Rapid7 Is a “Key Security Partner” for Workforce Analytics Company Visier

Challenge

For Christopher Calvert, director of information security at Visier, protecting customer data is incredibly important. “We're entrusted with sensitive data and we take its protection extremely seriously,” he shares. “So ensuring that we know about our exposure in terms of vulnerabilities, we know about the activity and environment, we know about potential threats and threat actors that may be interested in that customer data, it's of paramount importance to the environment, to our business, and to our customers.”

Solution

The Rapid7 portfolio enables Calvert to understand the scope of their exposure in terms of vulnerabilities, as well as potential threats and threat actors. InsightIDR gives a fantastic event correlation and detection and alerting engine, as well as providing a key view into investigation of any potential incidents. AppSpider offers great depth in terms of assessing applications. The whole Rapid7 product has become key to information security strategy at Visier.

My name is Christopher Calvert and I'm the director of information security at Visier. Visier is an analytics company, we develop a SaaS product based on an analytics platform and we have applications built on top of it that are primarily in the business intelligence space, solving workforce planning and analysis needs, as well as a recently announced talent acquisition product.

We're entrusted with sensitive data and we take its protection extremely seriously. So ensuring that we know about our exposure in terms of vulnerabilities, we know about the activity and environment, we know about potential threats and threat actors that may be interested in that customer data, it's of paramount importance to the environment, to our business, and to our customers.

InsightVM is a scan engine that we use for our vulnerability management program. It's scanning hosts, I've got it doing a little bit of scanning against applications. But primarily it's used in both office and data center environments for us to scan all of the hosts, getting deep insight into the vulnerabilities that may be exposed, as well as helping to inform remediation plans with partners in IT, in our DevOps group, or in other teams that own those assets or perhaps own code that is running on those assets. So it's a critical tool for me, and a critical security control.

The top remediation report within InsightVM is probably my favorite report. It's the one that my partners elsewhere in the company seem to value the most and is most informative for them to be able to trigger remediation planning.

There's a few other reports that we look at and distribution is tailored to who will be interested in that style of report. Generate recurring score cards on a monthly basis, various quarterly reports … and I'm learning more and more about what's capable in the depth of the reporting, but building a fairly robust communication strategy for vulnerability management based on what's within InsightVM itself. I’m also starting to get more value out of the Insight service that is tied to it, and striking the right balance between the extra visibility it gives me as well as potential integration into other tools.

We’ve started exploring InsightVM Now* and the enriched analytics view that it offers. We are an analytics company, and we definitely see value in rich analytics platforms. I do have some working partners, particularly in our DevOps group, that are quite keen on the insights that InsightVM Now can deliver.

*Our InsightVM Now product has evolved into InsightVM, which utilizes the power of the Rapid7 Insight platform, our cloud-based security and data analytics solution.

InsightIDR

I was first exposed to InsightIDR as one of the tools that were already in the environment and picking it up, integrating it into my strategy for information security at Visier. One of things that I really like about InsightIDR is that the capabilities to blend a purely responsive incident management approach and a proactive hunting approach are there within the tool. I can use threat indicators that I have already identified as reliable and inject those through the API, correlate with my internal event data, and allow me to not just respond, but have it actively look for signs of intrusion based on that threat data, and it really blurs the lines between a purely responsive or a purely proactive approach.

Well, today we collect logs and event data from a variety of sources including other Cloud services that we rely on. I have threat intelligence feeds that I pull high confidence indicators from. I use the InsightIDR API to inject those in as threat definitions, and that allows me to correlate our event data with known high-confidence threat activity that's out in the Internet and really get a broad perspective in what the threats are and possible threat actors that are targeting our environment. It gives me an ability to detect problems and respond quickly.

Integrating InsightIDR and InsightVM

We have InsightIDR and InsightVM integrated, and that allows me to correlate vulnerability data with the various sources of event data that we're looking at. So that when I have something that I need to investigate, or if I'm hunting for signs of a threat, right there within the same view I can pull up the vulnerability information on the host.

Big strategy for us in making sure that we're making effective use of any time is having a limited number of panes of glass, and the ability to integrate tools is of extreme importance to me. I want to be able to use resources and time, especially, efficiently, deliver the most value, and spend the least amount of time for myself or others in hunting for the information they need to make a decision. 

AppSpider

We're using AppSpider and managed AppSpider service primarily on a weekly basis, however we do have ad hoc scans run when we need to validate any findings. Managed AppSpider is a very important part of the strategy for vulnerability management. It’s something that we rely on to give us a view into potential vulnerabilities exposed in our application. We use it to assess instances in the application before they go live, before they get offered to a customer view or customer access. So it's a way for us to detect those vulnerabilities, detect potential bugs or other flaws, before they put any data at risk.

Rapid7 as a partner

Rapid7 has really become a key security partner for me. Deliver a number of critical security controls, vulnerability management, there's a tie in with penetration testing through some of the managed services as well. Rapid7 tools such as Metasploit will also play a key role in establishing my own in-house penetration testing and red teaming programs.

InsightIDR gives me a fantastic event correlation and detection and alerting engine, as well as providing a key view into investigation of any potential incidents. Tools such as AppSpider give me great depth in terms of assessing applications, and we are primarily an applications developer, so that's a critical tool to me.

Really the whole product has become key to my strategy for information security at Visier.