Cradlepoint is one of the world’s leading providers of wireless network edge solutions. Founded nearly 15 years ago, the Boise, Idaho-headquartered company now offers software-defined and cloud-delivered wireless WAN solutions that unlock the power of Gigabit class LTE and 5G cellular networks for enterprise and public sector customers. Its flagship NetCloud Service delivers all of this via a simple-to-use, subscription-based software platform that, together with purpose-built routers and adapters, provides wireless connectivity in branch sites, pop-up stores, in-vehicle environments, and smart cities.
Brandon Ashey is the Director of IT and Security at Cradlepoint with responsibility for IT, infrastructure, telecommunications, and security at the firm. His team manages all of this across an on-premise and mainly cloud and virtual infrastructure, including Azure and AWS and around 200 virtual machines (VMs).
Like many IT managers over recent months, Ashey has found existing security challenges exacerbated thanks to COVID-related mass home working. Across much of the globe, cyber-criminals have sought to capitalize on the pandemic to rebrand phishing campaigns with virus-themed lures, as well as targeting remote access infrastructure and video conferencing platforms. Back in April, Google claimed to be blocking 240 million COVID-themed spam messages and 18 million malicious and phishing emails each day.
Cradlepoint’s relationship with Rapid7 began a long time before the pandemic, back in 2017. At that point, Ashey found there was a pressing need for greater visibility and control of laptop security and monitoring. Phishing was an ever-present threat, especially for time-poor sales employees who may be fielding many messages each day from unfamiliar senders.
“The first thing I wanted to do was bring in that single pane of glass where we could view all of the alerts and monitoring. At that point we didn't have anything,” he explains. “One of the things that kind of endeared me to Rapid7 was that an agent gets deployed on to every laptop device.”
The second consideration was heavily influenced by the size of the IT team at Cradlepoint. It’s too small to run its own 24/7 Security Operations Center (SOC), so Ashey needed to find a trusted provider who he could effectively outsource this task to.
“I needed a service that could monitor our environment, filter out all the noise, and just send me the big alerts, and let us focus on those. Without the Rapid7 SOC we wouldn’t have been able to do SIEM at all,” says Ashey.
After going through the proof-of-concept process with a couple of vendors, Rapid7 emerged as the clear front-runner and Managed Detection and Response (MDR) was lined up for testing. Rapid7 MDR is powered by InsightIDR—a Gartner “Leader” for SIEM—which enables a team of expert threat detection and response specialists to provide round-the-clock monitoring, investigation, and response via advanced behavioral analytics and human expertise. Its 24/7 SOC monitoring and threat hunting acts as an extension of the internal security team, enabling organizations to get back on the front foot in the battle against escalating cyber-risk and evolve their security maturity.
The MDR service and InsightIDR solution support not just the firm’s remote sales staff but, during lockdown at the time of writing, almost every single employee. “The Insight Agent was a big draw for us initially, and especially now with almost 700 employees working remotely. We're able to get instant visibility to those machines—even when employees are off the VPN," says Ashey. “As we came into COVID-19 and the company started working from home, I realized, ‘wow, I am really glad that I've got that agent deployed out on the laptops.’ I can still go into the Rapid7 dashboard and see everything that’s going on.”
The service has also helped Ashey to better articulate cyber-risk to the C-Suite to improve the standing of IT in general and help to secure budget.
“Whenever I give a presentation to the C-suite or a business review team, I like to include dashboards from Rapid7, to provide that global picture,” he explains. “As soon as I brought in MDR I went there and said ‘look, here are the hundreds of people from China trying to hack our Office365 accounts every day. This is what I need to fix.’ It is that kind of visibility of data that helps me justify my budget.”
In fact, MDR worked so well that Cradlepoint decided to expand its relationship with Rapid7 through InsightVM, its flagship solution for vulnerability management. The investment made sense on several levels. The product uses the same Insight Agent, so there was no need to degrade laptop performance for hundreds of users with an extra installation. Additionally, Rapid7 was already well known and trusted by the company, saving Ashey time on lengthy contract reviews with the legal department.
Once again, the dashboard view added real value in helping him show the executive team the scale of cyber-threats facing the organization. The interactive user interface provides a handy single-pane view of vulnerabilities and detailed information on business risk that goes beyond CVSS score, which allows customers to see where they’re exposed and prioritize remediation. The dashboard view was particularly useful when multiple vulnerabilities were discovered in Zoom, the popular video conferencing platform used by Cradlepoint to support the business during lockdown, says Ashey.
The plan for the future is to extend the product functionality using InsightConnect—Rapid7’s security automation and orchestration tool—to integrate InsightVM seamlessly with Ivanti for automated asset and patch management. That’s a project for another day, however. For now, Ashey is satisfied that MDR and InsightVM are offering a significant advantage at a time when many organizations are struggling to securely manage mass remote working.
“I love Rapid7 because of the holistic coverage you have over every device, and every user around the world,” he concludes. “I feel that Rapid7 has my global network covered.”