制造商人工发热机凭借Rapid7解决方案保持活力

挑战

詹姆斯·汤普森, 海宝公司信息安全经理, depends on security solutions that keep operations 和 technology running smoothly 和 safely in his organization's environment. Responsible for a whole spectrum of assets—including operational technology, 物联网设备, 以及海宝自己的专有软件, James sought out a single pane for visibility into the "wild west" that is the manufacturing sector.

解决方案

Rapid7 InsightVM 这是识别的理想解决方案吗, 评估, 和 remediating risk without the downtime associated with other tools. 海宝公司与Rapid7的合作使得 InsightAppSec, Rapid7’s leading dynamic application security testing (DAST) solution.

亮点包括:

• "For a real mature vulnerability scanning management program, 我们开始评估Tenable.io和Rapid7的InsightVM... When we were demoing InsightVM, we found that we could create a kind of a dynamic blacklist. So that allowed me to build out my scanning schedules without the risk of knocking printers offline, 这对制造业来说是件大事."
• “AppSpider*让开发者能够自助. Building that tool into our web applications helps me better underst和 the exposure at the edge... 它还使这些开发人员能够改进他们的产品, 来测试他们的产品, 还有AppSpider, 他们可以在飞行中进行测试."
• "[Rapid7 helps] ultimately build a complete solution 和 program around the correlation the products can provide... The customer success managers are really helping me paint that picture."

 *The industry-leading DAST engine behind Rapid7 AppSpider is now Rapid7 InsightAppSec.

视频记录

我叫詹姆斯·汤普森. 我是海宝公司的信息安全经理. We're a metal cutting solutions provider, so think high pressure water, plasma, laser. So you'd find us working on shipyards, oil, pipelines, or the home hobbyist on go-carts.

制造业环境充满挑战. 我喜欢称它为狂野西部. We don't have a lot of the regulation that a financial industry or health industry might have. So, 我们的大部分安全并不是强加给我们的, 我们选择平衡在哪里, 不管是好是坏.

So, talking about our environment 和 kind of the structure of our environment, very mobile. 非常流动的劳动力，特别是物联网. So, 我们的很多同事, 我们喜欢这样称呼他们, they have laptops 和 then we have a high percentage of that population are engineers. So, high powered CAD workstations, high virtualized infrastructure.

而且很多制造业都有老旧的机器. So I might have a million dollar machine out on a manufacturing floor that's still making parts, 交付价值, 但它运行在XP或XP嵌入式系统上, 或者是一些变得非常难以保护的东西.

所以能够建立在意识之上, build on the business case for a real mature vulnerability scanning management program, 我们开始评估Tenable.io和Rapid7的InsightVM.

我们在想办法, 我们手动管理打印机的ip黑名单, 和 with various manufacturing cells always moving around the organization, 有人会把打印机移到一个新的IP范围, 我可能要等到我把生产下线了才知道. So regardless of me saying you really need to tell me when you're moving these things, 事实是我是公司的一个痛点.

When we were demoing InsightVM, we found that we could create a kind of a dynamic blacklist. So that allowed me to build out my scanning schedules without the risk of knocking printers offline, 这对制造业来说是件大事. 当然对我们来说.

In terms of features that we're leveraging now that are really critical to us, 我想强调两点. 一个是仪表板. The built in dashboards allow me to step back 和 allow my managers, 或者更高级别的高管们看到这一点, 和 ask questions without me going in deep to create these custom reports. 总是重新生成报告，针对每个问题进行调整.

They can go in live 和 see a live snapshot of what's going on. 所以当出现新的漏洞时，他们就像我说的, ”詹姆斯, 我在新闻上看到的, 比如蓝堡, 我们做得怎么样?? 我们的足迹是什么?? 我们的曝光率是多少??" They can hop right in 和 see the WannaCry 和 the various CryptoLocker inside. 有两三个资产. 我应该担心吗?? 我们该怎么做呢?

The other piece that we leverage heavily, is the DHCP scanning.

So when a new device is plugged into the network 和 somehow it's made it around our perimeter defenses, 当它提取DHCP地址时, 它在那个时间点扫描. Or we have it set up that if it's scanned within the last two weeks, 它不会, 因为这是一个已知的设备插入并提取DHCP.

So it's given us visibility into rogue devices connecting to the network, 和 given me the ability to speak with confidence that if it's on the network, 我知道.

We're leveraging Atlassian Jira for ticketing within the InsightVM platform. The real advantage for us there was it removed myself as a traffic cop. 查看各种漏洞, 他们有多挑剔, 和 making a very subjective decision on do we need to elevate these to the business or not? I now have a more quantifiable approach that will automatically create a ticket, 这是一个工作流, 被分配给某人进行调解. 这种编排真的节省了很多时间.

We really always recognized that there was a hole in our application scanning. Whether that be web applications, or we also develop our own 软件 for sale.

这对我们来说是一个新的空间. 我们努力想知道如何填补这个空间, 所以我们的关系, 通过InsightVM成长, 我们开始问问题, Rapid7还能为我们做些什么呢?

我需要利用一个工具，它可以回来说, “你可能在这里有一个续集注入的机会, 您的身份验证方法可能很差.所以AppSpider让开发者能够自助.

Building that tool into our web applications helps me better underst和 the exposure at the edge. So now I can better speak to the management team about how we're doing. But it also empowers those developers to improve their product, 来测试他们的产品, 还有AppSpider, 他们可以在飞行中进行测试. 他们会指出他们的开发实例, 他们会做出改变, 他们会运行它, go, “哦, 可能有SQL注入." They'll make a tweak, run it right there 和 say, "This will work", 和 then publish that. 所以他们能够快速灵活地做出调整.

It's just about weekly interaction with Rapid7 as to how we are doing? 我们正在做的事情? 我们需要在这里加大投资吗? 我这里有个收购项目，我需要这个计划, 和 then looking further down the road towards how I can bring in IDR, 与耐多药合作. 我可以使用connect平台实现更多自动化吗? Ultimately build a complete solution 和 program around the correlation the products can provide. 而不是我在这里做同类中最好的, 这是最好的品种, 这是最好的品种, 和 having three different panes of glass that somehow I've got to tie together.

所以教练们, 我会叫他们教练, customer success managers are really helping me paint that picture. So I can sleep at night 和 hang out 和 have fun 和 not worry about what's going on in a time zone. 我不工作的12小时.