Rapid7 InsightVM Helps 塞拉维尤医疗中心 Prioritize Risk and Remediate Fast

Challenge

It’s no secret that the healthcare industry has become a favorite target for hackers over recent years. 在地下网络世界，患者数据是一种珍贵的商品, 医院被视为勒索软件攻击的容易目标, 鉴于IT系统的关键任务性质.

Scott Cheney, Sierra View医疗中心的信息安全经理, was well aware of these and other threats facing his organization. But Cheney was struggling to get the kind of visibility and control he needed to keep endpoints and servers protected. 

Solution

To get the visibility he needed, Cheney opted for Rapid7 InsightVM and InsightIDR. InsightVM, 业界领先的漏洞管理平台, allows IT teams to see exactly where risk is in their organization, 实时查看数据, 并快速轻松地分配补救任务. InsightIDR, in turn, is an integrated detection and investigation solution that combines user behavior analytics, 端点检测, 目视日志搜索. 

那是在黑暗中

As the only full-time information security practitioner at the hospital, Cheney needed real-time automated insight into risk levels that he could share with the IT operations, networks, 系统工作人员每天都在帮助他. And he needed a streamlined way to prioritize and assign vital remediation work to these colleagues in order to keep systems patched and resilient.

When he took the helm at Sierra View the only intelligence coming in was via quarterly and biannual scans from a third-party provider, meaning some of the data he and others were working from was up to six months old. 它还附带了一个简单的CVSS分数, which lacked the granularity he needed to prioritize risk effectively. What’s more, 对切尼和他的同事来说，补救措施“几乎是不可能的”, who were forced to work from a spreadsheet and manually prioritize what to fix.

“All we would end up doing is anything public facing and critical would get patched, 而且内部几乎没有任何东西会被修补,” says Cheney. “这在以前是不可能发生的. It just physically wasn’t possible to do what we’re doing now with the old setup.”

输入Rapid7 InsightVM和insighttidr

Cheney was drawn to InsightIDR and InsightVM by the unified Rapid7 Insight Agent, 这有助于缓解部署问题. The agents also allowed him to avoid credentialed scanning on endpoints and, 有史以来第一次, get real-time visibility into how his virtual desktop environment changes—another big tick in the box for Cheney.

Sierra View was more than happy with the cloud delivery model in InsightVM. “IT is tired with getting more systems to manage and more servers to maintain, 所以任何云, 尤其是当你能证明它很有效的时候, 很容易被我们的组织接受吗,” says Cheney. 才过了一个半月, Cheney and his colleagues had resolved 12% of all server vulnerabilities and 7% of VDI bugs.

令人瞠目结舌的可见性

It didn’t take long for the IT staff at Sierra View to notice the difference. The 实时数据 generated by InsightVM has been a game changer for all concerned. Just as important is the detailed Real Risk Score that InsightVM offers, which goes way beyond the 1-10 of CVSS; it’s a 1-1,000风险评分基于诸如脆弱性的年龄等因素, 它有什么可利用的漏洞, 以及使用了哪些恶意软件工具包.

“Since InsightVM has been deployed it’s been incredibly eye opening for our desktop teams and server teams to see the state of things. Having real-time visibility in conjunction with the risk scoring is huge,” says Cheney. “当我们第一次从工具中获得信息时 ... 我们需要解决的问题太多了, so definitely having the real-time risk score was important and helped us focus our efforts.”

Cheney is so confident in the accuracy of the risk scores that the organization is using them to monitor progress and calculate the success of the overall project.

一站式服务

Liveboards are another key feature of InsightVM and one the Sierra View IT team has leveraged to good effect. Cheney checks them a couple of times a week to monitor the progress of projects with dynamic, 实时数据. 当他着眼于“大局”的时候,” plans are afoot to roll this visibility out to the rest of the technical team. 

考虑到切尼不喜欢经过认证的扫描, the dashboards provide a vital and detailed view of risk across the entire IT environment. 他说:“这是唯一能找到一切的地方。. “Seeing the percentage of assets that can be exploited by a novice, for example … It’s a scary one but there are no other tools that give us that information for our whole environment.”

小菜一碟

至于修复由InsightVM标记的问题, the Rapid7 platform’s remediation workflow capabilities have turned a slow, inefficient, 而手工加工变成了更加流畅, 更高效的设置. Before, it was nearly impossible to fix more than external and critical vulnerabilities, as Cheney’s team had to manually work through a spreadsheet to prioritize and assign results. Remediation tasks can now be prioritized according to risk and handed to the desktop, VDI, server, 或者相应的网络团队.

“For them to be able to sort it by highest risk and hit those items first is really important, because we’re working with a mixed staff where they’re worrying about IT operations full-time, 不一定是全职保安,” he explains. “So for them to be able to come up with a quick idea of ‘hey these are the two things I can try to work on this week’ is really important.”

结果不言自明. 才过了一个半月, Cheney and his colleagues had resolved 12% of all server vulnerabilities and 7% of VDI bugs. Before InsightVM the IT organization was in a constant state of fire-fighting, 不知道他们的进展如何. Now they have visibility and control—which is great news for everyone concerned.