Rapid7's Single Agent & 简单的设置是国防银行成功的安全姿态的关键

Greater Visibility and Control

According to Bellette, one of the things that stood out most about the Rapid7 platform was the agent-based deployment. “The adoption of a unified agent for InsightVM and InsightIDR has proven highly advantageous. This singular agent provides exceptional endpoint visibility while maintaining a lightweight and user-friendly administration. It effectively enhances our visibility capabilities without imposing excessive resource requirements or administrative complexity.”

“The moment the agent is deployed, 对环境的全面可见性立即可用. We gained actionable insights on vulnerability locations accompanied by risk scoring, 使我们能够集中力量进行有针对性的整治. This built-in prioritisation functionality within the system allows us to efficiently address vulnerabilities, 确保资源优化配置.”

Before InsightVM, they relied on vulnerability reports from a third party, and manual checks. “随着InsightVM的实现, 我们在短时间内显著降低了漏洞风险. The adoption of regular reporting and the implementation of asset tagging within InsightVM have proven invaluable. This capability has greatly assisted us in prioritising our remediation efforts, 考虑到迅速解决所有脆弱性的挑战. 通过利用InsightVM中的风险评分功能, we can now effectively prioritise the mitigation of high-priority vulnerabilities, 从而优化我们的补救策略.”

The InsightIDR User Behavior Analytics (UBA) functionality also is benefitting Bellette’s team by providing more insight and, as a result, 识别危险行为和错误配置以进行补救.

与第三方系统集成

Having a single platform for vulnerability management and detection and response was critical for Defence Bank. 贝勒特指出，有了所有必要的工具, 他们本可以在许多不同的平台上结束. “The consolidation of tools not only facilitates a more streamlined operational environment but also accelerates the learning curve and proficiency of our analysts. 通过最小化工具数量和利用单一平台, we optimise efficiency and enable our analysts to attain a high level of expertise. This unified approach proves highly beneficial for our team's proficiency and effectiveness.”

And what about the requirement to integrate with an array of third-party systems? “From the outset, 我们与我们的云服务和各种其他系统无缝集成, 确保快速高效的互操作性.” he shared. “集成的便利性很重要。”.

集中报告，覆盖广泛的系统阵列

Bellette发现的另一个关键好处是集中报告. “从单一平台访问所有所需数据的便利性, 而不是登录到多个门户, 显著提高了我们的运作效率. This centralised approach, coupled with Rapid7's ability to ingest logs from our diverse range of solutions, 使我们能够全面了解我们的系统. As a result, we can effectively streamline our reporting processes and efficiently manage any incidents that may arise.”

MDR的安心与24/7覆盖

随着他们的安全需求的增加, they realized a need for continuous coverage that their current team couldn’t support on their own. It was time for a managed service.

“Over time, the significance of 24/7 coverage across an expanding range of technologies grew exponentially, 强调其在我们的安全格局中日益重要.” he shared. “在几个小时之外收到的警报构成了挑战, 需要在非工作时间进行干预. This realisation underscored the indispensability of a continuous response capability, 因为警报随时都可能发生.”

他们评估了一些托管安全服务提供商, but found the ease of deployment and the platform itself to be what they were looking for. Transition to 24/7 was simple as InsightIDR and InsightVM was deployed within the environment. Bellette says “The uniqueness about Rapid7 was that it offered more than the other managed services we looked and their was a remarkable ease of setup.”

防务银行(Defence Bank)的团队从数据中获得了更多的安心, triage, 现在他们正在与Rapid7 MDR合作. “Through the implementation of MDR, 我们的事件监控流程随着高效的事件分类而发展. This enables us to forgo checking every single event and instead focus on prioritised incidents. We have the assurance that in the event of a significant occurrence within our environment, 我们将收到及时的通知, allowing us to respond effectively.” he described. “我们有信心，如果发生任何重大事件, 需要立即对事件作出反应, Rapid7是我们值得信赖的合作伙伴, 给我们一种安全感和内心的平静.”

Further, the partnership and guidance from the Rapid7 team has been instrumental for them in the case of a security incident. “The MDR aspect of Rapid7, accompanied by unlimited remote Incident Response and the presence of a dedicated customer advisor, 是否显著提高了我们的组织能力. In the event of an incident, Rapid7是我们值得信赖的合作伙伴, 能够迅速获得他们的专业知识和支持. Additionally, Rapid7's ability to ingest logs from our various cloud solutions and endpoints grants us a comprehensive overview, 极大地方便了我们可能遇到的任何事故调查.”

The Bottom Line

Now that Defence Bank is in partnership with Rapid7, the difference is night and day. “I have conveyed to our team that Rapid7 has seamlessly integrated with our information security team, serving as an invaluable extension. 有他们的专业知识供我们使用, we now possess a dependable resource of skilled professionals to rely on whenever an incident arises.” explains Bellette. And with the MDR partnership, “Our team can prioritise a proactive approach by consistently enhancing controls, 进行全面的威胁分析, 并不断改进我们的安全措施, allowing us to shift our focus from daily alert response to strategic strengthening of our security posture."