Rapid7 InsightVM Helps 塞拉维尤医疗中心 Prioritize Risk 和 Remediate Fast

挑战

It’s no secret that the healthcare industry has become a favorite target for hackers over recent years. 在地下网络世界，患者数据是一种珍贵的商品, 医院被视为勒索软件攻击的容易目标, 鉴于IT系统的关键任务性质.

斯科特·切尼, Sierra View医疗中心的信息安全经理, was well aware of these 和 other threats facing his organization. But Cheney was struggling to get the kind of visibility 和 control he needed to keep endpoints 和 服务器s protected. 

解决方案

To get the visibility he needed, Cheney opted for Rapid7 InsightVM 和 InsightIDR. InsightVM, 业界领先的漏洞管理平台, allows IT teams to see exactly where risk is in their organization, 实时查看数据, 并快速轻松地分配补救任务. InsightIDR, 反过来, is an integrated detection 和 investigation solution that combines user behavior analytics, 端点检测, 目视日志搜索. 

那是在黑暗中

As the only full-time information security practitioner at the hospital, Cheney needed real-time automated insight into risk levels that he could share with the IT operations, 网络, 系统工作人员每天都在帮助他. And he needed a streamlined way to prioritize 和 assign vital remediation work to these colleagues in order to keep systems patched 和 resilient.

When he took the helm at Sierra View the only intelligence coming in was via quarterly 和 biannual scans from a third-party provider, meaning some of the data he 和 others were working from was up to six months old. 它还附带了一个简单的CVSS分数, which lacked the granularity he needed to prioritize risk effectively. 更重要的是, 对切尼和他的同事来说，补救措施“几乎是不可能的”, who were forced to work from a spreadsheet 和 manually prioritize what to fix.

“All we would end up doing is anything public facing 和 critical would get patched, 而且内部几乎没有任何东西会被修补,切尼说。. “这在以前是不可能发生的. It just physically wasn’t possible to do what we’re doing now with the old setup.”

输入Rapid7 InsightVM和insighttidr

Cheney was drawn to InsightIDR 和 InsightVM by the unified Rapid7 Insight Agent, 这有助于缓解部署问题. The agents also allowed him to avoid credentialed scanning on endpoints 和, 有史以来第一次, get real-time visibility into how his virtual desktop environment changes—another big tick in the box for Cheney.

Sierra View was more than happy with the cloud delivery model in InsightVM. “IT is tired with getting more systems to manage 和 more 服务器s to maintain, 所以任何云, 尤其是当你能证明它很有效的时候, 很容易被我们的组织接受吗,切尼说。. 才过了一个半月, Cheney 和 his colleagues had resolved 12% of all 服务器 vulnerabilities 和 7% of VDI bugs.

令人瞠目结舌的可见性

It didn’t take long for the IT staff at Sierra View to notice the difference. The 实时数据 generated by InsightVM has been a game changer for all concerned. Just as important is the detailed Real Risk Score that InsightVM offers, which goes way beyond the 1-10 of CVSS; it’s a 1-1,000风险评分基于诸如脆弱性的年龄等因素, 它有什么可利用的漏洞, 以及使用了哪些恶意软件工具包.

“Since InsightVM has been deployed it’s been incredibly eye opening for our desktop teams 和 服务器 teams to see the state of things. Having real-time visibility in conjunction with the risk scoring is huge,切尼说。. “当我们第一次从工具中获得信息时 ... 我们需要解决的问题太多了, so definitely having the real-time risk score was important 和 helped us focus our efforts.”

Cheney is so confident in the accuracy of the risk scores that the organization is using them to monitor progress 和 calculate the success of the overall project.

一站式服务

Liveboards are another key feature of InsightVM 和 one the Sierra View IT team has leveraged to good effect. Cheney checks them a couple of times a week to monitor the progress of projects with dynamic, 实时数据. 当他着眼于“大局”的时候,” plans are afoot to roll this visibility out to the rest of the technical team. 

考虑到切尼不喜欢经过认证的扫描, the dashboards provide a vital 和 detailed view of risk across the entire IT environment. 他说:“这是唯一能找到一切的地方。. “Seeing the percentage of assets that can be exploited by a novice, for example … It’s a scary one but there are no other tools that give us that information for our whole environment.”

小菜一碟

至于修复由InsightVM标记的问题, the Rapid7 platform’s remediation workflow capabilities have turned a slow, 效率低下的, 而手工加工变成了更加流畅, 更高效的设置. 之前, it was nearly impossible to fix more than external 和 critical vulnerabilities, as Cheney’s team had to manually work through a spreadsheet to prioritize 和 assign results. Remediation tasks can now be prioritized according to risk 和 h和ed to the desktop, VDI, 服务器, 或者相应的网络团队.

“For them to be able to sort it by highest risk 和 hit those items first is really important, because we’re working with a mixed staff where they’re worrying about IT operations full-time, 不一定是全职保安,他解释道. “So for them to be able to come up with a quick idea of ‘hey these are the two things I can try to work on this week’ is really important.”

结果不言自明. 才过了一个半月, Cheney 和 his colleagues had resolved 12% of all 服务器 vulnerabilities 和 7% of VDI bugs. 之前 InsightVM the IT organization was in a constant state of fire-fighting, 不知道他们的进展如何. Now they have visibility 和 control—which is great news for everyone concerned.