Bioventus Relies on Rapid7 to Secure Critical Patient Data

Challenge

With a large distributed workforce, multiple clouds, diverse devices, and critical patient data on the line, the Bioventus security team faces an uphill battle. User compromise and phishing emails are among the most critical challenges the team faces daily. 

As an American healthcare company operating internationally, Bioventus has an additional security challenge related to safeguarding patient records. “We’re dealing with medical devices and patient information that has to be protected at all costs,” Kerry LeBlanc explains. “A breach of any sort can be damaging, but a breach of patient records can be expensive.”

Bioventus also faces the kinds of security challenges that are all too common for enterprises of a certain size. “There are people out there hitting every IP address that they can. Most of my networks are in the cloud. So, we get those types of attacks, as well.”

Solution

Leblanc implemented Rapid7 InsightVM, the leading vulnerability management solution and Rapid7 InsightIDR, the leading cloud SIEM. LeBlanc chose Rapid7 in large part because of the system-wide integration designed into both InsightIDR and InsightVM. “Rapid7 had the best integration possible with what I already had in the environment and with what I wanted to put in. I wanted AMP for endpoints. Rapid7 has an API built for AMP for endpoints. They have integrations built-in for my firewalls; for all the tools I wanted.”

LeBlanc also points to Rapid7’s strong tech support. “Every review I read said Rapid7 support is always there. And, Rapid7 has proven it over and over in the three years I’ve been working with them.”

When LeBlanc joined Bioventus, his first step was a system-wide assessment to pinpoint gaps and weaknesses. An immediate concern was vulnerability. “We didn’t have a SIEM. I knew that was definitely something we needed. We needed a vulnerability management solution and an endpoint detection and response solution,” explains LeBlanc.

“I’ve been doing what I do for a long time. I have a lot of experience with a lot of tools, a lot of platforms. So, I knew in my mind what I wanted.” LeBlanc is responsible for Bioventus’ cyber security, reporting to the director of IT infrastructure and security. “If it’s security, it’s mine,” explains LeBlanc. “I’m in charge of the security awareness program, I am the incident response team. I’m the threat hunter. I’m the investigator of incidents. I’m also the SOC.”

Visibility and Context Are Key

“For me, it’s all about visibility and context into the threats,” LeBlanc says. “And as soon as Rapid7 was in place, two critical things changed. One, InsightIDR discovered a lot of things I hadn’t known before, which was unbelievable. “Everything comes into InsightIDR. I mean, everything. 

Extended Detection and Response (XDR)

“The other major change, and this is part of extended detection and response (XDR), is being able to correlate, analyze, prioritize and remediate as quickly as possible. Rapid7 does that because it has visibility into everything,” continues LeBlanc. “It can build context around the threats and the events. It can help prioritize them for a higher level of awareness. I can focus on them a lot quicker, and it gives me the opportunity to reduce severity and eliminate further impact.”

“InsightIDR is my go-to tool because it offers a context that allows me to correlate my data. If I want to investigate user data, everything tied in with that user is right there in my investigation. Everything from my EDR solution, everything dealing with the user ID, everything from firewall traffic that might have the user ID. It’s been super helpful.”

Enhanced Endpoint Telemetry

LeBlanc is also taking advantage of the InsightIDR Enhanced Endpoint Telemetry. “I use it for alerting on malicious processes, which is super nice because my EDR may not catch the process as malicious as quickly as the Insight Agent” LeBlanc also uses it for threat hunting, asset authentication reporting and failures. “It’s tremendous information that comes in through that endpoint telemetry.”

A Single Agent for InsightIDR and InsightVM

LeBlanc is scanning all of his locations; cloud servers, data center servers. “A lot of these have the Insight Agent, and that agent feeds InsightIDR and InsightVM as well. It covers all of my environment, all my locations. InsightVM has the ability to look at everything, not just my endpoints. We found credentials in the wrong places, configurations used in the wrong way, services that should never be left on. It immediately found all these things that we were able to go and address. Nobody had any clue until we began using InsightVM.” 

Reducing Response Time to Minutes

“When I put Rapid7 in place my response time went from three to four hours to ten to fifteen minutes. I see what it is and how to remediate it. Everything is right there. I can query the endpoint or get information and pull up different things on the user.”

A Mature Security Program

LeBlanc has used Rapid7 tools to take Bioventus’ security program to a high level. And he points to the confidence his executive team has in his security programs. “One of my VPs was at a conference where they reviewed a checklist of all the things that you should do for a good security program. And as they’re going down the list, he said, ‘Kerry has checked every box’. That’s a nice feeling.”