Download PDF
From Crisis to Confidence in Only Hours: How Rapid7 Became a Security Sommelier
Technology Category
- Analytics & Modeling - Predictive Analytics
- Cybersecurity & Privacy - Endpoint Security
- Cybersecurity & Privacy - Network Security
Applicable Functions
- Business Operation
- Quality Assurance
Use Cases
- Intrusion Detection Systems
- Remote Asset Management
- Security Claims Evaluation
Services
- Cybersecurity Services
- System Integration
- Training
The Challenge
The cyberattack came in early 2016, when IT manager Tom Brown was on a trip to eastern Europe. Back at headquarters, his staff reported that email had gone into meltdown. Customers were calling in to report that they received emails from Liberty Wines with an unusual attachment, which turned out to be malicious. At the same time, the team was being bombarded by a backscatter of hundreds of thousands of non-delivery receipts related to the malicious email. Tom had to ensure that this wasn’t from an internal breach — that’s when Brown called in the experts at Rapid7. Brown had used Rapid7 software in the past and knew of them as a leader in the security space. He had previously identified a need to track and analyze user authentications and behavior but couldn’t find anything suitable. Until Rapid7 there really wasn’t anything on the market that could easily scale from an SME like Liberty Wines right up to a large enterprise deployment. The architecture of the InsightIDR system allows it to fit any size, both from a scale and a startup cost perspective. He’d arranged for a live demo, been impressed, and allocated budget to install it the next financial year. However, the attackers had other plans.
About The Customer
Liberty Wines is a small but globally dispersed, multi-award winning wine business headquartered in London. As IT manager, Brown has to look after 130 endpoints — a mix of desktops, smartphones, and laptops, as well as hosted email and a handful of on-premise servers. With a globetrotting sales team logging on to the network from around the world, and a diverse IT estate, there’s plenty to keep him busy. Brown had used Rapid7 software in the past and knew of them as a leader in the security space. He had previously identified a need to track and analyze user authentications and behavior but couldn’t find anything suitable. Until Rapid7 there really wasn’t anything on the market that could easily scale from an SME like Liberty Wines right up to a large enterprise deployment. The architecture of the InsightIDR system allows it to fit any size, both from a scale and a startup cost perspective. He’d arranged for a live demo, been impressed, and allocated budget to install it the next financial year. However, the attackers had other plans.
The Solution
With time now of the essence, Brown quickly purchased and installed InsightIDR to gain the visibility and tools he needed to deal with the crisis at hand. InsightIDR is an integrated detection and investigation solution that combines user behavior analytics, endpoint detection, and visual log search to spot and contain a compromise quickly and effectively. The Rapid7 team worked closely with Brown, across three different time zones, to resolve the issue. Thanks to Rapid7’s Quick Start service, the product began collecting and baselining behavior “almost straightaway” to provide Liberty Wines with the real-time intelligence needed to reliably identify compromise. It scoured their systems looking for traversal, privilege escalation, unusual service account usage, logins from unexpected locations or devices, and so on. Fortunately for Brown, there was no sign of such activity. Instead, it was deduced that the malicious activity had originated from a customer. The hackers had cloned a genuine email sent from Liberty Wines to a customer and then mass emailed it out to millions of internet users with the addition of a malicious JavaScript attachment. The Rapid7 team reverse engineered and analyzed the malware in question to ensure that Liberty Wines was not compromised. Combined with the real-time visibility provided by InsightIDR, Brown was able to draw up a clear and detailed graphical timeline of events for the Liberty Wines board, and inform customers on the exact situation. Rapid7’s leading vulnerability management solution, Nexpose, was also set to work to identify any potential security weaknesses in the Liberty Wines IT setup.
Operational Impact
Quantitative Benefit
Related Case Studies.
Case Study
Improving Vending Machine Profitability with the Internet of Things (IoT)
The vending industry is undergoing a sea change, taking advantage of new technologies to go beyond just delivering snacks to creating a new retail location. Intelligent vending machines can be found in many public locations as well as company facilities, selling different types of goods and services, including even computer accessories, gold bars, tickets, and office supplies. With increasing sophistication, they may also provide time- and location-based data pertaining to sales, inventory, and customer preferences. But at the end of the day, vending machine operators know greater profitability is driven by higher sales and lower operating costs.
Case Study
Remote Wellhead Monitoring
Each wellhead was equipped with various sensors and meters that needed to be monitored and controlled from a central HMI, often miles away from the assets in the field. Redundant solar and wind generators were installed at each wellhead to support the electrical needs of the pumpstations, temperature meters, cameras, and cellular modules. In addition to asset management and remote control capabilities, data logging for remote surveillance and alarm notifications was a key demand from the customer. Terra Ferma’s solution needed to be power efficient, reliable, and capable of supporting high-bandwidth data-feeds. They needed a multi-link cellular connection to a central server that sustained reliable and redundant monitoring and control of flow meters, temperature sensors, power supply, and event-logging; including video and image files. This open-standard network needed to interface with the existing SCADA and proprietary network management software.
Case Study
Marine and Industrial Displays by Caterpillar
Caterpillar needed a flexible platform for a new generation of connected human-machine interfaces across a wide variety of industrial environments. Examples include marine, petroleum pumping, generators, custom hydraulics, mining, and rail applications.
Case Study
Driving Digital Transformations for Vitro Diagnostic Medical Devices
Diagnostic devices play a vital role in helping to improve healthcare delivery. In fact, an estimated 60 percent of the world’s medical decisions are made with support from in vitrodiagnostics (IVD) solutions, such as those provided by Roche Diagnostics, an industry leader. As the demand for medical diagnostic services grows rapidly in hospitals and clinics across China, so does the market for IVD solutions. In addition, the typically high cost of these diagnostic devices means that comprehensive post-sales services are needed. Wanteed to improve three portions of thr IVD:1. Remotely monitor and manage IVD devices as fixed assets.2. Optimizing device availability with predictive maintenance.3. Recommending the best IVD solution for a customer’s needs.