KinderCare是美国领先的幼儿教育公司. 自1969年开业以来, 幼儿园建立了以社区为基础的中心网络, employer sponsored programs 和 before- 和 after-school sites to meet parent’s where they are. 幼儿园有超过2个,000 locations across 40 states 和 the District of Columbia 和 utilizes a proprietary curriculum with the goal of generating superior outcomes for children of all abilities 和 backgrounds. 幼儿园为孩子们终身热爱学习奠定了基础, 通过建立孩子的信心, 不可动摇的自尊, 和 conviction that our children can carry with them as they take their first steps 和 every step toward taking on the world. 拜伦·安德森(Byron Anderson)是KinderCare的高级信息安全工程师. 他的工作是保护幼儿园家庭的数据, 孩子们, 以及托儿所支持的员工.
安德森两年前开始担任这一职务. 加入幼托之初, he inherited a h和ful of disparate platforms used to manage the organization’s security posture. 他发现报道并不完整, 缺乏平台的整合, 和 comprehensive security visibility across all of Kindercare’s infrastructure was missing. After in-depth review it became clear that re-architecting 和 changing the security platforms was going to be necessary to create an easily managed 和 supportable security infrastructure that would provide the necessary level of visibility.
安德森的指导思想之一是“少用工具,多用工具”。. Anderson believes that if you pick strong tools 和 use them to their maximum capability you will get more value out of your investments 和 need less tools; this also helps to avoid tool sprawl. 在回顾了几个不同的平台和工具之后, Anderson和他的团队选择了Rapid7 了解平台. They believed that the Rapid7 platform best aligned with Anderson’s philosophy 和 that it would also provide a fast time to value for KinderCare.
“Rapid7拥有如此紧密的生态系统. You’re not needing dozens of tools, each of which you’re only using maybe 20% of,” he explained. “If you get really good tools 和 you use 99% of them, you shouldn’t need as many! Rapid7内置了很多现成的内容.”
The immediate value derived from easily collecting data from other systems 和 quickly turning that from insights into behaviors that are taking place in the environment made it easy for Anderson to convince the company to make the change. 在六个月内,他的团队淘汰了几个旧工具.
今天, KinderCare使用Rapid7的管理检测和响应 (MDR)服务, 以及InsightVM, InsightConnect, 和InsightAppSec. They didn’t intend to necessarily go “all in” with the Rapid7 ecosystem; however, 安德森承认,利用生态系统的好处是有道理的.
So right actually that even though KinderCare only planned to use MDR for a year, 他们选择续约——满怀热情地续约. “我们希望一年之后, 我们将有能力提供更好的全天候服务. But we decided to keep MDR because we’ve just been so happy with it,” he divulged. “与MDR团队的人一起工作非常出色. 他们帮了很大的忙. 所以,我们决定要保持全天候的覆盖.”
Anderson then shared how he has created a series of dashboards within InsightIDR that provides an “at a glance” of all his different tools 和 services – a sort of health check that he runs every morning.
“I love that Rapid7 is always curating new detections 和 updating their platforms. 这样我就不用做那件事了. 他们有很多我们用的insighttidr警报. I can create my own, but Rapid7 already does such a great job of that,” he shared. He then estimates that for 99% or more of alerts, he trusts Rapid7 to not only create but refine.
安德森喜欢他们对自己的弱点有一个全面的了解, 你可以用一种有用的方式来报道它们. “InsightVM creates remediation reports that are focused on the remediation tasks versus log lists of vulnerabilities. 我们可以很容易地把这些报告交给其他团队,而不会让他们不知所措. Before we just had CSV or Excel lists of vulnerabilities without any details on remediation which would quickly overwhelm other teams 和 ultimately result in nothing being done.”
当被问及他最喜欢的功能之一时, Anderson didn’t hesitate calling attention to an InsightIDR feature – Log 搜索. “insighttidr中的日志查询是惊人的, 特别是感谢已添加的最新功能. It makes looking into things 和 the speed at which those queries execute so easy,” he beamed. “当我不得不在旧平台上这样做时, 我真的会设置它运行一个查询,然后去买一杯咖啡. 有时调查一些简单的事情要花费我几个小时. insighttidr是闪电般的速度. 它真的减少了我花在这上面的时间, 因为我可以很快地访问和处理这些数据.”
安德森经常利用的另一件事是调查, 这是他每天都要处理的东西. “我喜欢它让调查完全独立的方式. 你可以给它们添加额外的数据,你可以在它们中添加注释. It makes it very easy for us to have a single place where we can manage that,” he shared. “We don’t have to send 一切 out to an external ticketing system 和 manage it all through that. 它完全独立于产品中,这很好.”
结束我们的谈话, Anderson provided some advice for people who are looking for a threat analytics platform or looking for a SIEM that they can get more value out of; “I’ve worked with a lot of different products that operate in the SIEM or security information event management space. Rapid7所做的是独一无二的. insighttidr已经可以做你需要它做的事情,”他认为. “All the detection logic is built in 和 curated 和 it just makes 一切 easy. 我强烈建议您尝试一下.”