先锋电话与Rapid7合作，确保关键通信服务的安全

挑战

The biggest cybersecurity challenge facing Pioneer is the ability to manage increasing levels of 漏洞 with a small team. 新型的高调让他们面临的挑战更加复杂, 但深深扎根于, 漏洞, 例如Log4Shell. “It’s a lot tougher for us to ask our developers 和 system admins if they use a specific type of sub-component of software because they only know about the top-level software that they purchased. 所以, 这样的能见度要难得多, 了解所有这些应用程序的底层使用的是什么,埃尔南德斯说.

解决方案

Pioneer uses the NIST Cybersecurity Framework (NIST-CSF) to benchmark their security program. “The number one step is to proactively identify the vulnerability,” says Hern和ez. “你必须能够确定你有什么，你在哪里得到它. 这就是Rapid7 InsightVM的作用所在. 下一步是检测潜在的攻击和威胁. 而检测正是Rapid7 insighttidr发挥作用的地方. 不管是现在发生的还是过去发生的. 这是最大的一步.” 

Another important part of the Pioneer approach is using Rapid7 InsightAppSec to bridge the security gap for applications developed internally. “Our primary goal was to look at apps coded by our internal programmers 和 available to outside users,埃尔南德斯说. “我来告诉你, we found a lot of things that were easy to fix but they could have been really dangerous.”

使用InsightVM识别关键资产并优先考虑漏洞

It is difficult to overstate how important visibility is for the Pioneer security team. “对我来说，这是关于识别关键资产和工作量. 即使我知道我不能100%修复所有的漏洞, 知道这些问题是什么，在哪里, 哪些问题会影响关键资产和工作负载, 这是未来解决问题的第一步吗,埃尔南德斯解释道. With InsightVM the Pioneer security team can prioritize 和 manage 漏洞 much more effectively; they can see clearly what needs to be tackled first. 

例如, InsightVM enables Hern和ez to evaluate the weekly emails he gets from CISA (Cybersecurity 和 Infrastructure Security Agency). “我看到了漏洞，然后问:‘我们有这种东西吗?这就是InsightVM的用武之地, 它帮助我知道我们真正拥有什么，我们没有什么, 所以我们知道哪些漏洞适用于我们.That is one of the things we value most about InsightVM; it has the capacity to pinpoint actively-exploited 漏洞, 这样我们就能分清轻重缓急，把注意力放在最需要的地方.” 

insighttidr提供关键警报

Hern和ez补充说:“我们在IDR平台上收到警报，我们必须努力。. “如果有威胁，我们会识别出来. Once we’ve identified it, we contact those who are affected by it 和 go from there on our response. 我们可以决定隔离机器，或者完全清除它. 这取决于我们看到的是什么.” 

One security event that the Pioneer security team will not soon forget was the highly-publicized SolarWinds attack. “We were one of the original 26 organizations hit by the attack a couple of years ago,埃尔南德斯说. “But we had InsightIDR in place so we knew at that time what those indicators were, so we could go back 和 look at those indicators in a historical context 和 tell conclusively from the logs that our data was not exfiltrated.” InsightIDR was absolutely priceless in knowing that there was nothing else affected. 否则, we would’ve spent thous和s of dollars to bring in forensics folks to find out that nothing actually happened”.

对埃尔南德斯来说，他们从IDR中获得的历史信息是一个巨大的好处. “知道我有所有的原木, 我随时都可以回去看, to go back 和 look at an incident after the fact 和 know that I’ve got sufficient logging in place to underst和 what had happened, 如果有什么区别的话, 是至关重要的.”

利用InsightAppSec培养开发者关系

Hern和ez is working closely with his IT colleagues to bring an integrated approach to security 和 InsightApppSec is an important component of this strategy. “A lot of our developers did not have the security background to really underst和 potential problems. 而且我们的安全团队没有深入的开发人员知识。. “But all the evidence provided by InsightAppSec gives us real talking points so we can explain the issues that we’re seeing based on evidence provided by InsightAppSec. 然后找出可用的解决方案. 这很有帮助.” 

Hern和ez 和 his security team now meet regularly with their in-house developers to cover any issues that arise with new internal applications. “这确实是我们与程序员进行公开、持续对话的方式. 而不是对他们说:“嘿，请去修理你的东西。.’ InsightAppSec has helped us bridge the communication gap between our programmers 和 our security team.” 

The security team is doing the same with InsightVM; opening those doors 和 having those conversations on a regular basis with the system admins. “The Rapid7 products will continue to help bridge the gap 和 nurture those relationships 和 bring them up-to-speed on the security aspects of things. 这对整个过程都有帮助.”

综合安全解决方案

Another big plus for Hern和ez is the efficiency of the integrated 了解平台. “Having a single point of contact for support so you don’t have to open up tickets for different vendors saves us a lot of time. 也, we like how InsightVM 和 InsightIDR communicate with each other so you can identify a detection 和 see what 漏洞 are affecting a specific user or asset.” 

Having a single Agent for InsightVM 和 InsightIDR is also really beneficial by eliminating potential compatibility issues,节省安装和维护时间, 和 receiving detailed vulnerability 和 threat information directly from our assets. ”A single unified Agent has also allowed Pioneer to extend coverage across various parts of their infrastructure. 埃尔南德斯说:“我们确实有很多人在野外工作. “把这些联系回到特工身上, 让那些特工通过互联网报告, 不需要连接到公司网络, 这对我们来说是一个巨大的收获.” 

真正的网络安全伙伴关系

埃尔南德斯和他的先锋队, the goal is steady improvement in risk reduction across the infrastructure l和scape they protect. “在网络安全领域，你不会经常打勾. 能够展示朝着这个目标取得的进展是很重要的. 这是Rapid7提供给我们的一个很大的价值.” 

最重要的是，埃尔南德斯重视与Rapid7的合作. “最好的事情是与Rapid7产品经理的合作和对话, 和 the knowledge that Rapid7 really wants to improve their products 和 make them useful for customers,埃尔南德斯总结道. 这是Rapid7吸引我的第一件事，直到今天它仍然如此. 这种合作关系是我最欣赏的.”