“Use Less Tools More”: KinderCare避免工具蔓延,最大化投资回报率,提高效率与Rapid7
关于KinderCare
KinderCare是美国领先的幼儿教育公司. 自1969年开业以来, 幼儿园建立了以社区为基础的中心网络, employer sponsored programs 和 before- 和 after-school sites to meet parent’s where they are. 幼儿园有超过2个,000 locations across 40 states 和 the District of Columbia 和 utilizes a proprietary curriculum with the goal of generating superior outcomes for children of all abilities 和 backgrounds. 幼儿园为孩子们终身热爱学习奠定了基础, 通过建立孩子的信心, 不可动摇的自尊, 和 conviction that our children can carry with them as they take their first steps 和 every step toward taking on the world. 拜伦·安德森(Byron Anderson)是KinderCare的高级信息安全工程师. 他的工作是保护幼儿园家庭的数据, 孩子们, 以及托儿所支持的员工.
挑战
安德森两年前开始担任这一职务. 加入幼托之初, he inherited a h和ful of disparate platforms used to manage the organization’s security posture. 他发现报道并不完整, 缺乏平台的整合, 和 comprehensive security visibility across all of Kindercare’s infrastructure was missing. After in-depth review it became clear that re-architecting 和 changing the security platforms was going to be necessary to create an easily managed 和 supportable security infrastructure that would provide the necessary level of visibility.
事半功倍
安德森的指导思想之一是“少用工具,多用工具”。. Anderson believes that if you pick strong tools 和 use them to their maximum capability you will get more value out of your investments 和 need less tools; this also helps to avoid tool sprawl. 在回顾了几个不同的平台和工具之后, Anderson和他的团队选择了Rapid7 了解平台. They believed that the Rapid7 platform best aligned with Anderson’s philosophy 和 that it would also provide a fast time to value for KinderCare.
“Rapid7拥有如此紧密的生态系统. You’re not needing dozens of tools, each of which you’re only using maybe 20% of,” he explained. “If you get really good tools 和 you use 99% of them, you shouldn’t need as many! Rapid7内置了很多现成的内容.”
The immediate value derived from easily collecting data from other systems 和 quickly turning that from insights into behaviors that are taking place in the environment made it easy for Anderson to convince the company to make the change. 在六个月内,他的团队淘汰了几个旧工具.
快进到满满一盘
今天, KinderCare使用Rapid7的管理检测和响应 (MDR)服务, 以及InsightVM, InsightConnect, 和InsightAppSec. They didn’t intend to necessarily go “all in” with the Rapid7 ecosystem; however, 安德森承认,利用生态系统的好处是有道理的.
- MDR:“我们添加了MDR,因为我们想要全天候覆盖,”安德森分享道. “I had to replace the former solution we had in place, which wasn’t achieving 100% of our needs. 我们在Rapid7 MDR服务中感受到这一点, 利用他们自己的insighttidr, 我们会得到更高的值, 我们是对的.”
So right actually that even though KinderCare only planned to use MDR for a year, 他们选择续约——满怀热情地续约. “我们希望一年之后, 我们将有能力提供更好的全天候服务. But we decided to keep MDR because we’ve just been so happy with it,” he divulged. “与MDR团队的人一起工作非常出色. 他们帮了很大的忙. 所以,我们决定要保持全天候的覆盖.”
- insighttidr:安德森可能是MDR的粉丝, but InsightIDR—the underlying SIEM solution that powers our MDR service—is where his heart is. MDR customers don’t have to get their h和s dirty in InsightIDR if they don’t want to, 但安德森很欣赏这种“亲力亲为”的方式.
“insighttidr是我的面包和黄油,”他笑着说,把它比作一站式商店. “这是我们唯一的一块玻璃. It’s connected to every data source you could think of—different domain controllers, 我们的AWS和Azure业务, 我们的端点保护系统, 我们的电子邮件安全平台, 一切. 我们要尽可能地巩固和集中一切.”
Anderson then shared how he has created a series of dashboards within InsightIDR that provides an “at a glance” of all his different tools 和 services – a sort of health check that he runs every morning.
“I love that Rapid7 is always curating new detections 和 updating their platforms. 这样我就不用做那件事了. 他们有很多我们用的insighttidr警报. I can create my own, but Rapid7 already does such a great job of that,” he shared. He then estimates that for 99% or more of alerts, he trusts Rapid7 to not only create but refine.
- InsightVM: KinderCare uses InsightVM to power their vulnerability management program. They conduct regular scans 和 use reporting from InsightVM to assist in prioritization of patching. “Anytime we see critical vulnerabilities that are maybe not patching-related but more configuration-related, 我们与合适的团队合作,” he explained “We are creating a whole program around that which didn’t exist when I started.”
安德森喜欢他们对自己的弱点有一个全面的了解, 你可以用一种有用的方式来报道它们. “InsightVM creates remediation reports that are focused on the remediation tasks versus log lists of vulnerabilities. 我们可以很容易地把这些报告交给其他团队,而不会让他们不知所措. Before we just had CSV or Excel lists of vulnerabilities without any details on remediation which would quickly overwhelm other teams 和 ultimately result in nothing being done.”
- InsightConnect: As part of their package with InsightIDR 和 InsightVM; KinderCare also received InsightConnect, Rapid7安全编排自动化和响应(SOAR)包. Anderson 和 his team have started to leverage InsightConnect to integrate their Rapid7 platform with other tools that they use such as Slack 和 ServiceNow to create automated workflows saving time on tasks that used to be manual.
最喜欢的功能
当被问及他最喜欢的功能之一时, Anderson didn’t hesitate calling attention to an InsightIDR feature – Log 搜索. “insighttidr中的日志查询是惊人的, 特别是感谢已添加的最新功能. It makes looking into things 和 the speed at which those queries execute so easy,” he beamed. “当我不得不在旧平台上这样做时, 我真的会设置它运行一个查询,然后去买一杯咖啡. 有时调查一些简单的事情要花费我几个小时. insighttidr是闪电般的速度. 它真的减少了我花在这上面的时间, 因为我可以很快地访问和处理这些数据.”
安德森经常利用的另一件事是调查, 这是他每天都要处理的东西. “我喜欢它让调查完全独立的方式. 你可以给它们添加额外的数据,你可以在它们中添加注释. It makes it very easy for us to have a single place where we can manage that,” he shared. “We don’t have to send 一切 out to an external ticketing system 和 manage it all through that. 它完全独立于产品中,这很好.”
智慧之语
结束我们的谈话, Anderson provided some advice for people who are looking for a threat analytics platform or looking for a SIEM that they can get more value out of; “I’ve worked with a lot of different products that operate in the SIEM or security information event management space. Rapid7所做的是独一无二的. insighttidr已经可以做你需要它做的事情,”他认为. “All the detection logic is built in 和 curated 和 it just makes 一切 easy. 我强烈建议您尝试一下.”
在没有开销的情况下获得完整的端到端SOC
