Bioventus依靠Rapid7来保护关键的患者数据

Challenge

With a large distributed workforce, multiple clouds, diverse devices, and critical patient data on the line, the Bioventus security team faces an uphill battle. 用户泄露和网络钓鱼邮件是该团队每天面临的最关键的挑战. 

作为一家国际运营的美国医疗保健公司, Bioventus在保护患者记录方面面临着额外的安全挑战. “我们正在处理必须不惜一切代价保护的医疗设备和患者信息,” Kerry LeBlanc explains. “任何形式的数据泄露都可能造成破坏，但泄露患者记录的代价可能会很高.”

Bioventus还面临着对一定规模的企业来说太常见的安全挑战. “有人在那里访问他们能访问的每一个IP地址. Most of my networks are in the cloud. So, we get those types of attacks, as well.”

Solution

Leblanc implemented Rapid7 InsightVM，领先的漏洞管理解决方案和Rapid7 InsightIDR, the leading cloud SIEM. LeBlanc之所以选择Rapid7，很大程度上是因为它与insighttidr和InsightVM都进行了系统级集成. “Rapid7与我已经拥有的环境以及我想要添加的内容进行了最好的整合. I wanted AMP for endpoints. Rapid7 has an API built for AMP for endpoints. They have integrations built-in for my firewalls; for all the tools I wanted.”

LeBlanc also points to Rapid7’s strong tech support. “我读到的每条评论都说，Rapid7的支持始终存在. 在我与Rapid7合作的三年中，他们一次又一次地证明了这一点.”

When LeBlanc joined Bioventus, 他的第一步是对整个系统进行评估，以查明差距和弱点. An immediate concern was vulnerability. “We didn’t have a SIEM. I knew that was definitely something we needed. 我们需要一个漏洞管理解决方案和一个端点检测和响应解决方案,” explains LeBlanc.

“I’ve been doing what I do for a long time. 我在很多工具和平台上都有丰富的经验. So, I knew in my mind what I wanted.“勒布朗负责Bioventus的网络安全, 向IT基础设施和安全主管汇报. “If it’s security, it’s mine,” explains LeBlanc. “我负责安全意识项目，我是事件响应小组. I’m the threat hunter. I’m the investigator of incidents. I’m also the SOC.”

Visibility and Context Are Key

“对我来说，这一切都是关于威胁的可见性和背景，”勒布朗说. “一旦Rapid7就位，两个关键的事情就发生了变化. 第一，insighttidr发现了很多我以前不知道的东西，这是令人难以置信的. “Everything comes into InsightIDR. I mean, everything. 

Extended Detection and Response (XDR)

“The other major change, 这是扩展检测和响应(XDR)的一部分, is being able to correlate, analyze, prioritize and remediate as quickly as possible. Rapid7做到了这一点，因为它可以看到所有内容. “它可以围绕威胁和事件建立背景. 它可以帮助优先考虑它们，以提高意识水平. I can focus on them a lot quicker, 这让我有机会减轻严重性，消除进一步的影响.”

“insighttidr是我的首选工具，因为它提供了一个允许我关联数据的上下文. If I want to investigate user data, 与那个用户有关的一切都在我的调查范围内. Everything from my EDR solution, everything dealing with the user ID, 从防火墙流量到可能具有用户ID的所有内容. It’s been super helpful.”

Enhanced Endpoint Telemetry

勒布朗还利用了insighttidr增强型端点遥测技术. “I use it for alerting on malicious processes, 这是非常好的，因为我的EDR可能不会像洞察特工那样迅速捕捉到恶意的过程。勒布朗也用它来寻找威胁, asset authentication reporting and failures. “这是通过终端遥测技术获得的大量信息.”

A Single Agent for InsightIDR and InsightVM

LeBlanc is scanning all of his locations; cloud servers, data center servers. “其中很多都有Insight Agent，该Agent也为insighttidr和InsightVM提供数据. It covers all of my environment, all my locations. InsightVM有能力查看所有内容，而不仅仅是我的端点. We found credentials in the wrong places, configurations used in the wrong way, services that should never be left on. 它立即找到了所有我们能够去解决的问题. Nobody had any clue until we began using InsightVM.” 

Reducing Response Time to Minutes

“当我把Rapid7安装到位后，我的响应时间从三到四个小时缩短到十到十五分钟. I see what it is and how to remediate it. Everything is right there. 我可以查询端点或获取信息，并获取关于用户的不同信息.”

A Mature Security Program

LeBlanc使用Rapid7工具将Bioventus的安全程序提升到了更高的水平. 他还指出，他的管理团队对他的安全项目很有信心. “我的一位副总裁在一次会议上审查了一份清单，上面列出了一个好的安全项目应该做的所有事情. 当他们沿着名单往下看时，他说，“克里已经检查了每一个方框。”. That’s a nice feeling.”