Rapid7 Is a “Key Security Partner” for Workforce Analytics Company Visier

Challenge

For Christopher Calvert, director of information security at Visier, protecting customer data is incredibly important. 他说:“我们被委托保管敏感数据，我们非常重视对其的保护。. “So ensuring that we know about our exposure in terms of vulnerabilities, we know about the activity and environment, 我们知道潜在的威胁和威胁参与者可能对客户数据感兴趣, it's of paramount importance to the environment, to our business, and to our customers.”

Solution

Rapid7投资组合使Calvert能够根据漏洞了解其暴露的范围, as well as potential threats and threat actors. insighttidr提供了一个非常棒的事件关联、检测和警报引擎, 以及为调查任何潜在事件提供关键意见. AppSpider offers great depth in terms of assessing applications. 整个Rapid7产品已经成为Visier信息安全战略的关键.

我叫Christopher Calvert，是Visier公司的信息安全主管. Visier is an analytics company, 我们开发了基于分析平台的SaaS产品，并在此基础上构建了主要用于商业智能领域的应用程序, solving workforce planning and analysis needs, as well as a recently announced talent acquisition product.

我们被委托保管敏感数据，我们非常重视对其的保护. So ensuring that we know about our exposure in terms of vulnerabilities, we know about the activity and environment, 我们知道潜在的威胁和威胁参与者可能对客户数据感兴趣, it's of paramount importance to the environment, to our business, and to our customers.

InsightVM是我们用于漏洞管理程序的扫描引擎. 它在扫描主机，我让它对应用程序做一些扫描. 但它主要用于办公室和数据中心环境，以便我们扫描所有主机, getting deep insight into the vulnerabilities that may be exposed, as well as helping to inform remediation plans with partners in IT, in our DevOps group, 或者在拥有这些资产的其他团队中，或者可能拥有运行在这些资产上的代码. So it's a critical tool for me, and a critical security control.

InsightVM中的顶级修复报告可能是我最喜欢的报告. 这是我在公司其他地方的合作伙伴最看重的，也是他们能够触发补救计划的最重要的信息.

我们还会看一些其他的报告，分发是针对那些对这种报告风格感兴趣的人量身定制的. Generate recurring score cards on a monthly basis, 各种季度报告……我越来越了解报告深度的能力, 而是基于InsightVM本身构建一个相当强大的漏洞管理通信策略. 我也开始从与之相关的Insight服务中获得更多价值, 在它给我的额外可见性和与其他工具的潜在集成之间取得适当的平衡.

我们已经开始探索InsightVM Now*和它提供的丰富的分析视图. 我们是一家分析公司，我们肯定看到了丰富的分析平台的价值. I do have some working partners, particularly in our DevOps group, that are quite keen on the insights that InsightVM Now can deliver.

*Our InsightVM Now product has evolved into InsightVM, which utilizes the power of the Rapid7 Insight platform, our cloud-based security and data analytics solution.

InsightIDR

我第一次接触到insighttidr时，它是一种已经存在于环境中的工具, integrating it into my strategy for information security at Visier. 我非常喜欢insighttidr的一点是，它将纯响应事件管理方法和主动搜索方法结合在了一起. 我可以使用我已经确定为可靠的威胁指示器，并通过API注入它们, correlate with my internal event data, and allow me to not just respond, 但是让它根据这些威胁数据积极寻找入侵的迹象, 它确实模糊了纯粹的响应式方法和纯粹的主动式方法之间的界限.

Well, 今天，我们从各种来源收集日志和事件数据，包括我们依赖的其他云服务. 我有威胁情报，可以从中提取高可信度指标. I use the InsightIDR API to inject those in as threat definitions, 这使我能够将我们的事件数据与互联网上已知的高可信度威胁活动联系起来，从而真正获得一个广泛的视角，了解威胁是什么，以及可能针对我们环境的威胁行为者. It gives me an ability to detect problems and respond quickly.

Integrating InsightIDR and InsightVM

We have InsightIDR and InsightVM integrated, 这使我能够将漏洞数据与我们正在研究的各种事件数据来源联系起来. So that when I have something that I need to investigate, or if I'm hunting for signs of a threat, 在同一个视图中，我可以调出主机的漏洞信息.

为了确保有效利用时间，我们的一大策略就是限制玻璃的数量, and the ability to integrate tools is of extreme importance to me. I want to be able to use resources and time, especially, efficiently, deliver the most value, 花最少的时间为自己或他人寻找他们需要做决定的信息. 

AppSpider

我们每周都会使用AppSpider并管理AppSpider服务, however we do have ad hoc scans run when we need to validate any findings. Managed AppSpider是漏洞管理策略中非常重要的一部分. 我们依靠它来查看应用程序中暴露的潜在漏洞. We use it to assess instances in the application before they go live, before they get offered to a customer view or customer access. So it's a way for us to detect those vulnerabilities, detect potential bugs or other flaws, before they put any data at risk.

Rapid7 as a partner

Rapid7 has really become a key security partner for me. Deliver a number of critical security controls, vulnerability management, 通过一些托管服务也可以进行渗透测试. 像Metasploit这样的Rapid7工具也将在建立我自己的内部渗透测试和红队计划方面发挥关键作用.

insighttidr为我提供了一个非常棒的事件关联、检测和警报引擎, 以及为调查任何潜在事件提供关键意见. AppSpider等工具让我能够更深入地评估应用, and we are primarily an applications developer, so that's a critical tool to me.

实际上，整个产品已经成为我在Visier的信息安全战略的关键.