Experity Relies on Rapid7 Managed Services to Scale Security Operations

Challenge

The rapid expansion of personnel, office locations, 合并后的软件和服务给安全团队带来了独特的挑战. “我们有一个小团队，我们肩负着一项相当重要的使命，即保护公司免受任何损失事件的影响,” said Carl Stern, Director of Information Security. 这种对业务连续性和标准化的需求促使experiity团队寻找能够帮助他们管理安全操作并在其安全计划中建立弹性的提供商. “Which is where Rapid7 managed services comes into play,” explains Stern. “如果没有Rapid7管理的服务，我们可能需要将团队规模扩大三倍或四倍才能获得所需的覆盖范围.”

Solution

Experity found its answer in Rapid7, purchasing MDR for incident detection and response, Managed AppSec to enhance their application security, and InsightVM for vulnerability scanning. Through activity monitoring, dynamic application security testing, and advanced vulnerability management analytics, Experity can now automatically assess, understand, and respond to risk across the entire IT infrastructure.

“Rapid7’s got the market cornered in terms of managed services,” stated Stern. “我们现在依靠MDR来审查警报，并告诉我们他们是否看到了用户的异常活动. 大多数情况下，当我们收到警报时，它已经由工程师处理了. I know that if an alert gets to us and Rapid7’s MDR team is asking us questions, 我有信心告诉我的安全行动小组停止他们正在做的事情，立即解决这个问题.

A Comprehensive Solution

斯特恩的任务是建立一个安全团队，并提高他们使用的安全工具的水平. “该公司一直在使用管理检测和响应(MDR)平台，但我很清楚，虽然它在我们实施时满足了需求, the solution didn’t really roll with all the changes. 例如，它只监视网络和服务器活动，而不监视端点活动. 我们希望能够监控台式机和笔记本电脑，因为十有八九, 这就是公司陷入麻烦的地方——用户点击了他们不应该点击的东西.”

Prior to the merger, most employees were based in one office. 所以，如果斯特恩看到一个用户的活动，他就知道这个用户，知道他们应该做什么. With Experity’s new scale, the security team needed a platform to vet alerts. “We have so many more employees and contractors, so if we see alerts or activity from these users, we don’t know if that’s normal or not,” explained Stern. “That’s a pretty unique challenge for us.”

Stern开始寻找一种MDR和漏洞管理解决方案，可以监控所有活动，并提供用户友好和可操作的仪表板. “I wanted a company that had the right product and provided a managed service, 因为当时只有我一个人，一个人不可能一天24小时监控交通. 我希望能够在早上进来，看着一块玻璃，看看在过去的24小时里发生了什么，是否有什么我应该担心的.”

Meeting Regulatory Compliance Standards

事实证明，这些高级安全功能有助于识别和压制恶意行为，并确保符合HIPAA和HITRUST等法规. “In one of our solutions, all user accounts are now managed in Active Directory, 突然之间，我们看到成千上万的用户都是客户. Rapid7 is extremely helpful in that regard, 如果有可能危及客户凭证的异常行为，会向我们发出警报.”

Cutting Through The Application Security Clutter

As Experity’s portfolio grew, Stern寻找一种强大的解决方案，为开发团队一直在管理的web应用程序提供漏洞管理见解. Rapid7’s InsightAppSec, the technology behind Managed AppSec, 提供他们所需的所有功能，并提供托管服务的附加好处. “InsightAppSec has helped us solidify our inventory of web apps. We can see where our apps live, 从本质上讲，我们有一个可以在不影响生产环境的情况下工作的地方,” explained Stern. “That’s pretty big for us.”

Stern还指出，Rapid7的Managed AppSec提供了验证和背景，使他的团队能够专注于关键的事情. “If we managed application security tools internally, we’d see hundreds of alerts and have to parse through and figure out what’s what. 管理AppSec比使用静态的Excel表格或包含上百项内容的PDF文件更容易管理.”

Rapid7的团队还直接与负责修复的experiity开发人员会面. “That’s huge,” stated Stern, “because it eliminates the ‘lost in translation’ issue, where the findings get communicated to my team. My team takes notes. My team goes to the developers. Developers ask questions. We try to answer, but we might be getting some of it wrong. And so we cut that part out. That’s been great too.”

作为订阅服务的一部分，Rapid7 Managed AppSec客户可以查看底层的InsightAppSec仪表板, a popular value-add and differentiator for Experity’s security team. “With a lot of other managed services, 它是一个黑盒子，你只能看到环境中发生的事情的一部分,” said Stern. “I like that although Rapid7 is a managed service, we still have full access to a dashboard for greater visibility. 我们的Rapid7安全顾问也会给我发电子邮件，让我知道有趣的发现. It’s more of a human connection.”

Gaining The Peace Of Mind To Focus On What’s Next

“With the breadth of responsibility we have, 除了关注环境警报，我们还需要做很多事情,” said Stern. “Knowing that we have a 24-hour MDR SOC doing that for us is great. 我终于能够把注意力集中在大局上，规划我们项目的方向，而不是陷入每个提醒的细节中. My team can focus more of our energy on our operations project work, and policy and audit work, which is a bear, especially when you’re talking about things like HITRUST certifications. 多亏了一个不可思议的团队，我们在完善政策和审计计划方面取得了很大进展,and part of that success is due to our partnership with Rapid7.”

A Partnership Built For The Future

与Rapid7的合作给了experiity的安全团队更大的信心，相信随着公司的扩张，他们有能力扩大规模. “我喜欢Rapid7的一个原因是他们不断发展和改进他们的产品, just like Experity continues to grow and be the market leader in urgent care EMR,” said Stern. “At Experity, one of our core values is “Team First”, and I’m fortunate to work with an extraordinary team, and Rapid7 is an extension of that. Rapid7一直是我们真正的合作伙伴，在整个过程中一直支持我们.”