Rapid7 InsightVM和insighttidr集成，为科特布斯Suedbayern节省60%的时间并简化合规性

挑战

Germany’s large energy sector is a sizable target for hackers. 今天的网络犯罪, 黑客行为主义者, 国家支持的特工既有动机，也有能力进行旨在窃取敏感运营和客户信息的攻击, hold organizations to ransom, or disrupt 和 destroy key control systems. Suedbayern需要遵守德国的IT安全法案，还需要一个具有智能的技术解决方案, 不仅仅是规则, to detect anomalous activity in their IT infrastructure.

解决方案

Since ESB could prove the technology was used for security purposes, it was approved by the works council. Rapid7 InsightVM和InsightIDR提供了“一个代理来管理它们”，以简化管理和集中报告.

这些只是让Benjamin Nawrath夜不能寐的部分威胁. Benjamin Nawrath是南巴伐利亚能源供应商科特布斯Suedbayern (ESB)的信息安全官。, which supplies natural gas 和 electricity to 120,000 households in the south of Germany. The largest operator of its kind in the region, ESB has around 350 employees, with 14 staff working alongside Benjamin Nawrath in IT.

合规负担

Benjamin Nawrath面临的最大挑战之一是遵守德国的IT安全法案(ITSG)。, which became law in 2015 but applies from July 2017 onward. 该法律要求所有关键基础设施提供商运行先进的网络安全程序，以确保可用性, 完整性, 真实性, 和 confidentiality of their IT infrastructure. 它还要求组织定期提供证明其合规性的认证. Failure to do so could result in a fine of hundreds of thous和s Euro.

With a large 和 complex environment to monitor (including 2,000个IP地址), 有限的资讯科技人员资源, a growing compliance burden, 和 ever-determined hackers to keep at bay, Benjamin Nawrath需要强大的技术解决方案来帮助克服这些重大挑战.

获得批准

ESB IT之前一直在使用Rapid7领先的漏洞管理解决方案expose*, so expanding their portfolio with Rapid7 was a natural choice. To fill the need for an incident detection 和 response solution, Rapid7 insighttidr的概念验证(PoC)可以快速轻松地进行设置，以提供对产品行业领先功能的所有重要确认.

“我需要一个内置智能的解决方案，而不仅仅是一个创建规则的技术解决方案. I buy the intelligence, not the rules. 这就是Rapid7在我们的评估中真正取得成功的原因，”Benjamin Nawrath说. “Splunk和类似的解决方案只是收集日志，我需要自己跟踪它们. 但我想知道是否发生了什么奇怪或不规律的事情，这是insighttidr告诉我的. 这是以合理的价格提供我需要的情报的最佳解决方案.”

ESB将InsightVM (Rapid7 expose的演进版)和insightidr(两者都由Rapid7 Insight平台提供支持)结合起来，提供业界领先的漏洞管理、事件检测和响应. Benjamin Nawrath表示，这两种解决方案都易于设置和维护, 他们提供了“一个代理来管理他们”——简化管理和集中报告. ESB一直是云服务的积极采用者，因此在交付方面没有任何障碍. And since it was for security purposes, 对IP地址的监控得到了德国劳动委员会代表的批准.

Accelerating incident response

insighttidr节省了ESB的IT时间，并帮助他们更快地响应事件. 统一SIEM, user behavior analytics (UBA), 和 endpoint detection 和 response (EDR), 它从头开始设计，以便在攻击链中尽可能早地检测入侵, leaving nowhere for the bad guys to hide.

“老实说，在insighttidr之前，我没有任何事件响应流程. I would just get a report from users saying ‘something is not as expected.’ I would then have to dig in 和 collect logs myself, which took a huge amount of time,Benjamin Nawrath说. “insighttidr确实帮助我能够更快地对事件做出反应. It’s really easy to use 和 the agents provide great insight.”

Benjamin Nawrath正在利用实时仪表板功能来跟踪特殊用户登录失败的情况. “One of the many good things is, 我不需要告诉insighttidr什么是服务账户——它可以识别它,他说.

易于管理的门户使他能够密切关注任何异常高的价值, if remote users are logging in from other countries, or any other metrics that might indicate noncompliance. 电子邮件提醒完成了整个过程，并且还发送给IT团队的其他成员, allowing them to respond if anything malicious is found.

Lowering risk with InsightVM

With a complex IT environment to monitor, including highly sensitive industrial control systems, Nawrath还需要将企业级漏洞管理紧密集成到insighttidr中. Rapid7’s InsightVM automatically collects, 监控, 和 analyzes any vulnerabilities on the corporate network, 具有高级分析和报告功能，允许用户优先考虑和修复风险.

对ESB, success is measured in terms of lowering risk over time, something InsightVM has been great at driving. “我定期扫描，并使用用户证书，所以我得到了我需要的尽可能多的信息. We have nearly no false positives, which is great,Benjamin Nawrath说. InsightVM还可以帮助我们识别需要更新的旧系统, 升级, 甚至被遗弃. It provides great insight in how I can evaluate the risk. It’s great to see how risk decreases by implementing remediations.” “InsightIDR has helped me be able to respond to incidents more quickly. It’s easy to use 和 the agents provide great insight.”

The agents have also helped save time over regular scans, 与insighttidr紧密集成的好处是，通过在事件和漏洞之间实现高度精确的关联，提高了效率.

展望未来

最终, insighttidr和InsightVM的联合力量为Benjamin Nawrath和他的团队节省了60%的时间. 这反过来又允许他花更多的时间来验证漏洞本身, 和 to prepare for an upcoming OSCP examination. 更重要的是, Rapid7生成的数据的价值甚至帮助他提高了在组织中的地位.

“Upper management isn’t overly involved with security, 但有了这两款产品，我就能让他们相信我们面临的真正风险. It helps me get more respect for my work,他说. 因为这些解决方案并不昂贵，所以说服管理层腾出预算不成问题.”

至于未来, Benjamin Nawrath计划通过实施InsightVM的补救工作流程，将任务委派给他的同事，进一步扩展他的投资能力. 但最重要的是, 他相信，insighttidr和InsightVM的结合将提供所有必要的保证，以履行IT安全法规定的义务——保持ESB的安全, 安全, 和 compliant for the years to come.