Taking Cybersecurity to the Next Level at WideOrbit
Industries
Company Size
Products
Customer Website
About WideOrbit
1999年,WideOrbit成立,其愿景是:让购买和销售广告变得更容易. Since then, 这一愿景已经扩大:成为全球领先的数字和线性媒体管理广告平台. To that end, WideOrbit将客户放在第一位,并认为客户的满意度限制了自身的发展.
The Challenge
James Killgore is WideOrbit’s IT Security Manager. He oversees a team of three cyber professionals. 在得出结论认为,由于无法有效地找到数据或分类漏洞,WideOrbit已经超出了以前的网络安全解决方案, 他寻求一个更强大的平台来简化和现代化他们的业务. Their former solution was not enterprise-ready.
The Solution
在概念验证后不久,Killgore意识到Rapid7可以将他们的安全态势提升到一个新的水平. According to Killgore, one thing was very clear early on. Rapid7’s InsightIDR and InsightVM were easy to use.
“我们所做的很多事情都是试图根据日志数据找出攻击发生的时间, and we get millions and millions and millions of logs every day, sometimes every hour. 筛选这些信息真的很有挑战性。”基尔戈尔解释道. “That was really challenging with our old tool, 日志搜索太不直观了,很难找到你想要的东西. 老天保佑,你在危机时刻试图找到一些具体的东西.”
然而,据基尔戈尔说,insighttidr的日志搜索不仅更容易使用,而且速度更快. “在任何时候都能很容易地找到我想要的东西. 你不需要成为LEQL大师就能找到任何东西。. “That really stood out to us early on.”
Rapid7的漏洞管理能力对Killgorel来说同样令人印象深刻. “很难确定这数千个漏洞中哪些是我们最需要关注的, especially vulnerabilities that have public exploits,” he shared.
Rapid7, however, 这样就很容易解决他们最紧迫的弱点, but identify, 分析某些漏洞可能影响其业务的原因和方式,并确定优先级. 例如,他们可以简单地询问Rapid7哪些漏洞被公开利用或恶意软件工具包. In fact, WideOrbit已经将其整个环境中公开利用的漏洞数量减少了50%.
A Crowd-Sourced Approach to Security
Killgore分享说,他希望他的组织中的最终用户和高级用户能够参与到他们使用的任何技术的漏洞状态以及这些系统生成的日志中来. Rapid7使他的团队能够建立一个他们以前从未有过的自动化水平——他们可以很容易地将漏洞数据转换成人性化的语言(特别是对于非技术团队成员)。.
“这使我们能够帮助员工参与到我们的安全态势中来,并给他们一种主人翁感. It’s a crowd-sourced approach,” said Killgore. “We’ve really been able to see more value thanks to Rapid7.”
New Platform, New Insights
Rapid7还增强了WideOrbit的技术团队和开发人员的能力,为他们的产品工作方式提供了新的见解, 用户在使用应用程序时何时以及为什么会遇到某些错误. 他们现在有能力使用InsightIDR的自定义解析器和“超级”日志搜索来收集这些数据.
Furthermore, 例如,WideOrbit长期以来一直在努力为警报设置例外情况, investigation alerts. IT高级副总裁Jai Dalal解释说:“在insighttidr之前,我们从未有过这样的服务 & Security. “insighttidr使我们能够精细地调整我们看到的噪音量. 我们收到的警报越少,我们就越能专注于收到的警报. 我们不只是被一堆噪音轰炸……我们可以真正看到问题所在.”
Ready to Go with Remediation Projects
Rapid7’s remediation projects 通过提供对安全和IT团队职责的可见性,允许团队在补救计划上进行协调. They can then easily track and measure progress. 基尔戈尔说,这些补救项目产生了可操作的报告,简化了运作.
“我们曾经使用这些巨大的电子表格,我们会在这些长时间的通话中向DevOps团队展示漏洞,” he recalled. “这只是一个疯狂的Excel文档……试图过滤列并显示某些内容是如此复杂. And then the data inside of each cell was way too big, 因此,您最终必须尽可能地缩小单元格和列,以便看到其他列. It was just a mess.”
此外,电子表格系统也阻止了WideOrbit动态跟踪进度. “It became a little contentious…sometimes, 在电子表格中,您无法立即判断漏洞是否已关闭. People would say, Well, we just addressed that last month. Why is this still showing up on the report? 我们必须回去验证,仔细检查,真的,它已经完成了. It’d be a very frustrating process. Rapid7 has helped broker a more friendly relationship between teams. We’re a more well-oiled machine.”
Killgore’s Advice: Just Dive In
当被问及在Rapid7之旅的早期,他会给其他网络专业人士什么建议时, Killgore didn’t hesitate to offer his two cents.
“Make sure you have someone, or some people, 谁能完全潜入并阅读所有文档并理解Rapid7的产品是如何工作的,” he advised. “Make sure they can do all the log query searching, how investigations are created, and how to do exceptions. Just dive in. Go all the way.”
Gain a complete, end-to-end SOC without the overhead
