Defence Bank commenced operations in March 1975 as Defence Force Credit Union Limited (Defcredit) before becoming Defence Bank in 2012.
Unlike many other financial institutions, Defence Bank doesn’t exist to make profits for shareholders. Rather than being driven to make profits for shareholders, they re-invest their profits back into the bank to make sure they give members the service and competitive products they deserve.
Defence Bank is one of Australia’s larger member-owned banks, offering financial products and services to not only the Australian Defence Force, but the broader community as well.
“The threat landscape, both in general and specifically within the finance sector, exhibits a consistent year-on-year escalation.” states Nick Bellette, Head of Information Security & Cyber Risk for Defence Bank. “Given the heightened risk faced by both banking customers and financial institutions themselves, accompanied by the growing threat environment and regulatory compliance requirements, Defence Bank recognised the imperative for a comprehensive solution.”
They required a unified security solution platform that was easy for their cyber security team to deploy and use, that integrated with third-party systems, and provide visibility into their vulnerability risks and threats.
Defence Bank began with Rapid7 InsightIDR for a cloud-native SIEM and XDR (extended detection and response) solution and Rapid7 InsightVM for vulnerability management. “Rapid7 satisfied our organisation's needs for incident response, vulnerability management, and reporting, excelling in each of these crucial areas.” shared Bellette.
Bellette couldn’t overstate the efficiency of deployment. “The setup process demanded minimal effort over a brief span of one to two weeks, presenting no significant challenges. Among the SIEM solutions evaluated, Rapid7 emerged as the most user-friendly and straightforward option. Its deployment and usage intuitively aligned with our operational requirements, streamlining the adoption process and facilitating seamless integration into our existing infrastructure”
According to Bellette, one of the things that stood out most about the Rapid7 platform was the agent-based deployment. “The adoption of a unified agent for InsightVM and InsightIDR has proven highly advantageous. This singular agent provides exceptional endpoint visibility while maintaining a lightweight and user-friendly administration. It effectively enhances our visibility capabilities without imposing excessive resource requirements or administrative complexity.”
“The moment the agent is deployed, a comprehensive visibility into our environment becomes immediately available. We gained actionable insights on vulnerability locations accompanied by risk scoring, enabling us to concentrate our efforts on targeted remediation. This built-in prioritisation functionality within the system allows us to efficiently address vulnerabilities, ensuring optimal allocation of resources.”
Before InsightVM, they relied on vulnerability reports from a third party, and manual checks. “Following the implementation of InsightVM, we achieved a notable reduction in vulnerability risk within a short timeframe. The adoption of regular reporting and the implementation of asset tagging within InsightVM have proven invaluable. This capability has greatly assisted us in prioritising our remediation efforts, considering the challenge of addressing all vulnerabilities promptly. By leveraging the risk scoring functionality within InsightVM, we can now effectively prioritise the mitigation of high-priority vulnerabilities, thereby optimizing our remediation strategy.”
The InsightIDR User Behavior Analytics (UBA) functionality also is benefitting Bellette’s team by providing more insight and, as a result, identified risky behaviors and misconfigurations for remediation.
Having a single platform for vulnerability management and detection and response was critical for Defence Bank. Bellette notes that with all the required tools, they could have ended up with many different platforms. “The consolidation of tools not only facilitates a more streamlined operational environment but also accelerates the learning curve and proficiency of our analysts. By minimising the number of tools and leveraging a single platform, we optimise efficiency and enable our analysts to attain a high level of expertise. This unified approach proves highly beneficial for our team's proficiency and effectiveness.”
And what about the requirement to integrate with an array of third-party systems? “From the outset, we seamlessly integrated with our cloud services and various other systems, ensuring swift and efficient interoperability.” he shared. “The ease of integration was important”.
Another key benefit Bellette found is centralized reporting. “The convenience of accessing all required data from a single platform, rather than logging into multiple portals, has significantly enhanced our operational efficiency. This centralised approach, coupled with Rapid7's ability to ingest logs from our diverse range of solutions, empowers us with a comprehensive overview of our systems. As a result, we can effectively streamline our reporting processes and efficiently manage any incidents that may arise.”
As their security requirements increased, they realized a need for continuous coverage that their current team couldn’t support on their own. It was time for a managed service.
“Over time, the significance of 24/7 coverage across an expanding range of technologies grew exponentially, underlining its increasing importance within our security landscape.” he shared. “Incoming alerts out of hours posed a challenge, necessitating intervention during non-business hours. This realisation underscored the indispensability of a continuous response capability, as alerts can potentially occur at any moment.”
They evaluated a few managed security services providers, but found the ease of deployment and the platform itself to be what they were looking for. Transition to 24/7 was simple as InsightIDR and InsightVM was deployed within the environment. Bellette says “The uniqueness about Rapid7 was that it offered more than the other managed services we looked and their was a remarkable ease of setup.”
The team at Defence Bank has a lot more peace of mind in the data, triage, and investigation process now that they are partnering with Rapid7 MDR. “Through the implementation of MDR, our event monitoring process has evolved with efficient event triaging. This enables us to forgo checking every single event and instead focus on prioritised incidents. We have the assurance that in the event of a significant occurrence within our environment, we will receive prompt notifications, allowing us to respond effectively.” he described. “We are confident in the knowledge that if any critical incidents arise, necessitating immediate incident response, Rapid7 stands as our dependable partner, providing us with a sense of assurance and peace of mind.”
Further, the partnership and guidance from the Rapid7 team has been instrumental for them in the case of a security incident. “The MDR aspect of Rapid7, accompanied by unlimited remote Incident Response and the presence of a dedicated customer advisor, has significantly enhanced our organizational capability. In the event of an incident, we can confidently rely on Rapid7 as a trusted partner, enabling prompt access to their expertise and support. Additionally, Rapid7's ability to ingest logs from our various cloud solutions and endpoints grants us a comprehensive overview, greatly facilitating any incident investigation we may encounter.”
Now that Defence Bank is in partnership with Rapid7, the difference is night and day. “I have conveyed to our team that Rapid7 has seamlessly integrated with our information security team, serving as an invaluable extension. With their expertise at our disposal, we now possess a dependable resource of skilled professionals to rely on whenever an incident arises.” explains Bellette. And with the MDR partnership, “Our team can prioritise a proactive approach by consistently enhancing controls, conducting comprehensive threat analysis, and continually improving our security measures, allowing us to shift our focus from daily alert response to strategic strengthening of our security posture."