Taking Cybersecurity to the Next Level at WideOrbit
Industries
Company Size
Products
Customer Website
About WideOrbit
In 1999, WideOrbit was founded with a vision: Make it easier to buy and sell advertising. Since then, that vision has expanded: Become the leading digital and linear media management advertising platform in the world. To that end, WideOrbit puts their clients first and believes that their own growth is limited only by their customers’ satisfaction.
The Challenge
James Killgore is WideOrbit’s IT Security Manager. He oversees a team of three cyber professionals. After concluding that WideOrbit was outgrowing a former cybersecurity solution due to an inability to find data or triage vulnerabilities efficiently, he sought a more robust platform that would streamline and modernize their operations. Their former solution was not enterprise-ready.
The Solution
It wasn’t long after a proof-of-concept that Kilgore realized Rapid7 could take their security posture to the next level. According to Kilgore, one thing was very clear early on. Rapid7’s InsightIDR and InsightVM were easy to use.
“A lot of what we do is try to figure out when an attack is coming based on log data, and we get millions and millions and millions of logs every day, sometimes every hour. And it can be really challenging to sift through those,” explained Kilgore. “That was really challenging with our old tool, the log search was just so unintuitive and it was just so hard to find anything that you were looking for. And heaven forbid, you’re trying to find something specific in a time of crisis.”
According to Kilgore, however, InsightIDR’s log search is not only easier to use, it’s faster. “It’s just so much easier to find what I’m looking for at any given time. And you don’t have to be a LEQL master to find anything,” he chucked. “That really stood out to us early on.”
Rapid7’s vulnerability management capabilities were just as impressive to Kilgorel. “It was exceedingly difficult to identify which of these thousands of vulnerabilities were the ones that we needed to focus on the most, especially vulnerabilities that have public exploits,” he shared.
Rapid7, however, made it really easy to not just address their most pressing vulnerabilities, but identify, analyze and prioritize why and how certain vulnerabilities could impact their business. They could simply ask Rapid7 which vulnerabilities had public exploits or malware kits, for example. In fact, WideOrbit has reduced the number of vulnerabilities with public exploits in their entire environment by 50%.
A Crowd-Sourced Approach to Security
Kilgore shared that he wants end users and power users in his organization to be involved in the vulnerability posture of any technology that they utilize as well as the logs that are generated by those systems. Rapid7 has enabled his team to set up a level of automation that they’ve just never had before – to the point where they can easily turn vulnerability data into human-friendly language (especially for non-technical team members).
“That’s allowed us to help get the employee base involved in our security posture and give them a sense of ownership. It’s a crowd-sourced approach,” said Kilgore. “We’ve really been able to see more value thanks to Rapid7.”
New Platform, New Insights
Rapid7 has also empowered WideOrbit’s technology teams and developers by providing new insights into the way their products work – for example, when and why their users might experience a certain error when using an application. They now have the ability to gather that data using InsightIDR’scustom parser and “super-duper” log search.
Furthermore, WideOrbit had long struggled to make exceptions for alerts – for example, investigation alerts. “That just never even existed for us before InsightIDR,” explained Jalal. “InsightIDR has allowed us to finely tune down the amount of noise that we see. The fewer alerts we have, the more we can focus on the alerts that we do get. We’re not just bombarded with a bunch of noise…we can really see the problems.”
Ready to Go with Remediation Projects
Rapid7’s remediation projects allow teams to coordinate on remediation initiatives by providing visibility into the responsibilities of security and IT teams. They can then easily track and measure progress. Kilgore says that these remediation projects have produced actionable reports and streamlined operations.
“We used to use these humongous spreadsheets and we would get on these long calls to show the DevOps team the vulnerabilities,” he recalled. “And it was just this crazy Excel document…it was so complicated to try to filter columns and show certain things. And then the data inside of each cell was way too big, so you’d end up having to shrink cells and columns as much as you can to see other columns. It was just a mess.”
Furthermore, the spreadsheet system prevented WideOrbit from dynamically tracking progress as well. “It became a little contentious…sometimes, you couldn’t tell immediately in a spreadsheet whether a vulnerability was closed. People would say, Well, we just addressed that last month. Why is this still showing up on the report? We had to go back and validate, double-check, really, that it was done. It’d be a very frustrating process. Rapid7 has helped broker a more friendly relationship between teams. We’re a more well-oiled machine.”
Kilgore’s Advice: Just Dive In
When asked what piece of advice he would give to another cyber professional early in their Rapid7 journey, Kilgore didn’t hesitate to offer his two cents.
“Make sure you have someone, or some people, who can dive in totally and read all the documentation and understand how Rapid7’s products work,” he advised. “Make sure they can do all the log query searching, how investigations are created, and how to do exceptions. Just dive in. Go all the way.”
Gain a complete, end-to-end SOC without the overhead
