Exponent Secures Clients’ Data With Rapid7 InsightVM Platform and 管理检测和响应 Service

Challenge

With 1,500 employees distributed across more than 30 locations supporting clients in the U.S, European Union and Asia, Exponent’s major security challenge is keeping its data safe and secure. That responsibility falls on the shoulders of Daniel Shuler and his information security team. 直接向财务总监汇报, Shuler was brought onboard in 2019 to formalize the way Exponent addresses security.

“We focus on protecting our clients’ data to the best extent that current technology will allow and do it in a concrete way that allows us to demonstrate we have the right security tools in place,” explains Shuler. 随着客户和项目的不断发展, new field offices, 以及多样化的技术, a large part of Exponent’s security challenge is related to the need for greater visibility across its diverse environment.

Solution

Shuler’s solution for visibility was implementing Rapid7’s vulnerability tool, InsightVM, 以及Rapid7的管理检测和响应(MDR)服务. 舒勒说:“我们的顾问流动性很强. “A large percentage of our work can happen offsite; at a client site, a hotel, or a home office. 我们需要一个紧跟用户的技术栈. Rapid7 fits right into that bucket because it offers a light-weight agent that can be deployed on end user devices and be with them wherever they go. 我们的整个策略就是跟着用户一起移动. We 100 percent rely on the Rapid7 agent deployment to carry this through.”

“我们面临的挑战与使用中资产的可见性有关, 正在使用的网络, 我们多元化的办公室,” notes Shuler. “这一切都是标准化的，但它在不断变化. We have a standard technology stack in each office with the same servers and network gear.” But Shuler points out there are many variables required to accommodate each client’s work; it could be adding a new work location or new technology. “We need to make sure we’re at the table for the right conversations; the technologies we’re specifying and requiring are being leveraged correctly and that everybody is operating within our policies,舒勒继续说. 

对不断变化的环境的可视性

除了提供漏洞信息之外, Rapid7的漏洞管理解决方案, InsightVM, performed asset discovery scans that identified each node on Exponent’s network. Now Shuler’s team also relies on InsightVM scans to identify any new devices that are added to the network. 

Rapid7的InsightVM技术非常可靠. 这正是我们需要它做的，”舒勒继续说道. “It integrates with the MDR service through a shared light-weight agent that provides a rich source of data. 代理具有多种功能，我们非常喜欢这一点.”

24/7 Security Team

When Shuler first joined Exponent, the company did not have an in-house security team. Shuler knew from experience it would be all but impossible to provide around-the-clock security coverage on their own. While becoming a round the clock operation is difficult for teams of many sizes, 他提到他之前的一家公司有一个很大的, in-house SOC (Security Operation Center) and coverage was a challenge. “Then, we had to rely on our SIEM and other technologies to make enough noise during off hours. 想想看——一个大团队不可能做到24小时不间断. 这就是为什么我们在第一天就购买了Rapid7 MDR服务. 我们知道小团队是做不到的.”

Rapid7的MDR为我们提供了能见度. 我们知道用户在哪里，设备在哪里. One of my favorite aspects of the MDR service is the ability to get into the console and look at the map showing where our incidents, events and devices are operating from – it’s powerful to be able to pull that up and see, ‘There are five people working in a different country than they usually do and they are connected to our VPN in Phoenix.”

Shuler与Rapid7 MDR SOC密切合作. “We’ve worked with the Rapid7 team to define what metrics need to be gathered, 例如防火墙日志, Web代理或邮件网关, whatever it takes to give the system enough data points to correlate and give us good results. 这不是一个静态的环境. It’s been consistently updated and changed to adapt to our changes and to adopt new capabilities available within MDR, like cloud support. 当我来到这里时，我们还不是AWS的客户，而现在我们是. 日志源和代理部署进行了转换. The MDR service continues to monitor and give us visibility into our environment.”

一个与Exponent使命一起发展的安全平台

在过去的三年里, Exponent’s security program has expanded and matured alongside Rapid7’s products and services. “Rapid7的报告每月都是一致的. With InsightVM we look at the number of devices and the number of vulnerabilities we have. 在MDR方面，我们监控事件的数量. 这对我们的安全计划非常有价值. Rapid7可以始终如一地向我们展示环境中正在发生的事情.”

至于合规措施, Rapid7’s InsightVM and MDR meet the security criteria desired by the firm’s clients. “我们的客户将他们的数据委托给我们. They want to know what we do for security; do you operate a SIEM? 你把数据关联起来了吗?? 你是否管理或监督24/7? Rapid7为我们检查了所有这些框. The correlation expertise through both the technology and the people in the SOC has proven many times over to be accurate and valuable.”

On a personal level, Shuler credits Rapid7’s around-the-clock support with giving him downtime. “I enjoy my sleep. So, if somebody says I’m going to give you 24/7 support and only wake you up when it’s necessary, 这对我来说很好. MDR SOC只升级我们需要采取行动的关键警报.“安全、可见性、专家支持和稳定的睡眠时间表. 解决方案，然后是Exponent的信息安全团队.