Manufacturer 人工发热机 Stays in Motion with Rapid7 解决方案s
对人工发热机
人工发热机 is part of the 人工发热机 Associates family, 一家100%由员工持股的公司,由您所熟悉和信赖的工业切割技术和解决方案组成, 射流, 软件, 和 more—to help our customers succeed like never before. With a consistency of purpose, 创新的动力, 和 a passion for customer success, 海宝公司在工业切割和成型行业处于领先地位.
挑战
詹姆斯·汤普森, Information Security 经理 at 人工发热机, 依赖于安全解决方案,使操作和技术在其组织的环境中平稳安全地运行. 负责整个资产范围,包括操作技术, 物联网设备, 和 人工发热机's own proprietary 软件, 詹姆斯寻找了一个单一的窗格,以便看到制造业的“狂野西部”.
解决方案
Rapid7 InsightVM was the ideal solution for identifying, 评估, 并且在没有与其他工具相关的停机时间的情况下修复风险. 人工发热机’s partnership with Rapid7 led to the adoption of InsightAppSec, Rapid7领先的动态应用安全测试(DAST)解决方案.
亮点包括:
- “对于一个真正成熟的漏洞扫描管理程序,我们开始评估Tenable.io 和 Rapid7's InsightVM... 当我们在演示InsightVM时,我们发现我们可以创建一种动态黑名单. 这样我就可以制定我的扫描计划,而不会有使打印机下线的风险, 和 that was a big deal for manufacturing."
- "AppSpider* empowered the developers to help themselves. 将这个工具构建到我们的web应用程序中,可以帮助我更好地理解边缘的暴露... It also empowers those developers to improve their product, 来测试他们的产品, 还有AppSpider, they can test on the fly."
- “[Rapid7帮助]最终构建一个完整的解决方案,并围绕产品可以提供的相关性进行编程... 客户成功经理真的在帮我描绘这幅图景."
* Rapid7 AppSpider背后的行业领先的DAST引擎现在是Rapid7 InsightAppSec.
视频记录
My name is 詹姆斯·汤普森. I'm the information security manager for 人工发热机. 我们是金属切割解决方案提供商,所以考虑高压水,等离子体,激光. 所以你会发现我们在造船厂,石油,管道工作,或者是开卡丁车的家庭爱好者.
The manufacturing environment is challenging. I like to call it the Wild West. 我们没有金融行业或健康行业可能有的很多监管. So, much of our security isn't forced upon us, we choose where that balance may be, for better or for worse.
所以,谈到我们的环境和我们环境的结构,非常流动. Very mobile workforce, especially with IoT. So, 我们的很多同事, as we like to call them, 他们有笔记本电脑,我们的人口中有很高比例是工程师. 因此,高性能的CAD工作站,高度虚拟化的基础设施.
And a lot of manufacturing has old legacy machines. 所以我可能有一台价值百万美元的机器在生产车间里,它还在生产零件, 交付价值, but it's running on XP or XP Embedded, or something that's becoming very difficult to secure.
So having been able to build on the awareness, 构建一个真正成熟的漏洞扫描管理程序的业务案例, we started to evaluate Tenable.io 和 Rapid7's InsightVM.
We were trying to find a way, we were manually managing a blacklist of IPs for our printers, 不同的生产单元总是在组织中移动, someone will move a printer to a new IP range, 和 I might not know until I knock production back offline. 所以不管我说什么你真的需要告诉我你什么时候搬这些东西, the reality is I'm a pain point for the business.
当我们在演示InsightVM时,我们发现我们可以创建一种动态黑名单. 这样我就可以制定我的扫描计划,而不会有使打印机下线的风险, 和 that was a big deal for manufacturing. 当然对我们来说.
就我们现在利用的功能而言,这些功能对我们来说非常重要, there's really two I would highlight. 一个是仪表板. 内置的仪表板允许我退后一步,让我的经理, or my higher level C suite executives to see that, 问问题,而不需要我深入创建这些自定义报告. Always regenerate a report, tweak it with every question.
他们可以实时查看正在发生的事情的实时快照. So when there's a new vulnerability they're like I said, ”詹姆斯, I saw this in the news, 比如蓝堡, 我们做得怎么样?? 我们的足迹是什么?? 我们的曝光率是多少??“他们可以直接跳进去,看到WannaCry和里面的各种CryptoLocker. There's two or three assets. 我应该担心吗?? What are we doing about it?
我们使用的另一个重要部分是DHCP扫描.
所以当一个新设备被插入网络并且以某种方式绕过了我们的外围防御系统, when it pulls that DHCP address, it scans at that point in time. 或者我们会设置如果在过去两周内扫描过, 它不会, because that's a known device plugging in 和 pulling DHCP.
所以我们可以看到连接到网络的非法设备, 让我有能力自信地说,如果这是在网络上, 我知道.
我们正在利用Atlassian Jira在InsightVM平台内进行票务. 对我们来说真正的好处是我不再是交警了. Looking at the various vulnerabilities, how critical they were or weren't, 做出一个非常主观的决定,我们是否需要将这些提升到商业层面? 我现在有了一种更可量化的方法,可以自动创建一张票, that goes into a workflow, that gets assigned to someone for mediation. And that orchestration saves an awful lot of time, really.
我们一直都意识到我们的应用程序扫描存在漏洞. 无论是网络应用程序,还是我们自己开发的销售软件.
It was a new space for us. We were struggling to underst和 how to fill the space, so really our relationship, as it grew through InsightVM, we started asking questions, what more can Rapid7 do for us?
I need to leverage a tool that can come back 和 say, "You might have a sequel injection opportunity here, you might have poor authentication methodologies." So AppSpider empowered the developers to help themselves.
将这个工具构建到我们的web应用程序中,可以帮助我更好地理解边缘的暴露. 所以现在我可以更好地向管理团队介绍我们的工作情况. 但它也赋予了这些开发人员改进产品的权力, 来测试他们的产品, 还有AppSpider, they can test on the fly. So they'll point out their dev instance, 他们会做出改变, 他们会运行它, go, “哦, there could be SQL injection.他们会做出调整,在那里运行它,然后说,“这可以工作”,然后发布它. So they're able to really make very fast agile adjustments.
这只是每周与Rapid7的互动,看看我们做得如何? 我们正在做的事情? Do we need to invest more here? I have an acquisition coming here I need the plan for, 然后再进一步考虑如何引入IDR, 与耐多药合作. Can I automate more with the connect platform? 最终,围绕产品所能提供的相关性构建一个完整的解决方案和程序. Rather than me doing 这是最好的品种, 这是最好的品种, 这是最好的品种, 有三块不同的玻璃,我必须把它们绑在一起.
所以教练们, I'll call them coaches, 客户成功经理真的在帮我描绘这幅图景. 所以我晚上可以睡觉,出去玩,玩得开心,而不用担心时区里发生了什么. The 12 hours off from me working.
Six products, one platform, no compromises. 洞察平台是您的单一玻璃安全解决方案.
