Bill Heinzen, information security project manager at National Information Solutions Cooperative (NISC), knows first-hand that today’s security teams have a lot on their plates. NISC develops and supports software solutions for electric and telecommunications cooperatives throughout the U.S., so he also understands that security needs to be an ongoing initiative to ensure things run smoothly. He looked to extend his team’s capabilities with Rapid7’s Managed Detection and Response (previously Analytic Response) service.
My name is Bill Heinzen. I am the Information Security Project Manager at National Information Solutions Cooperative. We call that NISC for short. Continuous Analytic Response fits into our security strategy by addressing potentially one of the number one problems in information security today: understaffing.Show more Show less
If you are gathering a lot of data, if you are gathering a lot of logs, if you're gathering a lot of evidence. No matter how powerful the tool is, no matter how powerful the gathering is, it's no good if you don't have people looking through it. Specifically, for us as an organization, we know that we needed the experience and expertise of the Analytic Response team to have someone that we trusted going through that data, sifting through it and letting us know what action we needed to take.
Our communication with the Rapid7 team has been excellent. At the beginning of our project, we were introduced to a small project team, which is good. It gives us a concise, short list of people we can call if we need to. We have email addresses. We have office phones. We have cell phones, and if any of those means of contact fail we know how to escalate it to the next person. It's very quick, it's very easy, and it's very direct.
We meet with the Rapid7 Analytic Response team once a month. In each monthly report, we sit down and we look at the activity that's been reviewed over the month. We go over the hunts that the Analytic Response team has performed. We talk about lessons learned, and we try to find out how we're to get a better next month.
Security is not just a point in time. It's not something where you turn on a technology by flipping the switch and let it sit there. It's not checking the box. It's the ability to have something that's continuously monitored and evaluated and improved upon.
Rapid7 allows us to address multiple facets of an information security strategy, and that's very important to us.