Case Study

Pearl Data Direct

Pearl Data Direct Relies on the Rapid7 Insight Platform to Secure Its Global Financial Network

Pearl Data Direct Relies on the Rapid7 Insight Platform to Secure Its Global Financial Network

Pearl Data Direct LLC (PDD), a fully owned subsidiary of LuLu Financial Holdings, is a FinTech company offering end-to-end solutions to a wide range of businesses. LuLu operates in the Gulf Cooperation Council (GCC) states, Hong Kong, the Philippines, Malaysia and Singapore. Its operations include more than 250 brick and mortar locations and LuLu Money, a B2C mobile app that consumers use to send and receive money transfers.

Pearl Data developed the mobile app and the software which is used for the LuLu ERP system and they provide the IT infrastructure and security for LuLu’s portfolio of businesses.

The Challenge

Midhun and his team faced two major security challenges:

  1. Pearl Data is an attractive attacker target as they manage millions of dollars through their application
  2. Their business is heavily regulated in the financial sector

Tens of thousands of customers use the LuLu mobile app to send and receive money. “We hold the PII for many customers as we are required to collect their information for compliance. For cross-border remittances, our core banking system is connected to a variety of banks. So, these are major challenges.”

With the InsightIDR implementation we have agents deployed on all the endpoints, so I can see all kinds of alerts in real-time.
Midhun Kumar, Head of Infrastructure and Cloud Operations

A Large and Distributed Environment

Midhun manages three divisions. “The first is infrastructure, which consists of our network servers. The second is our cloud operation. We have a heavy presence with Amazon and Azure clouds. In addition, I head up the security team.”

Pearl Data’s IT staff encompasses 150 developers, engineers and R&D specialists. The security practice has a core team of 25 plus local teams with two-to-three members in each of the 12 countries LuLu operates in. “We also have a SOC in India with a dedicated 10-person staff.” Add it all up and Midhun and his team oversee IT, cloud and security for 250-plus locations in more than a dozen countries.;

The Solutions

To address these key cybersecurity needs, Pearl Data implemented Rapid7 InsightIDR, InsightConnect, and InsightAppSec. Together, they provide the critical visibility, detection, automation, and integration Pearl Data needs for protecting the information and transactions of thousands of users on their payments platform. They also ensure compliance with their demanding central bank regulators.

Midhun had experience with Rapid7 in a previous role and that gave him the confidence to implement Rapid7 solutions at Pearl Data. “I have more than 10 years of experience in cyber security and when I first started in the industry I was using Metasploit. It’s an awesome tool and a key reason why I have confidence in Rapid7.”

“I contacted Rapid7 for a POC. The moment I got the licenses, the Insight platform was provisioned for me. Two or three days later, everything including the production-based deployment was completed. We were shocked at how fast it was implemented.”

Real-Time Alerts Are a Game Changer

“Rapid7’s InsightIDR was very easy to configure, it’s very flexible. And, since InsightIDR is in the cloud, it’s virtually infinite as far as being scalable,” states Midhun. “Of course, I need to balance security as well as the cost. And there the beauty of Rapid7 comes in, because you pay based on the assets. That model is very predictable and understandable and thus was attractive to us.”

For the Pearl Data security team, being able to see alerts in real-time was a game changer. “With the InsightIDR implementation we have agents deployed on all the endpoints, so I can see all kinds of alerts in real-time,” Midhun says. “And the SOC analysts, with a few clicks, can investigate the machine, gather the application cache, gather the DNS data, get the list of all the processes running on the system and see all the cloud activity, such as what is going on in the Azure cloud. Plus, all this information is collected, correlated, and presented together.”

Integrating SOAR with InsightIDR

For Midhun, integrated solutions have been a welcome benefit of the Rapid7 experience. “The moment I realized the power of InsightConnect, the first thing I did was to deploy workflows and integrate them with InsightIDR. Now if a malicious IP is detected, I can block it in all my firewalls with a single click. The SOC analysts receive a message wherever they are, even if they’re traveling.

“InsightConnect will ask, ‘we found this IP is malicious, do you want to block with the firewall?’ Then that IP will get blocked on all of my firewalls based on the analyst’s confirmation. If I see a malicious hash on one of the desktops, I can block that hash using my antivirus also leveraging InsightConnect based automation. I have tight integration with the InsightConnect and our security solutions. Using a single click, I can block this particular hash in 1,500 endpoints.”

“We easily configured InsightConnect because there are tons of plugins available along with documentation resources with step- by-step guides. So, we did it. And we have the confidence that we can do more.”

Meeting Compliance and Advancing Application Security

A critical requirement Pearl Data must meet is the central bank regulation to test applications for vulnerabilities. Their application security program consists of testing on-premise applications as well as cloud-native applications. InsightAppSec helped them meet these requirements as well as advance their AppSec program.

Pearl Data implemented Rapid7 InsightAppSec and it has had a dramatic positive impact on the security team. “We integrated InsightAppSec with Azure DevOps; all the pipelines have InsightAppSec components. Now, I have peace of mind because whenever they commit a code, it follows an automated security process,” explains Midhun. “Our app developers don’t need to come to me, they don’t need to come to our team, they don’t need to send emails. They don’t need to go through any formalities. When they commit code, the scan happens automatically. And, we created the metrics. So, if they see high-rated vulnerabilities they cannot push to production. The code will get blocked and they have to remediate it.”

A 30%Time Savings - and a Happier Team

Midhun reports that a single Rapid7 InsightConnect workflow has saved his team 11 days of work just within the past 30 days. But, even more importantly, Rapid7 is giving Midhun and his team peace of mind. “Another reason to automate is because I want to see more relaxed faces on my SOC and security teams. They have to enjoy their work. They need a work and personal life balance. So, I put the right tool in place and let them relax.”

To anyone considering Rapid7, Midhun says, “I would recommend the capabilities of the Insight solution, the integrations and all the scalability. Plus, Rapid7 is very cost effective, so, whether you’re a small business or an enterprise that spans the globe, you can implement Rapid7 InsightIDR and the rest of the Platform. And of course,” concludes Midhun, “there is the strong partnering relationship that Rapid7 maintains with the customer.”