Rapid7 > 实例探究 > From Crisis to Confidence in Only Hours: How Rapid7 Became a Security Sommelier

From Crisis to Confidence in Only Hours: How Rapid7 Became a Security Sommelier

Rapid7 Logo
公司规模
Mid-size Company
地区
  • Europe
国家
  • United Kingdom
产品
  • Nexpose
  • InsightIDR
技术栈
  • User Behavior Analytics
  • Endpoint Detection
  • Visual Log Search
实施规模
  • Enterprise-wide Deployment
影响指标
  • Customer Satisfaction
  • Digital Expertise
  • Productivity Improvements
技术
  • 分析与建模 - 预测分析
  • 网络安全和隐私 - 端点安全
  • 网络安全和隐私 - 网络安全
适用功能
  • 商业运营
  • 质量保证
用例
  • 入侵检测系统
  • 远程资产管理
  • 安全索赔评估
服务
  • 网络安全服务
  • 系统集成
  • 培训
关于客户
Liberty Wines is a small but globally dispersed, multi-award winning wine business headquartered in London. As IT manager, Brown has to look after 130 endpoints — a mix of desktops, smartphones, and laptops, as well as hosted email and a handful of on-premise servers. With a globetrotting sales team logging on to the network from around the world, and a diverse IT estate, there’s plenty to keep him busy. Brown had used Rapid7 software in the past and knew of them as a leader in the security space. He had previously identified a need to track and analyze user authentications and behavior but couldn’t find anything suitable. Until Rapid7 there really wasn’t anything on the market that could easily scale from an SME like Liberty Wines right up to a large enterprise deployment. The architecture of the InsightIDR system allows it to fit any size, both from a scale and a startup cost perspective. He’d arranged for a live demo, been impressed, and allocated budget to install it the next financial year. However, the attackers had other plans.
挑战
The cyberattack came in early 2016, when IT manager Tom Brown was on a trip to eastern Europe. Back at headquarters, his staff reported that email had gone into meltdown. Customers were calling in to report that they received emails from Liberty Wines with an unusual attachment, which turned out to be malicious. At the same time, the team was being bombarded by a backscatter of hundreds of thousands of non-delivery receipts related to the malicious email. Tom had to ensure that this wasn’t from an internal breach — that’s when Brown called in the experts at Rapid7. Brown had used Rapid7 software in the past and knew of them as a leader in the security space. He had previously identified a need to track and analyze user authentications and behavior but couldn’t find anything suitable. Until Rapid7 there really wasn’t anything on the market that could easily scale from an SME like Liberty Wines right up to a large enterprise deployment. The architecture of the InsightIDR system allows it to fit any size, both from a scale and a startup cost perspective. He’d arranged for a live demo, been impressed, and allocated budget to install it the next financial year. However, the attackers had other plans.
解决方案
With time now of the essence, Brown quickly purchased and installed InsightIDR to gain the visibility and tools he needed to deal with the crisis at hand. InsightIDR is an integrated detection and investigation solution that combines user behavior analytics, endpoint detection, and visual log search to spot and contain a compromise quickly and effectively. The Rapid7 team worked closely with Brown, across three different time zones, to resolve the issue. Thanks to Rapid7’s Quick Start service, the product began collecting and baselining behavior “almost straightaway” to provide Liberty Wines with the real-time intelligence needed to reliably identify compromise. It scoured their systems looking for traversal, privilege escalation, unusual service account usage, logins from unexpected locations or devices, and so on. Fortunately for Brown, there was no sign of such activity. Instead, it was deduced that the malicious activity had originated from a customer. The hackers had cloned a genuine email sent from Liberty Wines to a customer and then mass emailed it out to millions of internet users with the addition of a malicious JavaScript attachment. The Rapid7 team reverse engineered and analyzed the malware in question to ensure that Liberty Wines was not compromised. Combined with the real-time visibility provided by InsightIDR, Brown was able to draw up a clear and detailed graphical timeline of events for the Liberty Wines board, and inform customers on the exact situation. Rapid7’s leading vulnerability management solution, Nexpose, was also set to work to identify any potential security weaknesses in the Liberty Wines IT setup.
运营影响
  • Brown was delighted by the speed and accuracy of the incident response investigation. Rapid7 was able to integrate InsightIDR into the Liberty Wines environment within hours. That speed of response is essential in suspected breach incidents, as the longer an attacker is allowed inside a system, the greater the financial and related damage likely inflicted.
  • Although there was no sign of a breach, the new user and endpoint process visibility it gave Liberty Wines did highlight a few areas they needed to tighten up, particularly on user account security. The whole process of managing Liberty Wines staff is now more efficient and secure thanks to the highly granular visibility InsightIDR provides. It enables Brown to see if a user is trying to access work emails on an unsanctioned mobile device, for example, or if they’re logging on from a foreign country. In combination with Nexpose, Rapid7’s vulnerability management product, it has helped him become a more effective IT manager, he says.
  • In fact, thanks to running Nexpose, Brown was able to first quantify and then demonstrate to the business how legacy non-production servers, which were left running for reference purposes, presented a major security risk if left operational. As a result, he got the backing of senior management to completely shut down the firm’s legacy servers to lock down this risk for good.
  • With these kinds of results, it’s no surprise Brown is keen on expanding Liberty Wines’ relationship with Rapid7. With a new website on the way, he’s already set aside budget for a pen testing service to make sure the site is “bomb-proof” when it goes live. And he’s scoping further future investments into Rapid7 Security Awareness Training services.
  • The incident may not have turned out to be a breach in the end, but thanks to Rapid7’s comprehensive response, Liberty Wines is now able to manage its staff and secure its IT estate in a more effective, proactive manner. That’s something we can all raise a glass to.
数量效益
  • Rapid7 was able to integrate InsightIDR into the Liberty Wines environment within hours.

Case Study missing?

Start adding your own!

Register with your work email and create a new case study profile for your business.

Add New Record

相关案例.

联系我们

欢迎与我们交流!
* Required
* Required
* Required
* Invalid email address
提交此表单,即表示您同意 IoT ONE 可以与您联系并分享洞察和营销信息。
不,谢谢,我不想收到来自 IoT ONE 的任何营销电子邮件。
提交

感谢您的信息!
我们会很快与你取得联系。