InsightIDR Accelerates Threat Detection from Hours to Seconds for 巴顿的同事

挑战

Recruitment firms are particularly highly prized as they contain large stores of wide-ranging personally identifiable information (PII) and financial details on their clients, 以及来自雇主的企业数据. A major data breach could have a huge impact on customer confidence in the brand, as could a ransomware-related outage that leaves job-seekers and employers unable to connect. 

像很多组织一样, 巴顿的同事 has been on a journey to cloud computing adoption in a bid to drive improved business agility and cost savings. 在过去的几年里, Goldenberg has seen the firm transform from one powered entirely by on-premises servers to one almost completely cloud-based, with Amazon Web Services (AWS) and other cloud providers helping to help optimize the business.

However, he realized that outsourcing to the cloud does not mean being able to hand over responsibility for cybersecurity. So a search began for a provider that could offer automated threat detection and response and vulnerability management capabilities tightly integrated into 巴顿的同事’ cloud infrastructure.

解决方案

公司选择了 InsightIDR for their detection-focused cloud SIEM after careful consideration, 其中包括几次与主要竞争对手的“试驾”.

“We did an evaluation across the board with a couple of major SIEM players. 我们理解利弊, 以及Rapid7 Insight平台, 我们觉得我们从盒子里得到了很多东西,戈登伯格解释道.

InsightIDR is Rapid7’s flagship threat detection and response SIEM, enabling organizations to respond with speed and confidence to attacks by spotting the behavior behind security breaches. 它集中了整个组织的安全数据, applying behavior analytics and threat intelligence to drive insight via an intuitive graphical interface. Machine learning baselines user behavior to alert on use of stolen credentials or anomalous lateral movement, while Rapid7 global intelligence feeds into Attacker Behavior Analytics (ABA) for detection of external attacks.

巴顿的同事也选择了Rapid7 InsightVM platform, which uses the same underlying agent to provide real-time insight into vulnerabilities. Risk-based attacker analytics help firms to automatically prioritize the most urgent ones and the focus is on collaboration across IT to ensure any issues are remediated seamlessly.

Rapid7表示快速反应

戈登伯格和他的团队对结果很满意, generating insight from the platform “very quickly” across the firm’s dynamic cloud environment.

“整合到我们的云中是非常重要的. The Insight Agent is deployed right on as we're spinning up each server,” he explains. “We need that insight on all new endpoints that are popping up to keep track from a regulatory and a security standpoint. It makes sure that we're locking things down appropriately—fully patching everything and ensuring that it's a clean box going into production.”

The IT security environment before and after Rapid7 “is not even a comparison,戈登伯格补充道, 解释说侧向探测的自动警报, 滥用特权, and other events have helped him greatly accelerate incident response.

“We started off with a hammer and chisel, looking at everything very manually. Now you have everything orchestrated and automated,” he says. “I can jump on a laptop and take care of an incident or escalate it to an engineer right then and there. It's taken the detection time from what could have been hours or days down to seconds.”

Goldenberg was also quick to praise Rapid7’s honesty and the close working relationship forged with his team. “Rapid7, you're engaging with a professional team where you know exactly what you're going to get out of the partnership,他总结道。. “There are no surprises that you sometimes get when working with some consulting partners or vendors.”