Rapid7 InsightVM在云端为中心牙科提供价值

Challenge

在今天的环境下, healthcare-focused companies are attractive targets for cyber-criminals looking to monetize ransomware and data theft. In fact, there were over 500 reported data breaches of 500+ records in the vertical last year alone—a 196% increase from 2018, 根据… HIPAA期刊报告. These concerns are top of mind for 中心牙科’s IT security team, who work diligently to ensure the optimal protection of their data.

Solution

InsightVM 是Rapid7的旗舰漏洞风险管理解决方案吗, 提供对本地的全面可见性, remote, cloud, containerized, 以及通过轻量级实现的虚拟基础设施 Insight Agent. 它将不同的团队团结在一个单一的真相来源周围, enabling them to translate vulnerabilities into business risk and prioritize more effectively.

寻找更好的解决方案

中心牙科 has major HIPAA compliance demands to meet within their security protocols. Historically, this had kept most of its IT infrastructure on-premises—but increasingly over recent years, the company considered the benefits of cloud migration and remaining secure and compliant, 据吉尔摩说. 这导致了对Office 365、Azure和AWS的投资.

作为这些广泛的数字化转型努力的一部分, the IT team realized that its current vulnerability management tooling was no longer fit-for-purpose. The legacy Tenable solution it had in place was too manual and error-prone.

“We knew it was possible to achieve more accurate reporting,” explains Petty:

“We needed a solution that was going to be precise because we would be reporting to the business KPIs and metrics out of our vulnerability management program. 我们知道我们不能用传统的解决方案做到这一点.”

一个概念验证过程被触发, having used Rapid7 for several years in the form of Nexpose and Metasploit Pro, Gilmore入围了InsightVM. Additionally, the Insight cloud  platform was appealing due to its clear product roadmap and ease-of-use.

“中心牙科 is focused on efficiencies within our processes and systems,” says Petty. “So, 每当我们评估产品和供应商时, we have to make sure it's a good fit for the team and that it's going to help optimize our workload while helping us provide greater security.”

快速实现价值

在Heartland的POC和渗透测试中, InsightVM immediately discovered areas of possible vulnerability missed by the incumbent legacy solution.Gilmore and Petty agreed to proceed with InsightVM and deployment of the agents was seamless—which was crucial given that COVID-19 was about to force mass remote working on the nationally-dispersed organization.

“在COVID的情况下, we knew we weren't going to be able to get data from doing network-based scans over the VPNs,” says Petty. “So, one of the very first things we did was deploy the Insight Agent. It was a huge win for us to be able to push out unlimited agents to our corporate employees to go work from home.” Leveraging their existing deployment process with Microsoft SCCM, 哈特兰牙科公司在全国各地部署了数千名特工,000多个地点，扫描了42个,在很短的时间内就能赚到一万块资产.

InsightVM has already positively impacted the organization’s security management. 除了帮助降低远程工作者的网络风险, the reliability of the scans themselves and the intuitive reporting and dashboards functionality were a big win. It has also helped to focus the minds of disparate teams by tagging owners of exposed systems and providing them with a third-party risk score and clear path to remediation.

A monthly scorecard meeting now brings together IT leadership to view their top assets by risk score and plan strategically to reduce these scores and fix any issues affecting the firm’s most critical assets. The cumulative effect of these improvements has helped Gilmore to mature the organization’s IT security program.

“The reports and the export to PDF or CSV have allowed us to build a stronger dashboard for the information security team and the vulnerability management life cycle,吉尔摩解释道. “We’re able to demonstrate possible vulnerabilities to others in IT and beyond and show our progress in remedying them.”

保护他们的数字转换和应用层

至于未来，哈特兰牙科正在计划部署 InsightAppSecRapid7的动态应用程序安全测试(DAST)产品. 扫描云和本地环境, it automatically analyzes web apps to identify vulnerabilities like SQL Injection, XSS, and CSRF, whilst offering powerful reporting for compliance and remediation. The organization wanted a tool that could scan both mission-critical internal web servers and external-facing web servers.

“我们开发了很多内部应用程序. One thing that we're really focusing on is patient-facing technology, allowing patients to visit a supported dental office website and schedule their appointment or complete various other patient-related activities,吉尔摩解释道。. “So, scanning those APIs that are open externally or the web servers will be the key.”

As the pandemic accelerates digital transformation and patient-centric online experiences, 哈特兰牙科显然是在进步的前沿. 正如该公司巧妙地证明的那样, they’re creating world-class security for their supported dental practices and the company as a whole.