Rapid7 InsightVM帮助Sierra查看医疗中心确定风险优先级并快速修复

Challenge

近年来，医疗保健行业已经成为黑客最喜欢攻击的目标，这已经不是什么秘密了. Patient data is a prized commodity on the cyber underground, and hospitals are seen as an easy target for ransomware attacks, given the mission critical nature of IT systems.

Scott Cheney, information security manager at Sierra View Medical Center, was well aware of these and other threats facing his organization. 但切尼一直在努力获得他所需要的可视性和控制力，以保护端点和服务器. 

Solution

为了获得所需的能见度，切尼选择了Rapid7 InsightVM和insighttidr. InsightVM, the industry-leading vulnerability management platform, 使IT团队能够准确地看到组织中的风险所在, view data in real-time, and assign remediation tasks quickly and easily. InsightIDR, in turn, 是否集成了用户行为分析的检测和调查解决方案, endpoint detection, and visual log search. 

IT Was In The Dark

作为医院唯一的全职信息安全从业者, 切尼需要实时自动洞察风险等级，以便与IT部门分享, networks, and systems staff helping him out day-to-day. 他需要一种简化的方式来优先考虑和分配重要的修复工作给这些同事，以保持系统的修补和弹性.

当他掌舵Sierra View时，唯一的情报来自第三方供应商的季度和两年一次的扫描, 这意味着他和其他人研究的一些数据是六个月前的. It also came with a simple CVSS score, 缺乏他需要的粒度来有效地划分风险的优先级. What’s more, 对切尼和他的同事来说，补救措施“几乎是不可能的”, 谁被迫从电子表格开始工作，并手动确定要修复的内容的优先级.

“我们最终会做的是，任何面向公众的关键问题都会得到修补, and hardly anything internal would get patched,” says Cheney. “It just wasn’t happening before. 它只是在物理上不可能做我们现在做的旧设置.”

Enter Rapid7 InsightVM and InsightIDR

切尼被统一的Rapid7 Insight Agent吸引到insighttidr和InsightVM, which helped to ease deployment headaches. 这些特工还允许他避免在终端上进行认证扫描, for the first time ever, 实时了解他的虚拟桌面环境是如何变化的——这是切尼的另一个重大突破.

Sierra View对InsightVM的云交付模型非常满意. “IT部门已经厌倦了管理更多的系统和维护更多的服务器, so anything cloud, especially when you can prove it works well, was received very easily for our organization,” says Cheney. After just a month and a half, 切尼和他的同事解决了12%的服务器漏洞和7%的VDI漏洞.

Eye-Opening Visibility

没过多久，Sierra View的It人员就注意到了这种差异. InsightVM生成的实时数据已经改变了所有相关的游戏规则. InsightVM提供的详细真实风险评分同样重要, which goes way beyond the 1-10 of CVSS; it’s a 1-1,000 risk score based on factors such as the vulnerability’s age, what exploits are available for it, and which malware kits are used.

“自从部署了InsightVM，它让我们的桌面团队和服务器团队大开眼界，看到了事物的状态. 与风险评分相结合的实时可见性是巨大的，”切尼说. “When we first got the info from the tool ... it was overwhelming the amount of items it put up for us to fix, 因此，拥有实时风险评分是很重要的，它帮助我们集中精力.”

切尼对风险评分的准确性非常有信心，以至于该组织正在使用它们来监控进度并计算整个项目的成功.

A One-Stop Shop

Liveboards是InsightVM的另一个关键特性，Sierra View IT团队利用它取得了很好的效果. 切尼每周检查几次，以动态地监控项目的进展情况, real-time data. While he’s looking at the “big picture,计划正在进行中，将这种可见性推广到技术团队的其他成员. 

Given Cheney is not keen on authenticated scans, 仪表板提供了贯穿整个IT环境的重要且详细的风险视图. “They’re the only place to go to find everything,” he says. “看到新手可以利用的资产比例, 这很可怕，但没有其他工具可以为我们提供整个环境的信息.”

Remediation In A Cinch

As for fixing the issues flagged by InsightVM, Rapid7平台的修复工作流程能力已经变得缓慢, inefficient, and manual process into a much smoother, more efficient setup. Before, 除了外部和关键的漏洞之外，几乎不可能修复更多的漏洞, 因为切尼的团队必须手动通过电子表格来确定优先级并分配结果. 修复任务现在可以根据风险进行优先级排序，并移交给桌面, VDI, server, or networking teams accordingly.

“对他们来说，能够根据最高风险进行分类，并首先打击那些项目，这真的很重要, 因为我们的工作人员是各种各样的，他们全职担心IT运营, not necessarily security full-time,” he explains. “所以对他们来说，能够迅速想出‘嘿，这是我本周可以尝试做的两件事’的想法是非常重要的.”

The results speak for themselves. After just a month and a half, 切尼和他的同事解决了12%的服务器漏洞和7%的VDI漏洞. 在InsightVM之前，IT组织一直处于救火状态, with no idea what their progress was. 现在他们有了可见性和控制力——这对所有相关人员来说都是个好消息.