下载PDF
Rapid7 > 实例探究 > Rapid7 Managed Services Help Australian Lender Minimize Risk and Maximize InHouse Resources
Rapid7 Logo

Rapid7 Managed Services Help Australian Lender Minimize Risk and Maximize InHouse Resources

技术
  • 网络安全和隐私 - 应用安全
  • 网络安全和隐私 - 云安全
  • 网络安全和隐私 - 端点安全
  • 网络安全和隐私 - 网络安全
适用行业
  • 金融与保险
适用功能
  • 商业运营
  • 质量保证
用例
  • 入侵检测系统
  • 监管合规监控
  • 远程资产管理
  • 安全索赔评估
挑战
Financial institutions around the world have always been an attractive target for hackers keen to get their hands on sensitive customer data, launch online extortion attacks, and interfere in internal business processes to siphon away funds. Even in the United Kingdom, one of the most mature global financial services markets, breaches reported to the regulator soared by 480% in 2018 according to RPC. As part of its customer offerings, Resimac issues a credit card, which means that it is also bound by strict PCI compliance rules. This puts extra pressure on an in-house security team already tasked with keeping escalating threats at bay. With just a handful of staff, Mihalek and his team manage a footprint of approximately 600 assets for the 300+ employees across Australia, New Zealand, and Manila. Needing extra help to support its PCI compliance program—and drive best practices to improve security across the organization—Mihalek sought the help of an outside managed security services provider back in 2017. The decision was underlined by a security incident the firm suffered, an incident Smith claims would have been picked up by a managed security service if one had been in place. But there were also good financial reasons for outsourcing security, says Mihalek.
关于客户
With a history that dates back to 1985, Resimac Group is one of Australia’s premier non-bank lenders. Serving 50,000 customers across Australia and New Zealand, the firm has over three decades of experience delivering home finance solutions. Head of IT Operations, Rob Mihalek, and Cybersecurity and Engineering Lead, Brad Smith, work with a small in-house team of three service desk staff and two engineers, plus a handful of contractors. Alongside Rapid7, the firm runs a variety of security tools including next-gen AV, web application firewalls, next-gen firewalls, and email security gateways from industry-leading vendors.
解决方案
Using the CIS Top 20 as a benchmarking tool, Mihalek hired a third-party security firm to perform assessments of several providers. They found Rapid7 covered over 80% of their requirements via Rapid7’s portfolio of managed service offerings: Managed Detection and Response (MDR), Managed Vulnerability Management, and Managed AppSec. MDR is Rapid7’s flagship service for around-the-clock threat monitoring, incident management, and response, leveraging Rapid7’s expert threat hunters, SOC analysts, and the InsightIDR cloud SIEM platform. Managed AppSec enables teams to leverage the power of InsightAppSec, Rapid7’s leading DAST solution, and Rapid7 experts to perform scan management, vulnerability validation, and application pen testing. And Managed Vulnerability Management enables customers to leverage their InsightVM or Nexpose investments while saving operational resources. Underpinning each offering is a dedicated security expert, the Customer Advisor (CA), who provides guidance to the Resimac team and ensures the security program continues to mature.
运营影响
  • All three managed services run like clockwork, keeping Resimac’s IT systems and data more secure and more compliant at all times. Mihalek and his team check in on their AppSec program and InsightVM around once per month for basic housekeeping, while they consult InsightIDR every day to check the latest breaking alerts.
  • Outsourcing the management of InsightAppSec and InsightVM has significantly reduced the workload for Resimac’s stretched in-house IT team, while also streamlining internal processes.
  • Resimac is using the Managed AppSec service to run scans across five core web applications. According to Smith, the service saves time and resources by whittling down findings from the 600 or 700 vulnerabilities reported it may find per site following a scan to just 20 or 30 validated vulnerabilities that the team need to action on. All that’s left is to work alongside the development team on what to prioritize in their SDLC for the upcoming release.
数量效益
  • An initial assessment of the firm’s security posture two years ago revealed a maturity rating of 1.5/5. Today it has risen to between 2.5 and 3.
  • Resimac has been able to accelerate its efforts to deliver this uplift in maturity a year ahead of schedule.

相关案例.

联系我们

欢迎与我们交流!

* Required
* Required
* Required
* Invalid email address
提交此表单,即表示您同意 IoT ONE 可以与您联系并分享洞察和营销信息。
不,谢谢,我不想收到来自 IoT ONE 的任何营销电子邮件。
提交

Thank you for your message!
We will contact you soon.