Pioneer Telephone Partners with Rapid7 to Secure Critical Communications Services

Challenge

先锋公司面临的最大网络安全挑战是如何通过一个小团队来管理越来越多的漏洞. Their challenge is compounded by new types of high profile, yet deeply embedded, vulnerabilities, such as Log4Shell. “对于我们来说，询问开发人员和系统管理员是否使用特定类型的软件子组件要困难得多，因为他们只知道他们购买的顶级软件. And so, it’s a lot harder to have that visibility, to understand what’s being used under the hood in all these applications,” Hernandez says.

Solution

先锋使用NIST网络安全框架(NIST- csf)对其安全计划进行基准测试. 埃尔南德斯说:“第一步是主动识别漏洞. “You’ve got to be able to identify what you’ve got and where you’ve got it. That is where Rapid7 InsightVM helps. The next thing is to detect potential attacks and threats. And detection is where Rapid7 InsightIDR comes into play. Whether it’s happening in real-time or in the past. That’s the biggest step.” 

Pioneer方法的另一个重要部分是使用Rapid7 InsightAppSec来弥补内部开发的应用程序的安全漏洞. “我们的主要目标是查看由内部程序员编写并可供外部用户使用的应用程序,” states Hernandez. “And I’ll tell you, 我们发现很多东西很容易修复，但它们可能真的很危险.”

Identify Critical Assets And Prioritize Vulnerabilities with InsightVM

可见性对先锋安全团队的重要性再怎么强调都不为过. “For me, it’s about identifying the critical assets and workloads. Even though I know I can’t fix 100% of all the vulnerabilities that are out there, just knowing what and where those issues are, and which of those issues impact critical assets and workloads, is the first step to fixing things in the future,” explains Hernandez. With InsightVM the Pioneer security team can prioritize and manage vulnerabilities much more effectively; they can see clearly what needs to be tackled first. 

For example, InsightVM使Hernandez能够评估他从CISA(网络安全和基础设施安全局)收到的每周电子邮件。. “I see the vulnerabilities and ask: ‘Do we have this stuff?’ That’s where InsightVM comes in, it helps me know what we really have and what we don’t have, so we know which of the vulnerabilities apply to us.That is one of the things we value most about InsightVM; it has the capacity to pinpoint actively-exploited vulnerabilities, so we can prioritize and direct our attention where it’s needed most.” 

InsightIDR Provides Critical Alerts

“We get alerts within the IDR platform that we do have to work on,” add Hernandez. “We identify the threat if there is one. 一旦我们发现了它，我们就会联系那些受其影响的人，并从那里开始我们的应对措施. We can decide to isolate the machine, or to wipe it completely. It just depends on what we’re seeing.” 

先锋安全团队不会很快忘记的一个安全事件是高度公开的太阳风攻击. “几年前，我们是最初受到攻击的26个组织之一,” Hernandez says. “但我们有insighttidr，所以我们当时就知道这些指标是什么, 因此，我们可以在历史背景下回顾这些指标，并从日志中得出结论，我们的数据没有被泄露.“insighttidr绝对是无价之宝，因为它知道没有其他东西受到影响. Otherwise, 我们本可以花几千美元请法医来证明什么都没发生。”.

For Hernandez, the historical information they get from IDR is a huge benefit. “Knowing that I’ve got all of those logs, that I can go back and look at any time I need to, 在事件发生后回头看看，并知道我有足够的日志记录来了解发生了什么, if anything, is critical.”

Nurturing Developer Relationship with InsightAppSec

Hernandez正在与他的IT同事密切合作，为安全带来综合方法，insightappsec是这一战略的重要组成部分. “我们的许多开发人员没有安全背景，无法真正理解潜在的问题. And our security team does not have in-depth developer knowledge,” he adds. 但InsightAppSec提供的所有证据都为我们提供了真实的论据，因此我们可以根据InsightAppSec提供的证据解释我们所看到的问题. And then identify the solutions available. This is very helpful.” 

Hernandez和他的安全团队现在定期与内部开发人员会面，讨论新的内部应用程序出现的任何问题. “That’s really our way of having an open, ongoing dialogue with our programmers. Instead of just saying to them: ‘Hey, please go fix your stuff.InsightAppSec帮助我们弥合了程序员和安全团队之间的沟通差距.” 

The security team is doing the same with InsightVM; opening those doors and having those conversations on a regular basis with the system admins. Rapid7产品将继续帮助弥合差距，培养这些关系，并使他们在安全方面保持最新速度. That’s going to help all the way around.”

Integrated Security Solutions

Hernandez的另一大优势是集成Insight平台的效率. “拥有一个单一的支持联系点，这样你就不必为不同的供应商打开订单，这为我们节省了很多时间. Also, 我们喜欢InsightVM和insighttidr相互通信的方式，这样您就可以识别检测并查看影响特定用户或资产的漏洞.” 

通过消除潜在的兼容性问题，为InsightVM和insighttidr提供单个代理也是非常有益的,saving time in installation and maintenance, 直接从我们的线人那里接收详细的漏洞和威胁信息. “单一的统一代理还允许先锋扩展其基础设施的各个部分的覆盖范围. “We do have a lot of folks out in the field,” Hernandez says. “Having those ties back to the agent, having those agents report over the internet, not having to be connected to the corporate network, that was a huge gain for us.” 

A True Cybersecurity Partnership

For Hernandez and his Pioneer team, 目标是在他们所保护的基础设施景观中稳步改善风险降低. “In cybersecurity, you don’t get to check a box very often. Being able to show progress towards that goal is important. That’s a big value Rapid7 provides us.” 

Above all else, Hernandez values the partnership with Rapid7. “The best thing is the partnership and conversations with Rapid7 product managers, 也知道Rapid7真的想要改进他们的产品，让它们对客户有用,” concludes Hernandez. That’s the first thing that attracted me to Rapid7, and it still does today. That partnership is the number one thing that I’ve really appreciated.”