爱丁堡纳皮尔大学 Chooses Rapid7 to Power Its CyberSecurity Team

挑战

Hamilton 和 his small team are tasked with protecting the University’s networks against the full range of security challenges, 从未经授权的用户到网络钓鱼企图和网络攻击. Not everyone on Hamilton’s security team came from a cybersecurity background, so he looked for security tools which would provide his team with insights 和 support.

Another major challenge the team faces is the sheer number of students 和 the potential for missteps. “有将近20人,000名学生, it was previously the case that our students didn't always have the best password hygiene. 所以，我们会发现他们的账户经常会被泄露. We didn't really know what was happening because we didn't have robust monitoring to find that data. 这是促使我们寻找安全工具的因素之一.”

解决方案

Hamilton compared a number of SIEM vendors 和 deployment models 和 chose Rapid7 InsightIDR because of the powerful capabilities it delivers right out of the box. “我们不需要自己建造探测器.” 

强大的SIEM开箱即用

Implementing new security tools can be a daunting task for even the most experienced teams. 但是，对于汉密尔顿和他的工作人员来说，情况并非如此. “insight tidr无需我们配置即可完成大量工作. Deploying InsightIDR was incredibly easy in the sense that all we had to do was deploy the collectors on our network. 我们将两个收集器服务器部署为虚拟机. We then configured a few of our systems as event sources to integrate with those collectors. 半天之内，一切都开始运转了.”

Hamilton also points to the benefits of the Rapid7 software as a service model. “We didn't want to maintain the infrastructure ourselves - we didn't want to worry about servers or storage for SIEM data. Being able to just simply set up a subscription 和 start using it straight away, 非常强大. So, 我们自己几乎没有任何经验, we have been able to reap benefits very quickly 和 easily with InsightIDR.” 

Hamilton notes that as part of his SIEM evaluation he asked a number of well-known vendors to provide time-to-value estimates. “They all said it would take significantly longer than what Rapid7 offered.” 

洞察代理提供可见性和控制

大学一直有远程的国际用户, 但随着Covid的出现,500名员工在家工作. “这给我们带来了一些有趣的挑战，”汉密尔顿解释道. “We had to develop a whole new managed laptop service because traditionally our staff worked on desktop PCs in the office. 我们在很短的时间内把笔记本电脑发给员工, 我们必须在不影响安全的情况下推出这项服务.”

这就是Rapid7 Insight Agent的无价之处. 不管这些远程笔记本电脑在什么本地网络上, 汉密尔顿和他的团队从端点获取数据. ”,, 如我所说, the majority of these were on home networks but we were still getting the alerts 和 things from them as appropriate,汉密尔顿说。.

“加, 我们已经拥有了insighttidr的所有行为分析功能, which meant that as folks were starting to work from multiple locations we got the alerts, 告诉我们那个活动. 和, we were able to tune those alerts 和 manage them to make sure that we were keeping on top of things but not being overwhelmed.”

Hamilton adds that some peers are surprised at just how much detail his team can get. “但有了Insight Agent，你就能获得信息. The Insight Agent has definitely helped us to detect things more quickly, 和 also come to a verdict more quickly as to whether or not something needs to be taken care of.”

Hamilton 和 his team are getting alerts from things they would not have known about without InsightIDR – 和 they're able to resolve them satisfactorily. “We're not getting unnecessary alerts or getting overwhelmed by alerts that keep piling up. We're able to use the tools to investigate, make a decision, 和 deal with the alerts.”

自动化耗时的手工流程

Hamilton next searched for an automation tool for their most time-consuming manual tasks. 他在InsightConnect中找到了解决方案, Rapid7的安全编排, 自动化和响应(SOAR)解决方案.

“我们确定了不需要手动完成的用例. 例如, 当我们处理网络钓鱼邮件时, 我们是在回应用户, 调查消息, 采取行动, 这是非常耗时的. We decided that anything we could do to automate 和 streamline that process would be helpful,他说. “That's where InsightConnect is really powerful because it brings multiple systems together 和 integrates them in a way that allows the automation to occur.” 

汉密尔顿喜欢的另一件事是, “We don't have to be full-on coders with extensive knowledge of programming.” For Hamilton, it’s all about making the process manageable for his small team. 有了insighttidr和InsightConnect这样的工具，他就能做到这一点. 

用户友好的工具，让工作完成

“The Rapid7 products support my team 和 increase their ability to do more within their skill set 和 within the time they have available. They appreciate the fact that InsightIDR 和 InsightConnect don’t require high levels of technical expertise. 他们很容易接近. 它们对用户很友好.”

Hamilton also appreciates the fact that he has a voice as a customer into the process of improving the Rapid7 products. “It's great to work with a product that is being actively developed 和 improved. 感觉我们是有发言权的有价值的客户.” 

For anyone considering Rapid7’s InsightIDR 和 InsightConnect, Hamilton offers this simple advice. “使用Rapid7非常容易. Within hours or days of starting to use InsightIDR, you'll begin to get quality actionable data. Rapid7 helps us manage our jobs by giving us the ability to do more with less.”