DAMAC Properties Sees Immediate Value and Gains 24/7 SOC Coverage With Rapid7’s MDR Service

Challenge

As DAMAC built out the new security function, the 4-person security team faced a number of challenges; the biggest being visibility into DAMAC’s environment encompassing numerous mobile applications, both customer-facing and internal, and a range of users including sales, CRMs and business users. Moving to the cloud and adopting new systems and APIs added additional levels of complexity.

Solution

DAMAC chose Rapid7’s Managed Detection and Response service. “We were starting something new with a small team and a modest budget,” explains Jeevan Badigari, chief information security officer. “We did not want the tool or just the service alone. We wanted to get the best of both. That’s where Rapid7 excelled.” The Rapid7 MDR service enables DAMAC’s security team to focus on governance, assurance, and technology functions, including DLP, endpoint security, and email security.

First Step: Comprehensive Risk Assessment

DAMAC began by performing a complete risk assessment to identify the security gaps. It was critical to establish the right alignment between security and business objectives, answering questions such as: How does security impact our business objectives? What systems are important to our business that they need to be up and running 24/7? And, how do we make sure these systems are secure?

A key part of DAMAC’s new robust security program was ensuring alignment with the IT team. “As we introduced more and more security changes, new deployments, implementations and initiatives, we prioritized working with the IT team to enable them to execute their initiatives securely,” notes Jeevan Badigari, chief information security officer. “We wanted to facilitate a partnership with them so the entire organization could address security in a holistic way.”

Only One Vendor Offered Proven Products and Managed Service

DAMAC applied the NIST framework to see where the company stood against the five pillars - identify, protect, detect, respond, and recover. It highlighted that detection and response was DAMAC’s most critical need. They wanted more than just a SIEM as a service and drafted requirements for an MDR provider. “Our main requirement was that it needed to be a platform with all the most critical capabilities for our organization, including threat intelligence, threat hunting, and network traffic analytics,” explains Badigari.

Badigari had experience implementing a SIEM in the past, so he looked for a cloud-delivered approach to meet DAMAC’s needs. “We wanted to focus on finding the needle in the haystack, and not devote resources to managing the entire SIEM platform or focus on fine-tuning the process.” 

Immediate Time To Value

The Rapid7 MDR SOC relies on the Insight Agent, a lightweight yet powerful software installed on assets to collect endpoint data across the environment. It provides the SOC with real-time, critical visibility that allows them to detect attacker behavior and take action to contain a found threat. 

One of the key points DAMAC looked at as they evaluated the success of MDR was the time required for implementation. As soon as they installed the Insight Agent, the security team had full visibility across their environment. “We were up and running in less than a month with Rapid7,” notes Badigari. “Our account was fully set up and we had the data coming through. The integration was easy, so the quick time to realize value was great.” 

Actionable Insights with More Context

With MDR, DAMAC receives fewer false-positive alerts and everything is clearly visible in the portal. “We’re seeing actionable insights with more context which allows the team to be more effective,” continues Badigari. “The Rapid7 team is great in terms of providing the feedback we need.” 

MDR includes thousands of pre-built detections to identify intruder activity, cutting down on false positives and enabling analysts to alert customers to true threats. All potential malicious detections are manually validated by Rapid7’s SOC analyst team prior to reporting any alert to customers. “Because MDR is a managed service, I don’t have to worry about detection rules. I can be confident that there is a team that’s constantly adding detection rules based on the ever-evolving threat landscape.”

As attackers evolve and new threats are discovered, Rapid7 develops signatures and detections for existing and emerging threats. These detections ensure coverage for various IOCs that malicious actors use in the wild, informed by over 1.2 trillion weekly security events observed across Rapid7’s detection and response platform. 

Integrations and Reporting

DAMAC also counts easy cloud integrations and visibility as key benefits of MDR. “Since Rapid7 MDR is cloud native, it was very easy to connect other systems like Office 365, Azure AB, and Salesforce. And the visibility of the environment gives us key stats in the dashboard. If my chairman wants to know what our threat landscape looks like, how we’re doing, we open up the console and show him the key stats. These are real success criteria for us.”

Advanced Threat Intelligence

Another effective tool in DAMAC’s arsenal is Rapid7’s Threat Command, an advanced external threat intelligence tool that finds and mitigates threats targeting an organization, its employees, and customers. “Because of the nature of our business, we work with direct and indirect sales agents. Rapid7 Threat Command has helped us take down a lot of phishing websites and impersonating mobile applications. These actions have resulted in substantial risk reduction.”

In addition to lost revenue, the impersonating websites and mobile applications were negatively impacting DAMAC’s Google SEO rankings and traffic, and therefore its brand reputation. “Rapid7 enables us to identify and remove those instances, helping to boost customer confidence.”

The Strength of Single Vendor

In conclusion, Badigari offers a word of advice to his peers in the field: look for an integrated package of services from one vendor because there are real benefits in vendor consolidation. “One vendor, one technology, or one platform is easier to manage, and it’s effective. Rapid7 has a lot of products in their portfolio. And with Rapid7, the focus isn’t on EPS, it is on the devices. Tomorrow I could scale up or scale down the data, and it would not impact our service.”