Modine Manufacturing通过Rapid7的安全服务和解决方案组合阻止威胁

Challenge

摩丁有一个小的安全团队，肩负着大的使命，随着业务的增长，风险也在增加. Detloff的三人安全团队很快从监控几百个事件源扩展到几千个. 摩丁需要一个合作伙伴，可以帮助他们改进安全计划的各个部分. This meant addressing both proactive and reactive security needs. A strategic goal like that calls for a strategic partner, one with multiple centers of product and service excellence.

Solution

Modine Manufacturing found their strategic partner in Rapid7. Today, 该公司依靠Rapid7管理服务和基于云的软件的组合来改进他们的安全程序. 这包括InsightAppSec，用于扫描面向客户和内部开发的应用程序, ManagedVM (MVM)，卸载漏洞风险扫描和管理操作, Rapid7 MDR的SOC专家使用insighttidr解决方案检测和响应威胁, 以及InsightConnect的SOAR功能，使其自动化并将其联系在一起.

“Where Rapid7 is heading, they’re not just looking at endpoints or users, 但他们正在将其与网络检测功能和其他数据源结合起来，以提供更好的, broader picture of the many different ways someone can attack us,” explained Dettlof. “They give us correlated and contextualized data.Detloff进一步指出，insighttidr和InsightVM同时使用的单一轻量级代理已被证明是有价值的, providing a lot of capability with a minimal impact on the system.

Stopping Threats Early And Fast

Modine定期对其全球系统和网络进行全面扫描, which enables the Security team to quickly assess, 在攻击者利用漏洞之前对系统进行优先排序和打补丁. “有了耐多药，我们不再需要担心大海捞针, 因为Rapid7 SOC会处理所有问题，让我们知道需要担心的关键警报,” stated Detloff. “当最近的零日威胁出现时，Rapid7团队在前一天晚上通知了我们. The next day we saw it on the news, 我想:这就是我们花钱雇来的——一个控制突发事件的专家团队，这样我们晚上就能睡个安稳觉.”

Without the MDR service, 德特洛夫指出，他的3人安全团队将不得不筛选大约16个,000 possible alerts a day. “The Rapid7 team pares this to about five validated incidents a day. Five we can handle. 我们还能够隔离端点并启用/禁用用户，直到事件得到解决.”

“The Rapid7 team saves us a ton of time, 给我们准确的信息，而不是我们必须调查每个警报，试图找出它,” added Detloff. “有一天，我们的Rapid7安全顾问联系了另一个地区的一个终端用户，他正在运行一个可疑的脚本. 结果发现，该用户有一个被感染的USB驱动器，试图执行恶意脚本. 我们的Rapid7团队捕获了所有的活动，并阻止了任何不好的事情发生.”

“行业标准的停留时间是在90-207天之间，以便在环境中找到某些东西,” continued Detloff. “Rapid7 MDR在不到一个小时的时间内就发现了一个我们认为严重的事件, 我们在不到两小时内做出了回应，并在不到48小时内进行了修复. That incident alone paid for this year’s MDR service.”

Expanding Security Coverage Without Adding Headcount

”Without Rapid7’s managed service for detection and response, 我预计至少还需要四到五个人来提供类似的保险。”, stated Detloff. “On the vulnerability management side, I’d estimate we would need at least two additional people, and that would only be staff who could identify what needed to be fixed, not even handling the remediation side.在耐多药方面，德特洛夫估计他需要增加4到5名员工. 

“Rapid7’s MDR people have expertise that I can’t find anywhere else. 我还喜欢代理的补救端和自动化端具有禁用和启用用户的能力. MDR和InsightConnect双方的集成也吸引了我们.”

Freeing-up Time To Focus On The Program

“I love what I do for a living. I like to dig into individual incidents when I can. 但如果我整天都在筛选事件，我就没有时间去做这些了. With Rapid7’s MDR, I can be more strategic. 我可以专注于整个安全项目，而不仅仅是探测和响应.”

“去年冬天，我在冰面上钓鱼时，发生了一起重大安全事件,” continued Detloff. “I got on the phone with my security analyst and Rapid7. We were able to remote in, see the incident, and make a decision. I responded from the middle of a lake in Wisconsin! Before we had MDR I would have had to rush home to deal with it.”

Addressing the Challenge of Phishing

“我们最关键的安全挑战之一是网络钓鱼，”Detloff指出. “80 percent of breaches originate as phishing emails. 我们每天收到大约40封可疑邮件的用户报告，需要对其进行分析, and about five of these typically need to be remediated.有了InsightConnect, Detloff的小团队可以专注于5个项目，而不是40个. “We built a workflow that pulls in the email, 通过几个不同的威胁情报来源运行所有的链接和附件然后确定它是否是良性的, known malicious or suspicious,” explained Detloff.

 “All we need to do is click a button to confirm if it’s malicious, and InsightConnect will strip it out of Microsoft Exchange for us. 这将过去每封邮件需要30-40分钟的过程减少到每封几分钟.“Modine也正在迁移到一个新的电子邮件网关，以改善他们的电子邮件过滤，并计划使用InsightConnect与该服务的集成来进一步自动化他们的网络钓鱼修复. 

Testing application security on a routine basis.

Modine uses InsightAppSec to dynamically scan applications. “We have internally developed applications that are customer-facing, and those are the biggest ones we need to make sure are protected. 我们的开发人员非常期待能够获得基于他们的应用程序运行情况的OWASP报告. 

As for the future, Modine将继续提供事件源和指示器，并扩大他们对代理和现有警报系统的使用，并增加自动化功能. “Automation is going to be crucial to our small team.”