DAMAC属性 Sees Immediate Value 和 Gains 24/7 SOC Coverage With Rapid7’s MDR Service

挑战

达马克建立了新的安全功能, the 4-person security team faced a number of challenges; the biggest being visibility into DAMAC’s environment encompassing numerous mobile applications, 包括面向客户和内部, 以及包括销售在内的一系列用户, crm和业务用户. Moving to the cloud 和 adopting new systems 和 APIs added additional levels of complexity.

解决方案

达马克选择了Rapid7的管理检测和响应服务. “我们以一个小团队和有限的预算开始新事物,Jeevan Badigari解释道, 首席信息安全官. “我们想要的不是工具，也不仅仅是服务. 我们希望两者兼得. 这就是Rapid7的优势所在.” The Rapid7 MDR service enables DAMAC’s security team to focus on governance, 保证, 以及技术功能, 包括DLP, 终端安全, 电子邮件安全.

第一步:综合风险评估

DAMAC began by performing a complete risk assessment to identify the security gaps. It was critical to establish the right alignment between security 和 business objectives, answering questions such as: How does security impact our business objectives? What systems are important to our business that they need to be up 和 running 24/7? 我们如何确保这些系统是安全的?

A key part of DAMAC’s new robust security program was ensuring alignment with the IT team. “随着我们引入越来越多的安全变化, 新部署, 实现和计划, we prioritized working with the IT team to enable them to execute their initiatives securely,Jeevan Badigari指出, 首席信息安全官. “We wanted to facilitate a partnership with them so the entire organization could address security in a holistic way.”

只有一家供应商提供经过验证的产品和托管服务

DAMAC applied the NIST framework to see where the company stood against the five pillars - identify, 保护, 检测, 回应, 和恢复. It highlighted that 检测ion 和 response was DAMAC’s most critical need. They wanted more than just a SIEM as a service 和 drafted requirements for an MDR provider. “Our main requirement was that it needed to be a platform with all the most critical capabilities for our organization, 包括威胁情报, 威胁狩猎, 网络流量分析,巴迪加里解释道.

Badigari过去有过实现SIEM的经验, 因此，他寻找一种云交付的方式来满足达马克的需求. “我们想把重点放在大海捞针上, 和 not devote resources to managing the entire SIEM platform or focus on fine-tuning the process.” 

立即实现价值

Rapid7 MDR SOC依赖于Insight Agent, a lightweight yet powerful software installed on assets to collect endpoint data across the environment. 它为SOC提供了实时性, critical visibility that allows them to 检测 attacker behavior 和 take action to contain a found threat. 

One of the key points DAMAC looked at as they evaluated the success of MDR was the time required for implementation. 一旦他们安装了洞察特工, 安全团队对整个环境具有完全的可视性. “We were up 和 running in less than a month with Rapid7,” notes Badigari. “我们的账户已经完全设置好了，我们收到了数据. The integration was easy, so the quick time to realize value was great.” 

有更多背景的可操作见解

With MDR, DAMAC receives fewer false-positive alerts 和 everything is clearly visible in the portal. “We’re seeing actionable insights with more context which allows the team to be more effective,巴迪加里继续说道. Rapid7团队在提供我们所需的反馈方面做得很好.” 

MDR includes thous和s of pre-built 检测ions to identify intruder activity, cutting down on false positives 和 enabling analysts to alert customers to true threats. All potential malicious 检测ions are manually validated by Rapid7’s SOC analyst team prior to reporting any alert to customers. “Because MDR is a managed service, I don’t have to worry about 检测ion rules. I can be confident that there is a team that’s constantly adding 检测ion rules based on the ever-evolving threat l和scape.”

随着攻击者的进化和新威胁的发现, Rapid7 develops signatures 和 检测ions for existing 和 emerging threats. These 检测ions ensure coverage for various IOCs that malicious actors use in the wild, 被1人以上告知.2 trillion weekly security events observed across Rapid7’s 检测ion 和 response platform. 

集成和报告

DAMAC also counts easy cloud integrations 和 visibility as key benefits of MDR. “由于Rapid7 MDR是云原生的, 连接Office 365等其他系统非常容易, Azure AB, 和销售团队. And the visibility of the environment gives us key stats in the dashboard. 如果我的主席想知道我们面临的威胁是什么, 我们做得怎么样, 我们打开控制台，给他看关键数据. 这些是我们真正的成功标准.”

高级威胁情报

达马克武器库中的另一个有效工具是Rapid7的威胁命令, an advanced external threat intelligence tool that finds 和 mitigates threats targeting an organization, 员工, 和客户. “Because of the nature of our business, we work with direct 和 indirect sales agents. Rapid7 威胁命令 has helped us take down a lot of phishing websites 和 impersonating mobile applications. 这些行动大大减少了风险.”

除了收入损失, the impersonating websites 和 mobile applications were negatively impacting DAMAC’s Google SEO rankings 和 traffic, 因此，它的品牌声誉. “Rapid7 enables us to identify 和 remove those instances, helping to boost customer confidence.”

单一供应商的力量

总之, Badigari offers a word of advice to his peers in the field: look for an integrated package of services from one vendor because there are real benefits in vendor consolidation. “One vendor, one technology, or one platform is easier to manage, 和 it’s effective. Rapid7的产品组合中有很多产品. 在Rapid7中，重点不再是EPS，而是设备. Tomorrow I could scale up or scale down the data, 和 it would not impact our service.”