The 皇家骨科医院 Partners with Rapid7 to Counter Cybersecurity Threats

网络威胁不仅仅是潜在的数据丢失. 它们也可能是生死攸关的问题

Challenge

“We’re a stand-alone, orthopedic hospital with a 20-person IT Department,” Mian says. “Our mission is to protect patient and healthcare records and the IT infrastructure and stop the organization from being attacked by ransomware. 在我们的环境中，有一些系统不能停机. 如果环境中有任何威胁, we need to know; if we don’t know, 结果可能是极端的.” 

A big challenge for Khan and Mian was lack of visibility in the environment. “我们无法确定自己的资产，”米安说. “我们没有工具来提高我们的知名度, discovery and analysis we needed to assess our security posture within the organization. 这是关键的弱点.”

Solution 

皇家骨科医院 implemented Rapid7 InsightVM, InsightIDR and InsightConnect solutions. Rapid7之所以吸引我们是因为它易于部署, 我们是一个小安保团队，这是关键吗. The products are deployed in the cloud and have all the elements that we were looking for in terms of automation, 易于部署和功能,” explains Mian. “We have managed to evolve with the products in the last few months to where we are. 所以，它们很适合我们的操作.”

实时可见性

Khan is a security veteran with more than 20 years of experience with various solutions, including SIEM, 所以他知道医院的安全需要什么. One critical factor was real-time visibility into their environment. “We needed to scan everything in our environment to see what we had,” Khan says. “Often, what we expected to have and what we actually had when we scanned were two different things.” Khan’s focus also extended to tools that could help them investigate and automate their remediation processes. 

皇家骨科医院 is deploying Rapid7 Insight Agents on all end user devices. “如果一个设备离开了我们的环境, we still retain the visibility of 发生了什么? on any particular machine,” states Khan. 

更丰富、更有意义的见解 

“With InsightVM we can scan all the subnets in our infrastructure and have the ability to prioritize what’s most important in terms of patching and remediation,” explains Khan. “InsightVM provides richer information with regard to the risk and prioritization of patching or remediation of vulnerabilities. So, we have more confidence that we are putting our efforts in the right place to reduce our threat landscape.”

“InsightVM helps us contain vulnerabilities in our environment with dynamic and up-to-date reporting. It helps us meet various kinds of compliance and regulatory requirements, 比如英国的DSPT, Cyber Essentials PLUS, and GDPR.

Khan points to another InsightVM benefit that has made his job easier. “The thing that I like about Rapid7, in particular, is that we can define goals & SLAs and create a realistic timeframe to address and track the progress. I don’t think a lot of solutions provides this kind of flexibility”

整个环境的可见性

Khan and Mian have InsightIDR integrated with about 10 systems as event sources, 包括web应用程序和防火墙, DNS, LDAP, DHCP, 活动目录, 用于分析的思科身份服务引擎, DMZ assets, 以及终端用户设备. “We look to InsightIDR to give us visibility across our environment," explains Khan. “它提供了日志汇总和用户行为分析, 我们可以看到各种新发现的资产, 以及任何已登录到该环境的新用户.”

“insighttidr提供威胁情报. We also get the feeds regarding any system that is inactive in our environment, look at the ingress and egress traffic patterns to find any abnormalities. Rapid7 honeypots also help identify if someone is probing the network which adds another layer of security”

现实的警报 

“InsightIDR gives us real-time alerts about whatever is happening in the environment which is really useful in detecting suspicious user or device behavior. 可见性是任何现代IT环境中的关键, Rapid7为我们提供了急需的环境可见性.”

Equally important to Khan is the knowledge that they are getting true alerts and not the false positives. “I can happily say that the alerts that come from Rapid7 are quite realistic. I’m not bombarded with the false positives so I can focus on what’s important to the Trust security.”

使用自动化扩展操作

Mian and Khan also are working on automating their incident response using InsightConnect , Rapid7的安全编排自动化和响应(SOAR). 他们期待着InsightConnect 扩展库 which offers hundreds of plug-ins and pre-built workflows that they can customize to streamline the process of security automation. 

Meeting the Critical Security Requirements of Healthcare Providers

Khan and Mian both agree that Rapid7 has helped them achieve their major security goals. “我们需要实时观察我们的环境, 发生了什么?, 为了保持领先地位, 为了积极主动, 因为如果我们不是, 它实际上会导致人的生命损失, 因为这是医院的环境. Rapid7帮助我们实现了可见性的目标, staying on top of the threat landscape and meeting operational security objectives.”

“Rapid7拥有一系列出色的产品, to be honest, 它们特别适合医疗保健行业,汗总结道。.