As a cybersecurity engineer at this real estate company, Tony Hamil is responsible for almost everything security-related in his organization. That includes monitoring endpoints and user behavior around the world. To get the visibility and 24/7 support he needed to supplement his small team, he turned to Rapid7 Managed Detection and Response (MDR) based on a recommendation from Gartner. MDR, in combination with Rapid7’s incident detection and response tool InsightIDR, provides him with everything he needs to monitor his environment and correlate incidents—even at 2:00 in the morning.
My name is Tony Hamil. I'm a cybersecurity engineer. My job is pretty much every single thing that is security related in my company. We're in kind of the real estate business, for the most part. We do only have about 650 employees. However, we are spread all over the entire world. The reason we started looking at MDR ... MDR (Manage Detection and Response) is still a relatively new term in the Gartner space, but it focuses more on the security side of everything, whereas MSSPs, they look at the whole infrastructure; our items up and down, are your servers working properly … They look at the whole breadth of your environment, whereas we don't really need that.Show more Show less
Our biggest problem with our previous MSSP was we had very little visibility into how the endpoints were corresponding with each other. We would get an alert about one end point, and then, that's all we got. I mean, we didn't know what it was taking to, what was talking to it, we didn't know exactly what it was doing; I mean, we couldn't see it. We don't have the staff to basically correlate all that, watch it every day, put good metrics together, and the user behavioral analysis is something that we just can't do. So, we went to Gartner, we looked at Gartner ... One of the three they recommended was InsightIDR from Rapid7. We looked at all three of them, and InsightIDR, whether it was the platform, effectiveness, and even cost, was almost hands and down better than the other two.
A lot of my executives like to have that warm and fuzzy 24/7 ... Somebody's always watching our logs, so, if they do see something that pops up and correlates and says, "Yeah, this is bad," and I'm asleep, and it's two in the morning ... Like I said, we have people in Poland, they're working normally. We need somebody always watching that. Once again, it's me and one other person; we don't have the ability to do such. And so, we need somebody on another end who can look at it, verify, and not just a computer automated response that says, "Yeah, this is possibly bad." They look into it, they verified it, they can hunt it actively and say, "Yes, it's definitely a malicious item," and give me a call, or whatever needs to happen.
One of the nicer things about InsightIDR is, even though you guys are managing it, I feel like I can do anything within that software. I mean, I can go and I can change the logs, I can change some of the alerts, I can look at everything; I mean, I have full visibility and the ability to touch everything I need, which really I thought was outstanding. Because, like I said, even though you guys manage it, I feel like I own it. So, it really worked in all aspects.