安曼医疗保健合作伙伴 With Rapid7 to Redefine Cybersecurity for a Digital Age

所面临的挑战

Having recently acquired 28 organizations of varying sizes–from startups with 30-50 employees, 一个由2人组成的组织,500, 每个人都有自己的办公室, 政策, 和框架, AMN需要一个统一的, futureproof security platform to integrate these organizations into their corporate structure. They needed to ensure that every organization was following a singular security st和ard for 检测ion 和 response.

解决方案

AMN 医疗保健 looked to Rapid7 管理检测和响应 (MDR) for a next-gen monitoring solution. 一旦上了MDR, AMN希望rapid7的安全平台能解决其他问题, 增加InsightVM进行漏洞风险管理, InsightAppSec for last, InsightConnect for key automations 和 InsightCloudSec for cloud risk 和 compliance.

从护城河到边缘

摩尼马苏德, AMN医疗保健信息安全高级主管, 他的7人安全团队监管着一个相当复杂的IT环境. 超过10个,6个办事处的000名用户, 三个数据中心, 多个国家, 和 a newly distributed remote workforce due to COVID-19 和 a new hybrid work model, 他们知道他们需要一个策略来保护他们免受网络犯罪的侵害.

Mani回忆起AMN医疗保健领导人设定的基调和方向, “当我们以敏捷的方式前进时, 虚拟, 数字, 和人工智能计划, 至关重要的是，我们在网络安全方面保持警惕. Only by fully integrating security into our technology efforts can we truly reap the benefits of 数字 transformation while safeguarding the success of our business 和 the trust of our customers,马克·哈根说, 首席信息和数字官.

“Before COVID-19, the entire security posture was, Let’s make a moat,” recalled Masood. “Let’s have high castle walls 和 towers to keep eyes on who is coming in 和 going out.“然而，在COVID之后，他们对如何工作的概念发生了变化. 这一转变为AMN 医疗保健带来了安全挑战，因为突然之间, “我们没有六个, 八个, 或十个区域办事处. 我们有6个,000 regional offices because everyone’s home becomes an office with a home network that we don’t have any visibility into or control over.”

重新构想SOC

在使用Rapid7 MDR之前，AMN依赖于外包SOC. 然而, they found that they were able to flag 和 respond to events before the outsourced SOC could analyze the alert. 随着AMN 医疗保健在资产数量上的增长和变得更加分散, they needed a solution that worked quickly 和 in lockstep with their team–an MDR that takes 检测ion 和 response from end-to-end 和 actually helps them with response.

在评估MDR供应商时，Rapid7脱颖而出. “With Rapid7, it just felt like we were talking to our internal IT department,” said Masood. “It felt as though we all were working on the same objective; solving the same problem.”

积极主动的监测方法

AMN 医疗保健 was determined to be more proactive by adding a technology that monitored everything simultaneously while weeding out anything they didn’t need to worry about. 这是转向Rapid7 MDR的主要动力.

“Rapid7 MDR不仅管理, 检测, 并使用日志进行响应, 它实际上在我们的边缘,马苏德解释道。. “We now have an agent on user devices in thous和s of work-from-home locations. Rapid7 MDR提供了我们所需的深度支持. It does more than just collect 和 send logs, it is actively looking for threats. 如果发现威胁，它会立即拦截. 正是这种前瞻性的部分使Rapid7 MDR成为我们一个有效的项目.”

Rapid7 Technology完成交易

马苏德表示，Rapid7的机器学习能力促成了这笔交易. “The tech actually learns from the events coming in 和 the nature of those events, 然后在整个Rapid7视野中交叉引用它们. 然后, the second layer of the Rapid7 MDR SOC team steps in validating the findings 和 AI analysis 和 bringing it down to only the critical alerts–the small number of alerts that we need to address.”

With Rapid7 MDR, the AMN 医疗保健 team was able to reduce noise 和 false positives. They loved that the Rapid7-built technology could simplify 和 validate everything they were seeing in their dashboards. “通过Rapid7，我们正在购买技术、专业知识和自动化,马苏德说。.

Rapid7中的自动化功能是一个增值功能. “When we saw some of the things that we could do with InsightConnect within the MDR platform, 我们印象深刻. 这是一个很好的附加价值, 因为每当我们决定自动化某件事, 我们不需要去学习新的语言.”

平台解决方案的优势

“一旦我们添加了这两个工具，我们的方法就改变了. 我们决定着眼于整个Rapid7平台。”Masood说. “We’ve been able to build our reporting 和 dashboards, as well as streamline our processes. 同一个代理人，我们能做的就越多, 使用相同的自动化工具和相同的SOC, 更好的. 它给了我们规模经济. 我们不需要不断学习新的工具. 支持变得更容易. 集成变得更容易. 这就是Rapid7成为我们核心安全技术的原因.”

AMN 医疗保健 next looked to address its gap in DAST scanning 和 implemented Rapid7 InsightAppSec. “The ability to integrate the DAST scanning with the same InsightConnect tool 和 automate work processes was the leading decision-maker,马苏德说。. 我们能够以一种优化的方式弥补安全漏洞, 因为我们不只是买个盒子然后堵个洞. 现在, we’ve got a solution that ties in with the rest of the technology 和 we can deepen our automation.”

AMN 医疗保健 also added InsightVM to reduce the number of agents–a critical factor for their team. “这是一个非常有价值的主张. 你把所有的东西都交给了一个特工. This is a major pain point for security departments everywhere,马苏德解释道。. He added that this single agent has reduced the lead time between the exposure of a vulnerability 和 the vulnerability becoming an active exploit from days to just hours.

AMN 医疗保健’s current goal is to unify everything under a single technology platform. “Each technology, each agent means more support investment from our side,” said Masood. “We’re a small team 和 the worst thing that can happen is for team members to be constantly switching between consoles 和 dashboards, 登录和退出. 我们想要单一的平台，单一的外观和感觉，以及单一的语言.”

重要的伙伴关系

如今，Rapid7是AMN 医疗保健内部安全团队的扩展. They speak regularly with their Rapid7 Customer Advisor 和 work directly with the Rapid7 SOC. “We don’t get the feeling at any point in time we’re working with someone who’s not part of the AMN team - the way we talk, 我们提出关切的方式, 我们获得反馈的方式, 总是一个团队,马苏德说。.

不同的kpi，共享的结果

至于结果, AMN 医疗保健提到了易用性, 前期成本, 总拥有成本, 和集成能力是他们使用Rapid7获得积极ROI的首要因素.

在数字方面，结果是明确的. 1的,Rapid7在2022年为AMN 医疗保健进行236项调查, 90%的邮件在30-60分钟内收到. 此外, 100% percent of the machines that had Rapid7 deployed on them were 100% effective to deal with a threat that they were presented with. 在人的方面, Masood enjoys the fact that his team can now be more proactive 和 start thinking in a way a threat actor does. 他们现在可以在出现问题之前解决问题.

他对其他考虑Rapid7的人的建议非常明确. “不要犹豫，”他催促道. “你将在Rapid7中蓬勃发展，你的程序将进入一个新的水平.”