Rapid7提供信心,信誉和无与伦比的客户服务
Industries
Company Size
Customer Website
About Chemung Canal Trust Company
Since 1833, Chemung Canal Trust Company has provided continuous, 向纽约州中南部提供先进的金融和信贷服务. Only two years earlier, the first steam-propelled locomotive made its initial trip from Albany to Schenectady; stage coach lines were still big business; the Chemung Canal had just opened; and the Erie Railroad was still a dream. 公司的使命是保持一个强大和独立的金融服务机构,为股东创造价值, clients, employees and the communities where they do business, while maintaining the highest standards of business ethics.
The Challenge
克里斯托弗·康克林(Christopher Conklin)是埃尔米拉Chemung运河信托公司(CCTC)的首席信息安全官, New York, where he oversees the work of two information security analysts. 一年多前,他们决定与Rapid7签约,因为他们需要更多地了解他们的信息架构,以最好地完成他们的核心使命. Rapid7的InsightVM和insighttidr使他们能够高效,快速,轻松地完成此操作.
The Solution
Virtually as soon as they signed on with Rapid7’s InsightIDR platform, CCTC能够快速建立已知活动的基线,并突出显示任何异常, such as failed authentication attempts and potential lateral movement. “对我们来说,为我们认为需要监控的活动(比如账户删除)创建自定义警报非常容易, nslookup commands and inactivity on specific log sources,” he recalled.
According to Conklin, the built-in detection rules that Rapid7 provides are phenomenal, 但他的团队特别高兴的是,他们能够创建适合他们组织的特定规则. “The logging capabilities are very, very robust,” he explained. “它确实有助于从一块玻璃上看到风险,否则我们可能会错过.”
“We had considered some other security tools, but we felt they were inferior to what Rapid7 could offer,” divulged Conklin. “我们有一个供应商选择过程,我们审查Rapid7与其他竞争对手. 但是Rapid7在易用性和可见性方面远远超过了它的竞争对手. The time it took to implement was very, very short. We were up and running within a few hours.”
Conklin didn’t hesitate to delve into specific examples, honing in on the visibility of their vulnerabilities. “We thought we had a good handle on our vulnerabilities. 但InsightVM的扫描代理向我们展示了我们必须解决的现有漏洞,” he listed. “From a day-to-day perspective, when we’re in there, everything is seamless and just works well together. 如果我们正在研究一个漏洞,我们可以看到它与检测的关系. 如果我们正在观察一个检测,我们可以看到它与漏洞的关系. That helps us prioritize things before we address them. That means we can accurately chart our course day-to-day.”
Confidence and Credibility
Rapid7对CCTC的另一个好处是对他们的发现有了更大的信任, knowledge and conclusions. “In most complex organizations, 并不总是有一个特定的人或一个团体知道一切,” mused Conklin. “但我们能够利用我们对Rapid7的投资成为权威. 我们能够确定我们了解组织中正在发生的事情,并确定一些以前未知的事情.”
根据Conklin的说法,Rapid7为他们的观察和发现提供了可信度和信心. “而不是四处检查所有这些不同的数据源(身份验证源), netflow information, endpoint activity) and wondering how they align with each other, Rapid7 provides a much more holistic, clear depiction of what’s going on in our environment. And we trust that depiction,” he explained.
Prolific Patching
InsightVM每月为CCTC节省了几个小时的补丁时间. “该产品有助于突出你真正的痛点,而不是你认为的痛点, so we were able to save a lot of time,” Conklin shared. 其中一个节省时间的机会是针对给CCTC带来最高安全风险的漏洞的补救项目. Once created, 这些项目帮助IT团队瞄准特定的修补措施,并最大化他们的修补工作的回报.
“Rapid7还拥有许多敬业且经验丰富的专业人员,只需拨打一个电话即可, 所以如果你不能真正理解它或者你对你应该追求的指标感到困惑, you can consult with them and they will help you build your program,” he recommended. “So, that’s something that we did early on. We consulted with them to ask, Look, 我们认为我们已经很清楚我们应该追踪哪些参数,以及我们应该减少哪些内容, but what’s your perspective? And they were very, very helpful.”
Dynamic Detection
When asked about his favorite features of Rapid7, Conklin确定了该平台改进其检测规则的意愿和能力. “当新的威胁出现时——它们总是出现——我们通常会有同样的担忧. What’s our reaction time? How quickly can we scan for them? 如果是在我们的环境中,检测规则更新的速度有多快?”
幸运的是,Rapid7经常更新检测规则和扫描代理. 康克林甚至可以在每周与客户服务团队的电话会议上回顾这些清单——他对这些清单的更新速度印象深刻. “It provides a lot of leverage. 也许我们的执行团队中有人正在阅读一篇文章,他们看到了一个主题. They often reach out to us, and we’re already well-positioned, thanks to Rapid7, to address those concerns,” he beamed.
Customer-Centric
康克林在寻找网络安全平台时最担心的是, after buying a product, his team would be left to fend for themselves. But he quickly learned that he had no need to worry about that. “In my 25 years of being a technology professional, 我从来没有发现过一群人像Rapid7那样致力于一个组织的成功,” he enthusiastically revealed, 甚至把他的客户服务顾问称为他团队的延伸成员.
“Everybody at Rapid7 is very quick to help. They’re always checking in, touching base. It’s not a set-it-and-forget-it mentality; there’s a constant synergistic dialogue,” he described. “They’re very, very committed to helping organizations succeed. 技术、流程、检测规则等等,都很棒. 但实际上,对于我们这样的组织来说,是员工让它成为一个增值的主张.”
“A few years ago, I even called the Rapid7 SOC on Christmas morning,” he recalled, chuckling while sharing a concluding anecdote. “我们没有看到我们通常期望看到的常规检测, so I was a little bit concerned. It was a legitimate concern. I actually called them at about 6:00 am. I thought I’d have to wait hours for somebody to call me back, but I had a callback within five minutes. And they were very pleasant, helpful, and informative. We spent a few hours going through everything. This individual knew that I wasn’t okay with what I was seeing. 我在其他组织也尝试过,但效果不太好. It never felt like they Rapid7 was trying to end the call.”
在整个基础架构中自动发现和修复风险
