Elara Caring is one of the nation’s largest providers of home health care. Based in Dallas, Texas, the company operates across 16 states in the Northeast, Midwest, and Southwest. It employs approximately 32,000 caregivers in more than 200 locations serving over 60,000 patients and their families daily.
Elara Caring is the result of a merger of three home healthcare companies. The combined organization offers comprehensive personal care, skilled home care, hospice care and behavioral health services. While the consolidation of the three companies created new opportunities, it also created challenges for the new company’s IT infrastructure and data security.
Like most security managers in his position, Eric Bowerman, Elara Caring’s Chief Information Security Officer (CISO) spends the bulk of his time focused on protecting his end-users. “Phishing is probably the biggest concern that I have. And ransomware, of course, because we’re a healthcare company the ransomware gangs target us.”
An additional challenge for Elara Caring is the work-from-home environment. Bowerman acknowledges that having so many remote workers presents compliance issues related to protected health information (PHI). “Previously most of our back-office folks were working in-office, then when COVID hit last year they went home with laptops thinking it would be only for three or four months. At the time, we had limited management software on those laptops, which means we didn’t have the same control as when they were in the office.”
Bowerman is an infosec veteran. When he joined Elara Caring 18 months ago, he zeroed in on the most critical security areas he needed to address first and foremost. “I was looking at all our basic operations, which I consider endpoint security controls. So, that includes the EDR solution, antivirus, content filter and web proxy, and then governance, risk and compliance. Vulnerability management was also key.”
Bowerman is clear-eyed about what he and his security team can handle given the diverse infrastructure they protect. “I’m the CISO that still pushes buttons, conducts investigations and everything else. There are only two of us in security right now so we can’t run a SIEM ourselves, and we don’t have the resources to create our own SOC. As a small team, anything we buy has to be a force multiplier.”
Bowerman did his research, talked to vendors, conducted POCs and narrowed his selection list down to two vendors. He selected Rapid7 InsightVM, the leading vulnerability management solution along with the Rapid7 Managed Detection and Response (MDR) service for 24/7 threat detection and response.
“I looked at Rapid7 and one other vendor for vulnerability management, but when I found out that Rapid7 had a Managed Detection and Response (MDR) solution, it was a simple decision for us. We were looking for a SIEM, and with Rapid7 MDR we got that plus a team of experts, 24/7 monitoring, and proactive threat hunting. We think of our Rapid7 Customer Advisor as having another person on our team.”
Another factor in Bowerman’s selection of Rapid7 is that he didn’t want to deploy and manage two separate agents for MDR/SIEM and vulnerability management solutions. “It made a lot of sense to have just one agent doing everything I wanted, that was a pretty compelling argument.”
Gaining Critical Visibility
Like turning on a powerful flashlight in a dark warehouse, the InsightVM agents deployed gave Bowerman the visibility he needed. “When we started deploying the Rapid7 agents, we were able to start gathering the telemetry and identify vulnerabilities on the systems we needed to remediate. We also gained visibility into missing patches. I knew I had to have a SIEM in order to start collecting the logs, correlating them and seeing where my gaps were. That was the big first step.”
Bowerman also has seen an improvement in the quality of his metrics. “InsightVM helps us in our metrics when we present to the executive council each month. So, being able to show that we reduced vulnerabilities is key. I like the fact that it has APIs, so we can actually create our own security dashboard from all of our disparate tools and pull it all in and say, “Here are the needles and the gauges and all the information; this is where we want to be, and this is where we are today. It’s pretty cool.”
A Proactive Partnership
A security professional like Bowerman knows that spotting vulnerabilities is very much a team effort. “We have a good partnership with Rapid7,” Bowerman says. “I can buy a product from anybody, but are they going to be there and support me? Will they actually come to me and say, ‘Hey, we’re seeing this in your environment.’ Our Rapid7 customer advisors are great – it’s been a good experience and partnership.”
As for the overall impact of Rapid7 on Elara Caring’s security environment, Bowerman explains, ”Rapid7 tools work. The partnership with Rapid7 has absolutely been spot on with my expectations.”