KinderCare is the nation’s leading Early Childhood education company. Since opening in 1969, Kindercare has built a network of community-based center, employer sponsored programs and before- and after-school sites to meet parent’s where they are. Kindercare has over 2,000 locations across 40 states and the District of Columbia and utilizes a proprietary curriculum with the goal of generating superior outcomes for children of all abilities and backgrounds. Kindercare builds a foundation of a lifetime love of learning in children, by building confidence in children, unshakable self-worth, and conviction that our children can carry with them as they take their first steps and every step toward taking on the world. Byron Anderson is the Senior Information Security Engineer at KinderCare. His job is to protect the data of the Kindercare families, Children, and employees that Kindercare supports.
Anderson came into his role two years ago. Upon joining KinderCare, he inherited a handful of disparate platforms used to manage the organization’s security posture. He discovered that coverage was not complete, integration of platforms was lacking, and comprehensive security visibility across all of Kindercare’s infrastructure was missing. After in-depth review it became clear that re-architecting and changing the security platforms was going to be necessary to create an easily managed and supportable security infrastructure that would provide the necessary level of visibility.
One of Andersons guiding philosophies is “use less tools more”. Anderson believes that if you pick strong tools and use them to their maximum capability you will get more value out of your investments and need less tools; this also helps to avoid tool sprawl. After doing a review of several different platforms and tools, Anderson and team choose the Rapid7 Insight Platform to move forward with. They believed that the Rapid7 platform best aligned with Anderson’s philosophy and that it would also provide a fast time to value for KinderCare.
“Rapid7 has such tight ecosystem. You’re not needing dozens of tools, each of which you’re only using maybe 20% of,” he explained. “If you get really good tools and you use 99% of them, you shouldn’t need as many! There’s so much out-of-the-box content pre-built into Rapid7.”
The immediate value derived from easily collecting data from other systems and quickly turning that from insights into behaviors that are taking place in the environment made it easy for Anderson to convince the company to make the change. Within six months his team was able to phase out several of the old tools.
Today, KinderCare utilizes Rapid7’s Managed Detection and Response (MDR) service, as well as InsightVM, InsightConnect, and InsightAppSec. They didn’t intend to necessarily go “all in” with the Rapid7 ecosystem; however, Anderson concedes that the benefits of utilizing the ecosystem just made sense.
So right actually that even though KinderCare only planned to use MDR for a year, they opted to renew their contract – with enthusiasm. “We were hoping that after a year, we would have the ability to provide better 24/7 coverage ourselves. But we decided to keep MDR because we’ve just been so happy with it,” he divulged. “The folks on the MDR team have been so phenomenal to work with. They have been very helpful. So, we decided we want to maintain the 24/7 coverage.”
Anderson then shared how he has created a series of dashboards within InsightIDR that provides an “at a glance” of all his different tools and services – a sort of health check that he runs every morning.
“I love that Rapid7 is always curating new detections and updating their platforms. It saves me having to do that work. They have so many alerts for InsightIDR that we use. I can create my own, but Rapid7 already does such a great job of that,” he shared. He then estimates that for 99% or more of alerts, he trusts Rapid7 to not only create but refine.
Anderson loves that they have a full picture of their vulnerabilities, and that you can report on them in a way that’s useful. “InsightVM creates remediation reports that are focused on the remediation tasks versus log lists of vulnerabilities. We can easily hand these reports off to other teams without overwhelming them. Before we just had CSV or Excel lists of vulnerabilities without any details on remediation which would quickly overwhelm other teams and ultimately result in nothing being done.”
When pressed for one of his favorite features, Anderson didn’t hesitate calling attention to an InsightIDR feature – Log Search. “Log queries in InsightIDR are phenomenal, especially thanks to the latest features that have been added. It makes looking into things and the speed at which those queries execute so easy,” he beamed. “When I had to do that in our old platform, I would literally set it to run a query and then go get a cup of coffee. Sometimes it would take me hours to investigate simple things. InsightIDR is lightning fast. It really minimizes the amount of time I spend doing this, because I can access and work with the data so quickly.”
Another thing Anderson leverages often is Investigations, something he handles a handful of every single day. “I love the way it has the investigations all self-contained. You can add additional data to them, you can put notes in them. It makes it very easy for us to have a single place where we can manage that,” he shared. “We don’t have to send everything out to an external ticketing system and manage it all through that. It’s all self-contained within the product, which is great.”
To close our conversation, Anderson provided some advice for people who are looking for a threat analytics platform or looking for a SIEM that they can get more value out of; “I’ve worked with a lot of different products that operate in the SIEM or security information event management space. And what Rapid7 does is unique. InsightIDR is already built to do exactly what you need it to do,” he opined. “All the detection logic is built in and curated and it just makes everything easy. I highly recommend you try it out.”