金融安全 信任s InsightVM to Discover the Unknown

挑战

As a financial institution, Security Financial constantly has a target on their back. They therefore need to be ahead of the game 和 be proactive instead of reactive. 这相当复杂. The company has their own in-house software 和 various systems across the country in data centers, so they have a lot of surface area for possible attack.

解决方案

Security Financial chose InsightVM to i确定所有的资产 in their environment 和 underst和 their associated risks; manage efficient, cross-functional remediation with ITSM集成; 和 communicate the success of risk reduction efforts to executives with robust 报告 功能.

金融机构, staying one step ahead of motivated attackers requires an intimate underst和ing of their organization's attack surface. In this customer story, Kurt Hazel, IT Security 经理 at 金融安全, shares the journey of his organization's security program 和 discusses why his team depends on InsightVM to:

• 识别所有的资产 in their environment 和 underst和 their associated risks.
• Manage efficient, cross-functional remediation with ITSM集成.
• Communicate the success of risk reduction efforts to executives with robust 报告 功能.

Our security program is not very mature. 我们正在走向成熟. One of the first things we did to bring about a more secure model was begin with looking at our assets, the various assets we have 和 the vulnerabilities that may or may not have. One of the key products to do that was InsightVM.

We weren't doing vulnerability management before we did this. We mostly did patch management saying we applied patches, but we didn't have the full story about what was still left unaccounted for on each one of the systems, 和 that's where vulnerability management came in.

When we purchased InsightVM, we did look at other products. 我们确实做了评估. We decided to go with InsightVM because of the robustness of some of the various features. The 报告 capability allows me to tell a story to my bosses to underst和 what's going on. The ability to hook into other aspects that we have within our environment is also a big driver.

We've narrowed down our ITSM tool to one of the ones that integrates with InsightVM because of that. The other competitors out there do not have the same feature sets. How we measure success with InsightVM is by watching the number of vulnerabilities trickle down through the tracking 和 software. 通过报告功能, I'm able to report on whether or not we're doing a successful job reducing those.

Our partnership with Rapid7's been-—it's been a wonderful engagement. The people within Rapid7 are always enthusiastic. 他们总是在那里帮助我们. If we have an idea that we want to try or be able to do something, 他们通常有产品, 如果他们没有产品, they can at least tell me where I should be looking.

我们已经得到了支持. Our tickets have been h和led with extreme diligence, always taking care of our issues 和 making sure that we were satisfied afterwards. 为什么InsightVM? 为什么Rapid7? It's been about being able to close that loop, being able to make sure that we're looking at our whole environment, 和 making sure that we're actually taking on the open issues, 发现我们不知道的东西.