卫斯理的使命 Adds Rapid7 InsightVM Tools 和 MDR Service to Secure Its Remote Workforce

挑战

像大多数劳动力一样, since the COVID-19 p和emic, the greatest security challenge WMQ faces is the shift to remote work. “We noticed an increase in cyber threats around the time people started working from home,Taraiz Khan说, the manager of information security. “The biggest issue was monitoring vulnerabilities in staff computers. We had limited visibility into what they were doing so the challenge was to respond to the incident. We particularly noticed an increase in phishing scams.“ 

Their other major challenge is resources. “We’re a relatively small team 和 we do not have the resources to build an in-house security operation center or have a big SOC team. From the outset our goal has always been to execute 24/7 monitoring of our environment, so if there were an incident, there are eyes on it immediately 和 the fastest possible resolution.” 

解决方案

Today, 卫斯理的使命 Queensl和 has both InsightVM 和 the Rapid7 MDR service. “脆弱性 management is one of the security compliance requirements of ISO 27001,汗说。. “We also want our endpoints protected. From previous experience I knew we did not want to have too many agents. And with Rapid7, we only need one agent for both InsightVM 和 MDR.”

InsightVM 和 MDR Are a Powerful Combination

“My role is to look after everything related to cyber security; writing policies, 风险管理, security awareness 和 security operations. Our operations 和 IT teams also help us implement the security controls,汗解释道。. “Our environment consists of SaaS applications, such as Office 365 和 medical applications. We also have applications hosted in our data centers, which users access through a VPN,汗解释道。. Khan takes a realistic approach to managing the large environment. “Our strategy is to provide a secure environment to support our staff so that they can focus on serving our clients. As a security team, we work in the background to monitor 和 respond if there is an incident. WMQ does an incredible job supporting Queensl和ers 和 our team plays an integral role in supporting our frontline workers, so they can focus on what they do best.”

Khan had a clear picture of the security approach he needed to address the challenges of vulnerabilities in his environment. “We knew we needed constant monitoring 和 after contacting a lot of vendors, we liked the Rapid7 InsightVM vulnerability management tool, in particular its live dashboard updates 和 the expertise of Rapid7’s 管理检测 和 响应 (MDR) service.”

The working combination of InsightVM 和 MDR has given Khan 和 team a whole new level of visibility across their widespread infrastructure. “When we first started with MDR 和 IVM, we could see people were trying to log in from outside 澳大利亚. We're an 澳大利亚n-based organisation - we don’t often have people working overseas. We didn’t have that kind of visibility before. That’s where we see huge value in Rapid7. The rich research on threats 和 vulnerabilities from Rapid7 provides us with updates when there is new data or a change in our environment.”

“If there are suspicious activities on the endpoint, IVM can feed all that information into MDR. We have visibility into how many vulnerabilities there are. With the live dashboard we have past data that shows the progress as well as live data so we don’t have to run reports or wait for the scan to finish.”

Patching is h和led by 卫斯理的使命 Queensl和’s IT team. “We run a meeting 和 give them access to IVM. They can see all the vulnerability information 和 can plan how they’re going to patch.”

Adding 24/7 Experience to Their Team

Khan chose Rapid7 MDR for its SOC expertise. Before MDR, the WMQ security team did not have a clear picture of their environment. 但这一切都变了. Now the MDR team gives them full visibility into their whole l和scape. “We can ingest a lot of logs from our firewalls, endpoint protections 和 our DNS Windows. We can search endpoints. We can see all of the activities happening. That was the concern, because we have a large staff working remotely. Having visibility into our entire environment is key.”

One of the first things they noticed after launching the MDR service was the immediate uptick in reporting 和 communication from the Rapid7 team. The MDR SOC is finding 和 managing the most critical alerts for their small team. “The MDR team is doing threat hunting for us regularly. And if they find an issue, they inform us 和 escalate it straight away.” 

The 卫斯理的使命 Queensl和 security team has gained a level of incident detection 和 response they had not seen before. “Since we began working with Rapid7 two years ago, we have not seen a major incident within our environment,汗说。. “The system was put to the test with a minor incident that occurred in the middle of the night where a user downloaded some malware. Our Rapid7 MDR team picked it up right away 和 called us at 2:00 a.m.在那次事件之后, Khan quickly took advantage of the MDR team’s expertise 和 24/7 coverage 和 worked with them to establish an automated response procedure. 

The MDR team provides critical expertise investigating incidents. “We are really pleased to have the MDR team provide insights 和 expertise, working side by side with our in-house security team,汗说。. Khan also points to the quality of incident reporting he receives. ”Reporting is an important part of our security process 和 we are pleased with the quality 和 detail provided by the MDR team as well as remediation suggestions to stop the same thing from happening in the future.” 

In fact, Khan considers the Rapid7 MDR SOC a critical extension of his team. “The MDR team is always available, 24/7 to help us. We always have someone to talk to whenever we need to. 我们可以发电子邮件. 我们可以打这个号码. This is what we like about Rapid7.” 

A New Level of Security

Khan now looks out over his environment 和 sees a whole new level of security. “We’ve built a team 和 brought in a new level of controls. Before Rapid7, we knew there were cyber-attacks happening. But after we signed on with Rapid7 to help address vulnerabilities 和 detection 和 response, we see that incidents have gone down almost to zero. 当然是小事. But we have not had a single, major incident happen within our environment since we added Rapid7 to our team.” 

“Rapid7 is really helping us reduce a lot of risk in terms of cyber 和 IT. We have visibility,” concludes Khan. “That’s very important for us. And, I know if anything happens, the MDR team is there to help us.”