莫迪恩制造业 Stops Threats in their Tracks with Rapid7’s Portfolio of Security 服务 和 解决方案s

挑战

Modine has a small security team with a large mission 和 as the business grew so did the risks. Detloff’s three-person security team quickly went from monitoring a few hundred event sources to a few thous和. Modine needed a partner that could help them improve upon various parts of their security program. 这意味着要同时解决主动和被动的安全需求. 这样的战略目标需要战略合作伙伴, 拥有多个卓越的产品和服务中心.

解决方案

莫迪恩制造业找到了他们的战略合作伙伴Rapid7. 今天, the company relies on a combination of Rapid7 managed services 和 cloud-based software to improve their security program. This includes InsightAppSec for scanning customer-facing 和 internally developed apps, ManagedVM (MVM) to offload vulnerability risk scanning 和 management operations, Rapid7 MDR’s SOC experts to detect 和 respond to threats using the InsightIDR solution, 和 InsightConnect’s SOAR capabilities to automate 和 tie it all together.

Rapid7的发展方向, 他们不仅仅关注终端或用户, but they’re combining that with network detection capabilities 和 other data sources to give a better, 更广泛地了解攻击我们的方式,德特洛夫解释说. “它们为我们提供了相关和情境化的数据.” Detloff further noted that having a single lightweight agent that is leveraged both by InsightIDR 和 InsightVM has proven to be valuable, 以对系统的最小影响提供大量功能.

尽早、快速地阻止威胁

Modine regularly performs full scans on its systems 和 networks around the globe, 使安全团队能够快速评估, prioritize 和 patch systems before an attacker can exploit a vulnerability. “With MDR we no longer have to worry about finding the needle in the haystack, because the Rapid7 SOC goes through everything 和 lets us know the key alerts we need to worry about,”德洛夫说. “When a recent zero-day threat emerged, the Rapid7 team notified us about it the night before. 第二天我们在新闻上看到了, 和 thought: This is what we’re paying for - a team of experts who contain incidents so we can sleep easy at night.”

没有MDR服务, Detloff notes that his 3-person security team would have to sift through approximately 16,每天000个可能的警报. Rapid7团队将这一事件减少到每天5次左右. 五个我们可以处理的. We also have the ability to isolate endpoints 和 enable/disable users until an incident is resolved.”

Rapid7团队为我们节省了大量时间, giving us accurate information instead of us having to investigate each alert to try 和 figure it out,德洛夫补充说. “One day our Rapid7 Security Advisor reached out about an end user in another region who was running a suspicious script. It turned out the user had an infected USB drive that was trying to execute a malicious script. Our Rapid7 team captured all the activity 和 stopped anything bad from happening.”

“The industry st和ard dwell time is anywhere between 90-207 days to find something once it’s in your environment,”德洛夫接着说. “The one incident we considered major was identified by the Rapid7 MDR in less than one hour, we responded in less than two hours 和 it was remediated in less than 48 hours. 仅这一事件就支付了今年MDR服务的费用.”

在不增加人手的情况下扩大安全覆盖范围

“没有Rapid7的检测和响应管理服务, I would anticipate needing at least four or five more people to provide comparable coverage”, 所述Detloff. “在漏洞管理方面, 我估计我们至少还需要两个人, 而且只有那些能够确定需要解决的问题的员工, 甚至没有处理补救方面的问题.” On the MDR side, Detloff estimates that he would need to increase his staff by four to five people. 

“Rapid7的MDR人员拥有我在其他地方找不到的专业知识. I also like that the remediation side of the agent 和 the automation side have the ability to disable 和 enable users. The integration both on the MDR 和 InsightConnect sides also appeals to us.”

腾出时间专注于项目

“我热爱我的工作. 我喜欢尽可能深入研究个别事件. But I don’t have the time to do that if all I’m doing is sifting through events all day. 有了Rapid7的MDR，我可以更有策略. I can focus on the entire security program, not just detection 和 response.”

“I was on a lake ice fishing last winter when a significant security incident happened,”德洛夫接着说. “我跟我的安全分析师和Rapid7通了电话. 我们能够远程监控，看到事件，并做出决定. 我在威斯康辛州的一个湖中央回应! 在我们没有MDR之前，我必须赶回家处理它.”

应对网络钓鱼的挑战

“One of our most critical security challenges is phishing,” noted Detloff. “80%的违规行为源于网络钓鱼邮件. We receive roughly 40 user reports of suspect emails a day that have to be analyzed, 其中大约有五个需要修复.” With InsightConnect, Detloff’s small team can focus on the five instead of the 40. “我们建立了一个工作流程来吸收电子邮件, runs all the links 和 attachments past a couple of different threat intelligence sources 和 gives us a determination of whether it’s benign, 已知恶意或可疑,”德洛夫解释道.

 “我们所需要做的就是点击一个按钮来确认它是否是恶意的, 而InsightConnect会帮我们把它从Microsoft Exchange中移除. This took a process that used to take 30-40 minutes per email down to a few minutes each.” Modine is also in the process of moving to a new email gateway to improve their email filtering 和 plans to use InsightConnect’s integration with the service to further automate their phishing remediation. 

在日常基础上测试应用程序安全性.

Modine使用InsightAppSec来动态扫描应用程序. “我们内部开发了面向客户的应用程序, 这些是我们需要确保得到保护的最重要的部分. Our developers are really looking forward to being able to get the OWASP report based on how their application is doing. 

至于未来, Modine will continue to feed in both the event sources 和 the indicators 和 expand their use of the agents 和 the alerting system they have in place 和 add automation. “自动化对我们的小团队来说至关重要.”