Rapid7的单一代理 & 简单的设置是国防银行成功的安全姿态的关键
关于国防银行
国防银行 commenced operations in March 1975 as Defence Force Credit Union Limited (Defcredit) before becoming 国防银行 in 2012.
不像其他金融机构, 国防银行的存在不是为了给股东赚钱. 而不是被驱使着为股东创造利润, they re-invest their profits back into the bank to make sure they give members the service 和 competitive products they deserve.
国防银行是澳大利亚最大的会员制银行之一, offering financial products 和 services to not only the Australian Defence Force, 但更广泛的社区也是如此.
所面临的挑战
“威胁形势, 无论是在一般情况下,还是在金融领域内, 呈逐年上升趋势.信息安全主管Nick Bellette说 & 国防银行的网络风险. “Given the heightened risk faced by both banking customers 和 financial institutions themselves, accompanied by the growing threat environment 和 regulatory compliance requirements, 国防银行认识到全面解决方案的必要性.”
They required a unified security solution platform that was easy for their cyber security team to deploy 和 use, 与第三方系统集成, 并提供对其脆弱性、风险和威胁的可见性.
解决方案
国防银行 began with Rapid7 InsightIDR for a cloud-native SIEM 和 XDR (extended detection 和 response) solution 和 Rapid7 InsightVM for 脆弱性管理. “Rapid7满足了我们组织对事件响应的需求, 脆弱性管理, 和报告, 在这些关键领域都表现出色.贝莱特分享道。.
贝勒特再怎么强调部署的效率也不为过. “The setup process dem和ed minimal effort over a brief span of one to two weeks, 没有明显的挑战. 在评估的SIEM解决方案中, Rapid7成为用户最友好和最直接的选择. 它的部署和使用直观地符合我们的操作需求, streamlining the adoption process 和 facilitating seamless integration into our existing infrastructure”
更高的能见度和控制力
据贝勒特说, one of the things that stood out most about the Rapid7 platform was the agent-based deployment. “The adoption of a unified agent for InsightVM 和 InsightIDR has proven highly advantageous. This singular agent provides exceptional endpoint visibility while maintaining a lightweight 和 user-friendly administration. It effectively enhances our visibility capabilities without imposing excessive resource requirements or administrative complexity.”
“在部署代理的那一刻, 对环境的全面可见性立即可用. We gained actionable insights on vulnerability locations accompanied by risk scoring, 使我们能够集中力量进行有针对性的整治. This built-in prioritisation functionality within the system allows us to efficiently address vulnerabilities, 确保资源优化配置.”
Before InsightVM, they relied on vulnerability reports from a third party, 和 manual checks. “随着InsightVM的实现, we achieved a notable reduction in vulnerability risk within a short timeframe. The adoption of regular reporting 和 the implementation of asset tagging within InsightVM have proven invaluable. This capability has greatly assisted us in prioritising our remediation efforts, 考虑到迅速解决所有脆弱性的挑战. 通过利用InsightVM中的风险评分功能, we can now effectively prioritise the mitigation of high-priority vulnerabilities, 从而优化我们的补救策略.”
The InsightIDR User Behavior Analytics (UBA) functionality also is benefitting Bellette’s team by providing more insight 和, 结果是, 识别危险行为和错误配置以进行补救.
与第三方系统集成
Having a single platform for 脆弱性管理 和 detection 和 response was critical for 国防银行. 贝勒特指出,有了所有必要的工具, 他们本可以在许多不同的平台上结束. “The consolidation of tools not only facilitates a more streamlined operational environment but also accelerates the learning curve 和 proficiency of our analysts. 通过最小化工具数量和利用单一平台, we optimise efficiency 和 enable our analysts to attain a high level of expertise. This unified approach proves highly beneficial for our team's proficiency 和 effectiveness.”
And what about the requirement to integrate with an array of third-party systems? 从一开始, 我们与我们的云服务和各种其他系统无缝集成, 确保快速高效的互操作性.他分享道. “集成的便利性很重要。”.
集中报告,覆盖广泛的系统阵列
Bellette发现的另一个关键好处是集中报告. “从单一平台访问所有所需数据的便利性, 而不是登录到多个门户, 显著提高了我们的运作效率. 这种集中的方法, coupled with Rapid7's ability to ingest logs from our diverse range of solutions, 使我们能够全面了解我们的系统. 结果是, we can effectively streamline our reporting processes 和 efficiently manage any incidents that may arise.”
MDR的安心与24/7覆盖
随着他们的安全需求的增加, they realized a need for continuous coverage that their current team couldn’t support on their own. 是时候提供托管服务了.
“随着时间的推移, the significance of 24/7 coverage across an expanding range of technologies grew exponentially, 强调其在我们的安全格局中日益重要.他分享道. “在几个小时之外收到的警报构成了挑战, 需要在非工作时间进行干预. This realisation underscored the indispensability of a continuous response capability, 因为警报随时都可能发生.”
他们评估了一些托管安全服务提供商, but found the ease of deployment 和 the platform itself to be what they were looking for. Transition to 24/7 was simple as InsightIDR 和 InsightVM was deployed within the environment. Bellette says “The uniqueness about Rapid7 was that it offered more than the other managed services we looked 和 their was a remarkable ease of setup.”
防务银行(国防银行)的团队从数据中获得了更多的安心, 伤检分类, 现在他们正在与Rapid7 MDR合作. “通过实施耐多药耐药性, 我们的事件监控流程随着高效的事件分类而发展. This enables us to forgo checking every single event 和 instead focus on prioritised incidents. We have the assurance that in the event of a significant occurrence within our environment, 我们将收到及时的通知, 使我们能够有效地作出反应.他描述道。. “我们有信心,如果发生任何重大事件, 需要立即对事件作出反应, Rapid7是我们值得信赖的合作伙伴, 给我们一种安全感和内心的平静.”
进一步, the partnership 和 guidance from the Rapid7 team has been instrumental for them in the case of a security incident. Rapid7的MDR方面, accompanied by unlimited remote Incident 响应 和 the presence of a dedicated customer advisor, 是否显著提高了我们的组织能力. 万一发生意外, Rapid7是我们值得信赖的合作伙伴, 能够迅速获得他们的专业知识和支持. 另外, Rapid7's ability to ingest logs from our various cloud solutions 和 endpoints grants us a comprehensive overview, 极大地方便了我们可能遇到的任何事故调查.”
底线
Now that 国防银行 is in partnership with Rapid7, the difference is night 和 day. “I have conveyed to our team that Rapid7 has seamlessly integrated with our information security team, 作为一种宝贵的延伸. 有他们的专业知识供我们使用, we now possess a dependable resource of skilled professionals to rely on whenever an incident arises.贝勒特解释道。. 与耐多药合作, “Our team can prioritise a proactive approach by consistently enhancing controls, 进行全面的威胁分析, 并不断改进我们的安全措施, allowing us to shift our focus from daily alert response to strategic strengthening of our security posture."
在XDR出现之前,insight tidr就是XDR
