通过Rapid7的MDR服务，DAMAC属性看到了即时价值，并获得了24/7 SOC覆盖

挑战

As DAMAC built out the new security function, the 4-person security team faced a number of challenges; the biggest being visibility into DAMAC’s environment encompassing numerous mobile applications, both customer-facing 和 internal, 和 a range of users including sales, CRMs 和 business users. 迁移到云端并采用新的系统和api增加了额外的复杂性.

解决方案

DAMAC chose Rapid7’s 管理检测 和 响应 service. “We were starting something new with a small team 和 a modest budget,” explains Jeevan Badigari, chief information security officer. “We did not want the tool or just the service alone. We wanted to get the best of both. That’s where Rapid7 excelled.Rapid7 MDR服务使达马克的安全团队能够专注于治理, 保证, 和 technology functions, 包括DLP, 终端安全, 电子邮件安全.

First Step: Comprehensive Risk Assessment

达马克首先进行了完整的风险评估，以确定安全漏洞. 在安全和业务目标之间建立正确的一致性是至关重要的, 回答如下问题:安全如何影响我们的业务目标? 哪些系统对我们的业务很重要，需要全天候运行? And, how do we make sure these systems are secure?

DAMAC新的强大安全计划的关键部分是确保与IT团队保持一致. “As we introduced more 和 more security changes, 新部署, implementations 和 initiatives, 我们优先考虑与IT团队合作，使他们能够安全地执行他们的计划,” notes Jeevan Badigari, chief information security officer. “我们希望促进与他们的伙伴关系，以便整个组织能够以整体的方式解决安全问题.”

Only One Vendor Offered Proven 产品 和 Managed Service

达马克应用了NIST的框架，看看公司在五个支柱上站在哪里——识别, 保护, 检测, 回应, 和恢复. 它强调发现和反应是达马克最关键的需要. 他们想要的不仅仅是SIEM作为一种服务，并为MDR提供商起草了需求. “我们的主要要求是，它需要成为一个具有我们组织所有最关键功能的平台, including threat intelligence, 威胁狩猎, 和 network traffic analytics,巴迪加里解释道.

Badigari had experience implementing a SIEM in the past, so he looked for a cloud-delivered approach to meet DAMAC’s needs. “We wanted to focus on finding the needle in the haystack, 而不是将资源用于管理整个SIEM平台或专注于微调流程.” 

Immediate Time To Value

The Rapid7 MDR SOC relies on the Insight Agent, 一个安装在资产上的轻量级但功能强大的软件，用于收集整个环境中的端点数据. It provides the SOC with real-time, 关键可见性，使他们能够检测攻击者的行为，并采取措施遏制发现的威胁. 

DAMAC在评估耐多药成功与否时所关注的一个关键点是实施所需的时间. As soon as they installed the Insight Agent, the security team had full visibility across their environment. Badigari指出:“我们在不到一个月的时间里就开始使用Rapid7. “Our account was fully set up 和 we had the data coming through. 集成很容易，因此实现价值的时间很快.” 

Actionable Insights with More Context

使用MDR, DAMAC收到的误报警报更少，并且在门户中所有内容都清晰可见. “我们在更多的背景下看到了可操作的见解，这使团队更有效,巴迪加里继续说道. “The Rapid7 team is great in terms of providing the feedback we need.” 

MDR包括数千个预先构建的检测来识别入侵者活动, 减少误报，使分析师能够提醒客户注意真正的威胁. 在向客户报告任何警报之前，所有潜在的恶意检测都由Rapid7的SOC分析团队手动验证. “因为MDR是一个托管服务，所以我不必担心检测规则. 我可以确信，有一个团队正在根据不断变化的威胁情况不断添加检测规则.”

As attackers evolve 和 new threats are discovered, Rapid7为现有和新出现的威胁开发签名和检测. 这些检测确保覆盖恶意行为者在野外使用的各种ioc, 被1人以上告知.通过Rapid7的检测和响应平台每周观察2万亿个安全事件. 

Integrations 和 Reporting

DAMAC还将轻松的云集成和可见性视为MDR的主要优势. “Since Rapid7 MDR is cloud native, it was very easy to connect other systems like Office 365, Azure AB, 和销售团队. 环境的可见性为我们提供了仪表板上的关键数据. If my chairman wants to know what our threat l和scape looks like, 我们做得怎么样, we open up the console 和 show him the key stats. These are real success criteria for us.”

Advanced 威胁情报

Another effective tool in DAMAC’s arsenal is Rapid7’s 威胁命令, 一种高级的外部威胁情报工具，用于发现和减轻针对组织的威胁, 员工, 和客户. “由于我们的业务性质，我们与直接和间接销售代理合作. Rapid7威胁命令帮助我们关闭了许多网络钓鱼网站和假冒移动应用程序. These actions have resulted in substantial risk reduction.”

In addition to lost revenue, 假冒网站和移动应用程序对达马克的谷歌SEO排名和流量产生了负面影响, 和 therefore its br和 reputation. Rapid7使我们能够识别和删除这些实例，有助于增强客户的信心.”

The Strength of Single Vendor

总之, Badigari向该领域的同行提供了一个建议:寻找来自一个供应商的集成服务包，因为供应商整合确实有好处. “一个供应商、一种技术或一个平台更容易管理，而且很有效. Rapid7 has a lot of products in their portfolio. And with Rapid7, the focus isn’t on EPS, it is on the devices. 明天我可以扩大或缩小数据规模，这不会影响我们的服务.”