Rapid7是劳动力分析公司Visier的“关键安全合作伙伴”

Challenge

克里斯托弗·卡尔弗特, Visier的信息安全总监, 保护客户数据非常重要. “We're entrusted with sensitive data and we take its protection extremely seriously,” he shares. “因此确保我们了解我们在脆弱性方面的暴露, 我们知道活动和环境, we know about potential threats and threat actors that may be interested in that customer data, 这对环境至关重要, to our business, and to our customers.”

Solution

The Rapid7 portfolio enables Calvert to understand the scope of their exposure in terms of vulnerabilities, 以及潜在的威胁和威胁行为者. InsightIDR gives a fantastic event correlation and detection and alerting engine, as well as providing a key view into investigation of any potential incidents. AppSpider在评估应用程序方面提供了很好的深度. The whole Rapid7 product has become key to information security strategy at Visier.

My name is Christopher Calvert and I'm the Visier的信息安全总监. Visier是一家分析公司, we develop a SaaS product based on an analytics platform and we have applications built on top of it that are primarily in the business intelligence space, 解决劳动力计划和分析需求, 以及最近宣布的人才获取产品.

We're entrusted with sensitive data and we take its protection extremely seriously. 所以确保我们知道我们暴露在脆弱性方面, 我们知道活动和环境, we know about potential threats and threat actors that may be interested in that customer data, 这对环境至关重要, to our business, and to our customers.

InsightVM is a scan engine that we use for our 脆弱性管理 program. It's scanning hosts, I've got it doing a little bit of scanning against applications. But primarily it's used in both office and data center environments for us to scan all of the hosts, 深入了解可能暴露的漏洞, 以及帮助通知IT中的合作伙伴的补救计划, in our DevOps group, or in other teams that own those assets or perhaps own code that is running on those assets. 所以它对我来说是一个重要的工具，也是一个重要的安全控制.

The top remediation report within InsightVM is probably my favorite report. It's the one that my partners elsewhere in the company seem to value the most and is most informative for them to be able to trigger remediation planning.

There's a few other reports that we look at and distribution is tailored to who will be interested in that style of report. 每月生成循环记分卡, various quarterly reports … and I'm learning more and more about what's capable in the depth of the reporting, but building a fairly robust communication strategy for 脆弱性管理 based on what's within InsightVM itself. I’m also starting to get more value out of the Insight service that is tied to it, and striking the right balance between the extra visibility it gives me as well as potential integration into other tools.

We’ve started exploring InsightVM Now* and the enriched analytics view that it offers. We are an analytics company, and we definitely see value in rich analytics platforms. 我确实有一些工作伙伴, 特别是在我们的DevOps团队中, 他们非常热衷于InsightVM Now可以提供的见解.

*我们的InsightVM Now产品已演变为InsightVM, 利用Rapid7 Insight平台的强大功能, 我们基于云的安全和数据分析解决方案.

InsightIDR

I was first exposed to InsightIDR as one of the tools that were already in the environment and picking it up, 将其整合到我在Visier的信息安全策略中. One of things that I really like about InsightIDR is that the capabilities to blend a purely responsive incident management approach and a proactive hunting approach are there within the tool. I can use threat indicators that I have already identified as reliable and inject those through the API, 与我的内部事件数据关联, 请允许我不只是回应, but have it actively look for signs of intrusion based on that threat data, and it really blurs the lines between a purely responsive or a purely proactive approach.

Well, today we collect logs and event data from a variety of sources including other Cloud services that we rely on. I have threat intelligence feeds that I pull high confidence indicators from. 我使用insighttidr API将它们作为威胁定义注入, and that allows me to correlate our event data with known high-confidence threat activity that's out in the Internet and really get a broad perspective in what the threats are and possible threat actors that are targeting our environment. 它使我能够发现问题并迅速作出反应.

集成insighttidr和InsightVM

我们集成了insighttidr和InsightVM, and that allows me to correlate vulnerability data with the various sources of event data that we're looking at. 这样当我有什么需要调查的时候, 或者我在寻找威胁的迹象, right there within the same view I can pull up the vulnerability information on the host.

Big strategy for us in making sure that we're making effective use of any time is having a limited number of panes of glass, 整合工具的能力对我来说是极其重要的. 我希望能够利用资源和时间, especially, efficiently, deliver the most value, and spend the least amount of time for myself or others in hunting for the information they need to make a decision. 

AppSpider

We're using AppSpider and managed AppSpider service primarily on a weekly basis, 然而，当我们需要验证任何发现时，我们确实会运行临时扫描. Managed AppSpider is a very important part of the strategy for 脆弱性管理. It’s something that we rely on to give us a view into potential vulnerabilities exposed in our application. 我们使用它在应用程序中的实例运行之前对其进行评估, 在提供给客户视图或客户访问之前. 所以这是我们检测这些漏洞的一种方式, 检测潜在的错误或其他缺陷, 在他们危及任何数据之前.

Rapid7 as a partner

Rapid7已经成为我重要的安全合作伙伴. 提供一些关键的安全控制, 脆弱性管理, there's a tie in with penetration testing through some of the managed services as well. Rapid7 tools such as Metasploit will also play a key role in establishing my own in-house penetration testing and red teaming programs.

InsightIDR gives me a fantastic event correlation and detection and alerting engine, as well as providing a key view into investigation of any potential incidents. Tools such as AppSpider give me great depth in terms of assessing applications, 我们主要是一个应用程序开发者, 所以这对我来说是一个重要的工具.

Really the whole product has become key to my strategy for information security at Visier.