卫斯理的使命 Adds Rapid7 InsightVM Tools 和 MDR Service to Secure Its Remote Workforce

挑战

像大多数劳动力一样, 自COVID-19大流行以来, the greatest security challenge WMQ faces is the shift to remote work. “We noticed an increase in cyber threats around the time people started working from home,Taraiz Khan说, 信息安全经理. “最大的问题是监控员工电脑的漏洞. We had limited visibility into what they were doing so the challenge was to respond to the incident. 我们特别注意到网络钓鱼诈骗的增加.“ 

他们面临的另一个主要挑战是资源. “We’re a relatively small team 和 we do not have the resources to build an in-house security operation center or have a big SOC team. From the outset our goal has always been to execute 24/7 monitoring of our environment, 所以如果发生了意外, 有人会立即关注此事，并以最快的速度解决问题.” 

解决方案

Today, 卫斯理的使命 Queensl和 has both InsightVM 和 the Rapid7 MDR service. “脆弱性 management is one of the security compliance requirements of ISO 27001,汗说。. “我们也希望我们的终端受到保护. From previous experience I knew we did not want to have too many agents. 对于Rapid7，我们只需要一个代理来处理InsightVM和MDR.”

InsightVM和MDR是一个强大的组合

“My role is to look after everything related to cyber security; writing policies, 风险管理, 安全意识和安全操作. Our operations 和 IT teams also help us implement the security controls,汗解释道。. “Our environment consists of SaaS applications, such as Office 365 和 medical applications. 我们也在数据中心托管应用程序, 哪些用户通过VPN访问,汗解释道。. 可汗采取了一种现实的方法来管理大的环境. “Our strategy is to provide a secure environment to support our staff so that they can focus on serving our clients. As a security team, we work in the background to monitor 和 respond if there is an incident. WMQ does an incredible job supporting Queensl和ers 和 our team plays an integral role in supporting our frontline workers, 这样他们就能专注于自己最擅长的事情.”

Khan had a clear picture of the security approach he needed to address the challenges of vulnerabilities in his environment. “We knew we needed constant monitoring 和 after contacting a lot of vendors, 我们喜欢Rapid7 InsightVM漏洞管理工具, in particular its live dashboard updates 和 the expertise of Rapid7’s 管理检测和响应 (MDR) service.”

The working combination of InsightVM 和 MDR has given Khan 和 team a whole new level of visibility across their widespread infrastructure. “当我们刚开始研究耐多药和IVM时, 我们可以看到有人试图从澳大利亚以外的地方登录. We're an 澳大利亚n-based organisation - we don’t often have people working overseas. 我们以前没有这样的能见度. 这就是我们看到Rapid7巨大价值的地方. The rich research on threats 和 vulnerabilities from Rapid7 provides us with updates when there is new data or a change in our environment.”

“If there are suspicious activities on the endpoint, IVM can feed all that information into MDR. 我们可以看到有多少漏洞. With the live dashboard we have past data that shows the progress as well as live data so we don’t have to run reports or wait for the scan to finish.”

补丁工作由昆士兰卫斯理教会的IT团队负责. “我们召开会议，让他们接触IVM. They can see all the vulnerability information 和 can plan how they’re going to patch.”

为他们的团队增加全天候的经验

Khan选择Rapid7 MDR是因为它的SOC专业知识. Before MDR, the WMQ security team did not have a clear picture of their environment. 但这一切都变了. Now the MDR team gives them full visibility into their whole l和scape. “We can ingest a lot of logs from our firewalls, endpoint protections 和 our DNS Windows. 我们可以搜索端点. 我们可以看到所有的活动正在发生. 这是我们的担忧，因为我们有很多员工远程工作. 了解我们的整个环境是关键.”

One of the first things they noticed after launching the MDR service was the immediate uptick in reporting 和 communication from the Rapid7 team. The MDR SOC is finding 和 managing the most critical alerts for their small team. “MDR团队定期为我们进行威胁搜索. And if they find an issue, they inform us 和 escalate it straight away.” 

The 卫斯理的使命 Queensl和 security team has gained a level of incident detection 和 response they had not seen before. “自从我们两年前开始与Rapid7合作以来, 在我们的环境中，我们还没有看到重大事故,汗说。. “The system was put to the test with a minor incident that occurred in the middle of the night where a user downloaded some malware. 我们的Rapid7 MDR团队立即发现了它，并在凌晨2点打电话给我们.m.在那次事件之后, Khan quickly took advantage of the MDR team’s expertise 和 24/7 coverage 和 worked with them to establish an automated response procedure. 

MDR团队提供调查事件的关键专业知识. “We are really pleased to have the MDR team provide insights 和 expertise, 与我们的内部安全团队并肩工作,汗说。. 可汗还指出了他收到的事件报告的质量. ”Reporting is an important part of our security process 和 we are pleased with the quality 和 detail provided by the MDR team as well as remediation suggestions to stop the same thing from happening in the future.” 

In fact, Khan considers the Rapid7 MDR SOC a critical extension of his team. “MDR团队随时待命，全天候为我们提供帮助. 我们需要的时候总有人可以倾诉. 我们可以发电子邮件. 我们可以打这个号码. 这就是我们喜欢Rapid7的原因.” 

新的安全水平

Khan now looks out over his environment 和 sees a whole new level of security. “我们已经组建了一支团队，并引入了一个新的控制水平. 在Rapid7之前，我们知道会有网络攻击发生. But after we signed on with Rapid7 to help address vulnerabilities 和 detection 和 response, 我们看到事故几乎降至零. 当然是小事. 但我们还没有一个, major incident happen within our environment since we added Rapid7 to our team.” 

“Rapid7 is really helping us reduce a lot of risk in terms of cyber 和 IT. 我们有能见度，”汗总结道. “这对我们来说非常重要. 我知道如果发生了什么，MDR团队会帮助我们.”