Rapid7 Shines a Light on the Murky Threat Landscape for Dutch Insurer Alpina Group

Challenge

Security Officer Joost Dubbelman wanted to improve the maturity of the in-house security program as the company embarked on a recent steep growth curve.. He was looking for vulnerability management and incident detection offerings to enhance insight and to help reduce risk.

Solution

After running a detailed proof-of-concept program with several providers, Dubbelman settled on Rapid7’s InsightVM vulnerability management offering, before supplementing it with our InsightIDR threat detection and response tool. In terms of vulnerability management, InsightVM not only provided a more expansive set of scan results than rival options, but it was also a better fit for the flat organizational structure at Alpina Group.

“InsightVM gives us more insight into the assets we have and which vulnerabilities we have at this specific moment,” he explains. “It works in combination with the InsightIDR solution, and that's really one of the great things. We can see what's happening in our network and who's doing what, which is really positive.”

Dubbelman has found the visual reporting and Live Dashboards features in InsightVM particularly useful in providing a clear picture of risk, to review and accept or get teams to remediate.

In the line of fire

The insurance sector is a popular target for attackers. These organizations represent a treasure trove of their customers’ highly sensitive personal and financial information, making them a target in their own right for fraudsters.

Yet many in the industry do not have the visibility they need into the threat landscape or their own IT infrastructure in order to proactively manage risk. According to Deloitte, half (49%) have discovered “significant” cybersecurity incidents in their organization, while 71% believe they would not be able to detect a sophisticated attack. Separate research from Accenture reveals that over two-thirds of insurers (67%) require more than 30 days to remediate a breach.

As a key cog in the insurance supply chain, Alpina Group understood the need to improve this visibility, bringing security officer Joost Dubbelman on board. His job is to manage a new security roadmap designed to mitigate risk as the firm leverages cutting-edge technology to drive innovation-led success.

As part of these efforts, Dubbelman wanted to improve the maturity of the in-house security program as the company embarked on a recent steep growth curve. Alpina Group & Alpina Group expanded its workforce over the past two years from 350 to 550 employees, and the number of IT assets to manage and secure is also rising quickly. He was looking for vulnerability management and incident detection offerings to enhance insight and to help reduce risk.

A key requirement was for highly effective, easy-to-deploy solutions that could be managed by a small team. Alpina Group incumbent SIEM platform did nothing but create a blind spot for the company after a year-long implementation, because it was too difficult for the two-man security teams to operate.

Why Rapid7?

After running a detailed proof-of-concept program with several providers, Dubbelman settled on Rapid7’s InsightVM vulnerability management offering, before supplementing it with our InsightIDR threat detection and response tool. In terms of vulnerability management, InsightVM not only provided a more expansive set of scan results than rival options, but it was also a better fit for the flat organizational structure at Alpina Group.

“InsightVM gives us more insight into the assets we have and which vulnerabilities we have at this specific moment,” he explains. “It works in combination with the InsightIDR solution, and that's really one of the great things. We can see what's happening in our network and who's doing what, which is really positive.”

Dubbelman has found the visual reporting and Live Dashboards features in InsightVM particularly useful in providing a clear picture of risk, to review and accept or get teams to remediate.

“There are a few graphs that are very useful, especially for my manager and risk manager,” he says. “We have the Top 25 vulnerabilities report, we have the vulnerabilities exceptions, and we have the trend analysis report and they all go to different stakeholders. It's actually evidence for me to say to my manager: ‘This is the problem that we're facing, this is the risk that we are facing, and we really need to do something about it.’”

When it came to choosing a threat detection solution, the decision was made even easier because Rapid7 and its Insight Agent was already on board. It took just a day and a half to get up-and-running with cloud-hosted InsightIDR versus the year it took to plug in a previous SIEM solution.

“It’s the fact that we already had InsightVM and that we could use the same agent for InsightIDR. And of course, we looked into all possibilities, but they always were more expensive or required more attention to get implemented,” says Dubbelman.

Improving visibility, reducing risk

Together, the tools have helped Alpina Group gain a clear view of the threat landscape and where the organization is most exposed, helping Dubbelman to proactively mitigate risk.

InsightIDR in particular has helped the firm maximize its limited in-house IT security resources whilst spotting potential risky behavior.

“Compared to the [previous] SIEM solution, I think we're saving a lot of time. A traditional SIEM platform would take five or six guys to get the job done,” says Dubbelman. “We also have a lot of software developers and there were a lot of crazy things on our networks: accounts being used that weren't supposed to be used and accounts that were set to 'never expire' or had too many rights. It gave me a really good insight into what's moving from one side to the other in this company.”

Dubbelman also praises the log search functionality in helping generate clear situational awareness to work out what’s going on and whether further action needs to be taken.

As for the future, Dubbelman is primarily focused on reducing the large volume of vulnerabilities currently flagged for attention, and migrating off of legacy Windows Servers. He’s keen to get all of Alpina Group & Alpina Group’s IT assets using the Insight Agent for maximum visibility. Also on the to-do list is the setup of Remediation Projects in InsightVM, which will help the team prioritize vulnerabilities going forward. There’s no shortage of extra features for the Dutch insurer can use in the future to further unlock value as its security program matures.