Incident Response Services
Penetration Testing Services
IoT Security Services
Training & Certification
Managed Vulnerability Management
Managed Application Security
Managed Detection & Response
Find a Partner
Rapid7 Insight is your home for SecOps, equipping you with the visibility, analytics, and automation you need to unite your teams and amplify efficiency.
Insight Platform Overview Try Now
User Behavior Analytics & SIEM
Orchestration & Automation
Need a hand with your security program? From planning and strategy to full service support, our experts have you covered.
Need immediate help with a breach?
Visier provides SaaS-based workforce intelligence solutions designed to help HR professionals answer critical workforce strategy questions. For Christopher Calvert, director of information security at Visier, protecting customer data is incredibly important. The Rapid7 portfolio enables him to understand the scope of their exposure in terms of vulnerabilities, as well as potential threats and threat actors.
*Our Nexpose Now product has evolved into InsightVM, which utilizes the power of the Rapid7 Insight platform, our cloud-based security and data analytics solution.
My name is Christopher Calvert and I'm the director of information security at Visier. Visier is an analytics company, we develop a SaaS product based on analytics platform and we have applications built on top of it that are primarily in the business intelligence space, solving workforce planning and analysis needs, as well as a recently announced talent acquisition product.
We're entrusted with sensitive data and we take its protection extremely seriously. So ensuring that we know about our exposure in terms of vulnerabilities, we know about the activity and environment, we know about potential threats and threat actors that may be interested in that customer data, it's of paramount importance to the environment, to our business, and to our customers.
Nexpose is a scan engine that we use for our vulnerability management program. It's scanning hosts, I've got it doing a little bit of scanning against applications. But primarily it's used in both office and data center environments for us to scan all of the hosts, getting deep insight into the vulnerabilities that may be exposed, as well as helping to inform remediation plans with partners in IT, in our DevOps group, or in other teams that own those assets or perhaps own code that is running on those assets. So it's a critical tool for me, and a critical security control.
The top remediation report within Nexpose is probably my favorite report. It's the one that my partners elsewhere in the company seem to value the most and is most informative for them to be able to trigger remediation planning.
There's a few other reports that we look at and distribution is tailored to who will be interested in that style of report. Generate recurring score cards on a monthly basis, various quarterly reports … and I'm learning more and more about what's capable in the depth of the reporting, but building a fairly robust communication strategy for vulnerability management based on what's within Nexpose itself. I’m also starting to get more value out of the Insight service that is tied to it, and striking the right balance between the extra visibility it gives me as well as potential integration into other tools.
We’ve started exploring Nexpose Now* and the enriched analytics view that it offers. We are an analytics company, and we definitely see value in rich analytics platforms. I do have some working partners, particularly in our DevOps group, that are quite keen on the insights that Nexpose Now can deliver.
I was first exposed to InsightIDR as one of the tools that were already in the environment and picking it up, integrating it into my strategy for information security at Visier. One of things that I really like about InsightIDR is that the capabilities to blend a purely responsive incident management approach and a proactive hunting approach are there within the tool. I can use threat indicators that I have already identified as reliable and inject those through the API, correlate with my internal event data, and allow me to not just respond, but have it actively look for signs of intrusion based on that threat data, and it really blurs the lines between a purely responsive or a purely proactive approach.
Well, today we collect logs and event data from a variety of sources including other Cloud services that we rely on. I have threat intelligence feeds that I pull high confidence indicators from. I use the InsightIDR API to inject those in as threat definitions, and that allows me to correlate our event data with known high-confidence threat activity that's out in the Internet and really get a broad perspective in what the threats are and possible threat actors that are targeting our environment. It gives me an ability to detect problems and respond quickly.
Integrating InsightIDR and Nexpose:
We have InsightIDR and Nexpose integrated, and that allows me to correlate vulnerability data with the various sources of event data that we're looking at. So that when I have something that I need to investigate, or if I'm hunting for signs of a threat, right there within the same view I can pull up the vulnerability information on the host.
Big strategy for us in making sure that we're making effective use of any time is having limited number of panes of glass, and the ability to integrate tools is of extreme importance to me. I want to be able to use resources and time, especially, efficiently, deliver the most value, and spend the least amount of time for myself or others in hunting for the information they need to make a decision.
We're using AppSpider and managed AppSpider service primarily on a weekly basis, however we do have ad hoc scans run when we need to validate any findings. Managed AppSpider is a very important part of the strategy for vulnerability management. It’s something that we rely on to give us a view into potential vulnerabilities exposed in our application. We use it to assess instances in the application before they go live, before they get offered to a customer view or customer access. So it's a way for us to detect those vulnerabilities, detect potential bugs or other flaws, before they put any data at risk.
Rapid7 as a partner:
Rapid7 has really become a key security partner for me. Deliver a number of critical security controls, vulnerability management, there's a tie in with penetration testing through some of the managed services as well. Rapid7 tools such as Metasploit will also play a key role in establishing my own in-house penetration testing and red teaming programs.
InsightIDR gives me a fantastic event correlation and detection and alerting engine, as well as providing a key view into investigation of any potential incidents. Tools such as AppSpider give me great depth in terms of assessing applications, and we are primarily an applications developer, so that's a critical tool to me.
Really the whole product has become key to my strategy for information security at Visier.
Uncover, prioritize, and reduce your vulnerabilities with a free trial of InsightVM.