“Use Less Tools More”: KinderCare Avoids Tool Sprawl, Maximizes ROI, Drives Efficiency with Rapid7

Do More with Less

One of Andersons guiding philosophies is “use less tools more”.  Anderson believes that if you pick strong tools and use them to their maximum capability you will get more value out of your investments and need less tools; this also helps to avoid tool sprawl.  After doing a review of several different platforms and tools, Anderson and team choose the Rapid7 Insight Platform to move forward with.  They believed that the Rapid7 platform best aligned with Anderson’s philosophy and that it would also provide a fast time to value for KinderCare.

“Rapid7 has such tight ecosystem. You’re not needing dozens of tools, each of which you’re only using maybe 20% of,” he explained. “If you get really good tools and you use 99% of them, you shouldn’t need as many! There’s so much out-of-the-box content pre-built into Rapid7.”

The immediate value derived from easily collecting data from other systems and quickly turning that from insights into behaviors that are taking place in the environment made it easy for Anderson to convince the company to make the change.  Within six months his team was able to phase out several of the old tools.

Fast-Forward to a Full Plate

Today, KinderCare utilizes Rapid7’s Managed Detection and Response (MDR) service, as well as InsightVM, InsightConnect, and InsightAppSec. They didn’t intend to necessarily go “all in” with the Rapid7 ecosystem; however, Anderson concedes that the benefits of utilizing the ecosystem just made sense.

• MDR: “We added MDR because we wanted 24/7 coverage,” shared Anderson. “I had to replace the former solution we had in place, which wasn’t achieving 100% of our needs. We felt that with Rapid7 MDR Service, utilizing their own InsightIDR, we’d get a much higher value, and we were right.”

So right actually that even though KinderCare only planned to use MDR for a year, they opted to renew their contract – with enthusiasm. “We were hoping that after a year, we would have the ability to provide better 24/7 coverage ourselves. But we decided to keep MDR because we’ve just been so happy with it,” he divulged. “The folks on the MDR team have been so phenomenal to work with. They have been very helpful. So, we decided we want to maintain the 24/7 coverage.”

• InsightIDR: Anderson may be a fan of MDR, but InsightIDR—the underlying SIEM solution that powers our MDR service—is where his heart is. MDR customers don’t have to get their hands dirty in InsightIDR if they don’t want to, but Anderson appreciates the “hand on” approach.
  
  “InsightIDR is my bread and butter,” he chuckled, likening it to a one-stop shop. “It’s our single pane of glass. It’s connected to every data source you could think of—different domain controllers, our AWS and Azure presence, our endpoint protection system, our email security platform, everything. We want to consolidate and concentrate everything as much as possible.”

Anderson then shared how he has created a series of dashboards within InsightIDR that provides an “at a glance” of all his different tools and services – a sort of health check that he runs every morning.

“I love that Rapid7 is always curating new detections and updating their platforms. It saves me having to do that work. They have so many alerts for InsightIDR that we use. I can create my own, but Rapid7 already does such a great job of that,” he shared. He then estimates that for 99% or more of alerts, he trusts Rapid7 to not only create but refine.

• InsightVM: KinderCare uses InsightVM to power their vulnerability management program. They conduct regular scans and use reporting from InsightVM to assist in prioritization of patching. “Anytime we see critical vulnerabilities that are maybe not patching-related but more configuration-related, we work with the appropriate teams,” he explained “We are creating a whole program around that which didn’t exist when I started.” 

Anderson loves that they have a full picture of their vulnerabilities, and that you can report on them in a way that’s useful. “InsightVM creates remediation reports that are focused on the remediation tasks versus log lists of vulnerabilities.  We can easily hand these reports off to other teams without overwhelming them.  Before we just had CSV or Excel lists of vulnerabilities without any details on remediation which would quickly overwhelm other teams and ultimately result in nothing being done.”

• InsightConnect: As part of their package with InsightIDR and InsightVM; KinderCare also received InsightConnect, the Rapid7 Security Orchestration Automation and Response (SOAR) package.  Anderson and his team have started to leverage InsightConnect to integrate their Rapid7 platform with other tools that they use such as Slack and ServiceNow to create automated workflows saving time on tasks that used to be manual.

Favorite Features

When pressed for one of his favorite features, Anderson didn’t hesitate calling attention to an InsightIDR feature – Log Search. “Log queries in InsightIDR are phenomenal, especially thanks to the latest features that have been added. It makes looking into things and the speed at which those queries execute so easy,” he beamed. “When I had to do that in our old platform, I would literally set it to run a query and then go get a cup of coffee. Sometimes it would take me hours to investigate simple things. InsightIDR is lightning fast. It really minimizes the amount of time I spend doing this, because I can access and work with the data so quickly.”

Another thing Anderson leverages often is Investigations, something he handles a handful of every single day. “I love the way it has the investigations all self-contained. You can add additional data to them, you can put notes in them. It makes it very easy for us to have a single place where we can manage that,” he shared. “We don’t have to send everything out to an external ticketing system and manage it all through that. It’s all self-contained within the product, which is great.” 

Words of Wisdom

To close our conversation, Anderson provided some advice for people who are looking for a threat analytics platform or looking for a SIEM that they can get more value out of; “I’ve worked with a lot of different products that operate in the SIEM or security information event management space. And what Rapid7 does is unique. InsightIDR is already built to do exactly what you need it to do,” he opined. “All the detection logic is built in and curated and it just makes everything easy. I highly recommend you try it out.”