EMW Law Relies on Rapid7 Insight Platform to Meet Evolving Security Requirements

Challenge

As a law firm entrusted with confidential client business data, EMW takes cybersecurity extremely seriously. “There is a requirement, not only from our clients but also from the Solicitors Regulation Authority (SRA), that we exceed certain criteria when it comes to being secure and handling confidential data,” explains Lee Killner, IT Director at EMW. This commitment to security shows: EMW has achieved National Cyber Security Centre (NCSC) Cyber Essentials certification every year since 2017.

Despite the success, Killner says the firm’s established on-premises security solutions were struggling to keep up with an evolving threat landscape and work environment. Meanwhile, a shift in user behavior prompted Killner and his team to add another requirement to any new solution: it had to be cloud-based. “I wanted to have access to this information anywhere.” states Killner. “During the course of the pandemic, users were taking devices and working at home, so there’s a significant flaw in having a system that is purely based on-prem and only looks at equipment based on-prem.”

Solution

After weighing the available options and speaking with trusted third-party consultants, Killner and EMW landed on InsightIDR and InsightVM from Rapid7. InsightIDR is Rapid7’s cloud-based threat detection and response SIEM, enabling organizations to respond with speed and confidence to attacks by spotting the behavior behind security breaches. With machine learning, advanced analysis, and out-of-the box detections curated by Rapid7’s global SOC team, it allows security professionals to quickly sift through data to identify and respond to real threats, all within one interface.

InsightVM from Rapid7 uses the same underlying agent to provide real-time insight into vulnerabilities. Risk-based attacker analytics help firms to automatically prioritize threats and remediate with speed.

When selecting the law firm’s new threat detection and vulnerability management solutions, Killner didn’t just want to eliminate noise and move to the cloud. “The solutions needed to be intuitive to use, but also had to be backed by expert support. If I’ve got security experts I can go to and ask, ‘What does this mean?’ and they’re willing to assist with that, that’s half the battle.”

“Our detection and response product mostly did what we needed it to do, but also generated a lot of false positive alerts. That caused significant inefficiencies, as each alert could lead to two or three hours of research getting to the bottom of it. Time spent investigating false positives is time I’d rather devote to tasks that really matter.”

Killner adds that the firm’s vulnerability management solution had a patch management system that wasn’t meeting the needs of the business and was too resource intensive. “That’s why we looked to find something that would give us the confidence that we’re tracking the vulnerabilities.”

“Rapid7 is an intuitive tool that gives you the results you need, without all the noise in the background. Having a solution that can filter through that noise, and just give you the alerts that are more concerning – that’s a godsend because it makes sure that I’m actually focused on the things that really matter,” explains Killner. “I can honestly say that for me, Rapid7 has ticked that box.”

Results

Immediate Deployment

InsightIDR and InsightVM are built in the cloud to get up and running quickly, while continuously up-leveling an organization’s capabilities as they grow into the platform. For EMW, this has made the transition a painless one.

“Agent deployment is literally click, click, next, done. And suddenly it appears in the portal,” according to Killner. “Life is wonderful, as they say. From a tech perspective, this is the ideal.”