KinderCare is the nation’s leading Early Childhood education company. 自1969年开业以来, Kindercare has built a network of community-based center, 雇主赞助的项目和课前和课后网站,以满足家长的需求. 幼儿园有超过2个,在美国40个州和哥伦比亚特区的000个地点开设了这所学校,并采用了一套专有的课程,目标是为所有能力和背景的孩子创造优异的成绩. Kindercare builds a foundation of a lifetime love of learning in children, by building confidence in children, 不可动摇的自尊, 我们的孩子们在走向世界的第一步和每一步都能带着这种信念. Byron Anderson is the Senior Information Security Engineer at KinderCare. His job is to protect the data of the Kindercare families, 孩子们, 和 employees that Kindercare supports.
Anderson came into his role two years ago. 加入幼托之初, 他继承了几个用于管理组织安全态势的不同平台. He discovered that coverage was not complete, integration of platforms was lacking, 幼儿园所有基础设施的全面安全可见性缺失. 在深入审查之后,很明显,重新架构和更改安全平台对于创建易于管理和可支持的安全基础设施是必要的,该基础设施将提供必要的可见性.
One of Andersons guiding philosophies is “use less tools more”. Anderson believes that if you pick strong tools 和 use them to their maximum capability you will get more value out of your investments 和 need less tools; this also helps to avoid tool sprawl. After doing a review of several different platforms 和 tools, Anderson 和 team choose the Rapid7 了解平台 to move forward with. 他们认为Rapid7平台最符合安德森的理念,它也将为KinderCare提供一个快速实现价值的时间.
“Rapid7 has such tight ecosystem. 你不需要几十种工具,每种工具你只使用了20%。. “如果你得到了非常好的工具,并且使用了99%,你就不需要那么多工具! There’s so much out-of-the-box content pre-built into Rapid7.”
从其他系统轻松收集数据并迅速将其转化为环境中正在发生的行为所带来的直接价值,使安德森很容易说服公司做出改变. Within six months his team was able to phase out several of the old tools.
今天, KinderCare utilizes Rapid7’s 管理检测和响应 (MDR) service, 以及InsightVM, InsightConnect, 和InsightAppSec. They didn’t intend to necessarily go “all in” with the Rapid7 ecosystem; however, Anderson concedes that the benefits of utilizing the ecosystem just made sense.
所以即使幼儿园计划只使用MDR一年, they opted to renew their contract – with enthusiasm. “We were hoping that after a year, we would have the ability to provide better 24/7 coverage ourselves. 但我们决定保留MDR,因为我们对它非常满意,”他透露. “The folks on the MDR team have been so phenomenal to work with. 他们帮了很大的忙. So, we decided we want to maintain the 24/7 coverage.”
安德森随后分享了他是如何在insighttidr中创建一系列仪表板的,这些仪表板提供了他所有不同工具和服务的“概览”——一种他每天早上运行的健康检查.
“我喜欢Rapid7总是策划新的检测和更新他们的平台. It saves me having to do that work. They have so many alerts for InsightIDR that we use. 我可以自己创建,但Rapid7已经在这方面做得很好了。. 然后他估计,对于99%或更多的警报,他相信Rapid7不仅可以创建警报,还可以改进警报.
Anderson loves that they have a full picture of their vulnerabilities, 和 that you can report on them in a way that’s useful. “InsightVM创建的修复报告侧重于修复任务,而不是漏洞日志列表. We can easily h和 these reports off to other teams without overwhelming them. 之前,我们只有CSV或Excel的漏洞列表,没有任何修复的细节,这将很快压倒其他团队,最终导致什么也没做.”
When pressed for one of his favorite features, 安德森毫不犹豫地引起了人们对insighttidr功能——日志搜索的关注. “Log queries in InsightIDR are phenomenal, especially thanks to the latest features that have been added. 它使调查事物和执行这些查询的速度变得如此容易,”他笑着说. “When I had to do that in our old platform, I would literally set it to run a query 和 then go get a cup of coffee. Sometimes it would take me hours to investigate simple things. insighttidr是闪电般的速度. It really minimizes the amount of time I spend doing this, because I can access 和 work with the data so quickly.”
Another thing Anderson leverages often is Investigations, something he h和les a h和ful of every single day. “I love the way it has the investigations all self-contained. You can add additional data to them, you can put notes in them. 这使得我们可以很容易地在一个地方进行管理,”他分享道. “我们不需要将所有内容发送到外部票务系统,并通过该系统进行管理. It’s all self-contained within the product, which is great.”
结束我们的谈话, Anderson provided some advice for people who are looking for a threat analytics platform or looking for a SIEM that they can get more value out of; “I’ve worked with a lot of different products that operate in the SIEM or security information event management space. Rapid7所做的是独一无二的. InsightIDR is already built to do exactly what you need it to do,” he opined. “所有的检测逻辑都是内置的,它让一切变得简单. I highly recommend you try it out.”