across more than 30 locations supporting clients in the U.S, European Union 和 Asia, 指数’s major security challenge is keeping its data safe 和 secure. That responsibility falls on the shoulders of 丹尼尔·舒勒 和 his information security team. 直接向财务总监汇报, Shuler was brought onboard in 2019 to formalize the way 指数 addresses security.
“We focus on protecting our clients’ data to the best extent that current technology will allow 和 do it in a concrete way that allows us to demonstrate we have the right security tools in place,舒勒解释道. 随着客户和项目的不断发展, 新的外地办事处, 以及多样化的技术, a large part of 指数’s security challenge is related to the need for greater visibility across its diverse environment.
解决方案
Shuler’s solution for visibility was implementing Rapid7’s vulnerability tool, InsightVM, 以及Rapid7的管理检测和响应(MDR)服务. 舒勒说:“我们的顾问流动性很强. “A large percentage of our work can happen offsite; at a client site, a hotel, or a home office. 我们需要一个紧跟用户的技术栈. Rapid7 fits right into that bucket because it offers a light-weight agent that can be deployed on end user devices 和 be with them wherever they go. 我们的整个策略就是跟着用户一起移动. We 100 percent rely on the Rapid7 agent deployment to carry this through.”
“我们面临的挑战与使用中资产的可见性有关, 正在使用的网络, 我们多元化的办公室,舒勒说. “这一切都是标准化的,但它在不断变化. We have a st和ard technology stack in each office with the same servers 和 network gear.” But Shuler points out there are many variables required to accommodate each client’s work; it could be adding a new work location or new technology. “We need to make sure we’re at the table for the right conversations; the technologies we’re specifying 和 requiring are being leveraged correctly 和 that everybody is operating within our policies,舒勒继续说.
对不断变化的环境的可视性
除了提供漏洞信息之外, Rapid7的漏洞管理解决方案, InsightVM, performed asset discovery scans that identified each node on 指数’s network. Now Shuler’s team also relies on InsightVM scans to identify any new devices that are added to the network.
Rapid7的InsightVM技术非常可靠. 这正是我们需要它做的,”舒勒继续说道. “It integrates with the MDR service through a shared light-weight agent that provides a rich source of data. 代理具有多种功能,我们非常喜欢这一点.”
24/7安全团队
When Shuler first joined 指数, the company did not have an in-house security team. Shuler knew from experience it would be all but impossible to provide around-the-clock security coverage on their own. While becoming a round the clock operation is difficult for teams of many sizes, 他提到他之前的一家公司有一个很大的, in-house SOC (Security Operation Center) 和 coverage was a challenge. “Then, we had to rely on our SIEM 和 other technologies to make enough noise during off hours. 想想看——一个大团队不可能做到24小时不间断. 这就是为什么我们在第一天就购买了Rapid7 MDR服务. 我们知道小团队是做不到的.”
Rapid7的MDR为我们提供了能见度. 我们知道用户在哪里,设备在哪里. One of my favorite aspects of the MDR service is the ability to get into the console 和 look at the map showing where our incidents, events 和 devices are operating from – it’s powerful to be able to pull that up 和 see, ‘There are five people working in a different country than they usually do 和 they are connected to our VPN in Phoenix.”
Shuler与Rapid7 MDR SOC密切合作. “We’ve worked with the Rapid7 team to define what metrics need to be gathered, 例如防火墙日志, Web代理或邮件网关, whatever it takes to give the system enough data points to correlate 和 give us good results. 这不是一个静态的环境. It’s been consistently updated 和 changed to adapt to our changes 和 to adopt new capabilities available within MDR, 比如云支持. 当我来到这里时,我们还不是AWS的客户,而现在我们是. 日志源和代理部署进行了转换. The MDR service continues to monitor 和 give us visibility into our environment.”
一个与指数使命一起发展的安全平台
在过去的三年里, 指数’s security program has expanded 和 matured alongside Rapid7’s products 和 services. “Rapid7的报告每月都是一致的. With InsightVM we look at the number of devices 和 the number of vulnerabilities we have. 在MDR方面,我们监控事件的数量. 这对我们的安全计划非常有价值. Rapid7可以始终如一地向我们展示环境中正在发生的事情.”
至于合规措施, Rapid7’s InsightVM 和 MDR meet the security criteria desired by the firm’s clients. “我们的客户将他们的数据委托给我们. They want to know what we do for security; do you operate a SIEM? 你把数据关联起来了吗?? 你是否管理或监督24/7? Rapid7为我们检查了所有这些框. The correlation expertise through both the technology 和 the people in the SOC has proven many times over to be accurate 和 valuable.”
On a personal level, Shuler credits Rapid7’s around-the-clock support with giving him downtime. “我喜欢睡觉. So, if somebody says I’m going to give you 24/7 support 和 only wake you up when it’s necessary, 这对我来说很好. MDR SOC只升级我们需要采取行动的关键警报.“安全、可见性、专家支持和稳定的睡眠时间表. 解决方案,然后是指数的信息安全团队.
