Last updated at Thu, 08 Aug 2019 17:21:06 GMT
Bow Valley College uses InsightVM dashboards to identify quick wins, measure success, and communicate to senior leadership. James Cairns, database administrator at Bow Valley College, gave us a look into their vulnerability management journey with Rapid7.
It’s my job to assess vulnerabilities, facilitate patching, and work with the rest of my infrastructure team to optimize our resources in order to stay on top of security issues. As the database administrator for Bow Valley College in Calgary, Canada, I work on a small team that manages and secures data storage, servers, and the network stack both on the main campus and on our satellite campuses. A few years ago, it became apparent that we had some holes in our process, especially in terms of how we were assessing vulnerabilities when we brought new servers onto the network.
Since using Rapid7’s cloud-based InsightVM solution, we’ve cut down vulnerability detection and remediation time to under a week, added real-time progress tracking, and have more easily reported metrics to the C-suite. I’d like to share why we chose InsightVM and how we measure its ROI.
Effective prioritization drives the vulnerability management program
When we first started doing vulnerability management on our own, we didn’t really know where to begin. Every time we logged into our existing tools, there were hundreds of alerts staring back at us, but we had no way of determining which ones actually needed to be fixed and which systems were up-to-spec or out-of-date. One of the first things that drew us to InsightVM was how it could help us prioritize what to do right in the dashboard, which we were able to use out-of-the-box.
As we began using it, we found there was a lot of low hanging fruit that could be remediated with very little effort. This made it easy for our small team with limited resources to begin patching right away, ensuring our efforts had the highest possible impact. By pointing InsightVM at our critical infrastructure, like network gear, we could automatically keep an eye on our crown jewels, which was an immediate win for us.
InsightVM automatically bubbled up broad-reaching, high-impact vulnerabilities, which helped us prioritize and get our patching cycle up and running. Especially when the Meltdown and Spectre vulnerabilities came out, almost every one of our assets was vulnerable, and since we couldn't expand our team to address this massive workload, InsightVM made it possible to get it done by filtering down the assets with the most critical vulnerabilities in the dashboard.
After just a few months, we were able to start working on micro-projects where we could churn out critical patches really quickly not only in our systems but also in the products our staff and students use. These early wins helped us articulate how our work was directly addressing the most critical vulnerabilities, which was great for executive buy-in.
Agents simplify visibility across our hybrid environment
We’re currently in the process of moving many of our systems off-premise to the Microsoft Azure cloud, meaning we now need visibility across a hybrid environment. Many times when IT folks think about security in the cloud, they think it needs to be done differently, but that’s not the case. It’s managed in much the same way as on-premise, and with InsightVM, we can collect data from both environments in one dashboard. This allows us to watch over all of our assets in a single view.
InsightVM’s agent is constantly on the lookout for us so that anytime a service or device is added, it’s scanned prior to going live to ensure it’s secure. We also created asset groups and sites within InsightVM, which provides valuable divisions so that we can more quickly spot issues. This was a definite win for us, as it meant InsightVM was able to become a part of our infrastructure lifecycle management process. More recently we’ve adopted the CIS benchmarks so that we can be sure every asset meets industry standards.
Executive reporting made easy
The dashboard within InsightVM has been a major value-add to us. Prior to InsightVM, we exported data into a PDF or CSV and manually sorted through a bunch of data points before finding anything useful. Now, we can quickly filter and export KPIs to show where we stand with scanning our environment, patching vulnerabilities, and securing assets. This has been key for us during meetings as we can quickly find and present a nice-looking report that executives and our infrastructure team alike can easily review and understand.
The report that’s most useful to our team is the critical risk vulnerabilities report. As we implement patches, we can quickly validate a downward trend in vulnerabilities, and whenever we see an increase of activity in the report, we can key in on what’s going on and implement a fix. We also leverage InsightVM’s threat feeds, which show us the most common exploits —and more specifically just the ones relevant to our environment— so that we can prioritize those patches, too. These reports help us determine what projects to work on each month so that we can continually improve our security posture.
Up next: Remediation projects
Next on our list is to start leveraging InsightVM’s Remediation Projects by integrating with ServiceNow. This integration will allow us to configure InsightVM’s ticketing capabilities with ServiceNow, adding security context to tickets automatically, as well as streamlining ticket assignments via rules.
Faster patching has exponential ROI for us
Vulnerability management is now baked into our IT processes. Whenever a vulnerability comes out, we can find and fix them in less than week, which is a massive improvement for us. Every day we rely on the dashboard to give us a quick view into our KPIs, threat feed, and prioritized critical assets, keeping us on track and efficient with our time. We look forward to integrating InsightVM with more of our services and processes, but it has already proved its value to us and made our small team powerful and efficient.