For financial institutions, staying one step ahead of motivated attackers requires an intimate understanding of their organization's attack surface. In this customer story, Kurt Hazel, IT Security Manager at Security Finance, shares the journey of his organization's security program and discusses why his team depends on InsightVM to:
Hi, my name is Kurt Hazel. I work for Security Finance as the IT Security Manager. Security Finance is a financial institution that has about 1,000 locations across the United States and Mexico. Security matters because we're a financial institution, so we constantly have a target on our back. We need to be ahead of the game and be more proactive instead of reactive.Show more Show less
It's fairly complex. We have our own in-house software. We have various systems across the country through various data centers, so we have a lot of surface area for possible attack.
Our security program is not very mature. We're working towards maturity. One of the first things we did to bring about a more secure model was begin with looking at our assets, the various assets we have and the vulnerabilities that may or may not have. One of the key products to do that was InsightVM.
We weren't doing vulnerability management before we did this. We mostly did patch management saying we applied patches, but we didn't have the full story about what was still left unaccounted for on each one of the systems, and that's where vulnerability management came in.
When we purchased InsightVM, we did look at other products. We did do an evaluation. We decided to go with InsightVM because of the robustness of some of the various features. The reporting capability allows me to tell a story to my bosses to understand what's going on. The ability to hook into other aspects that we have within our environment is also a big driver.
We've narrowed down our ITSM tool to one of the ones that integrates with InsightVM because of that. The other competitors out there do not have the same feature sets. How we measure success with InsightVM is by watching the number of vulnerabilities trickle down through the tracking and software. Through the reporting features, I'm able to report on whether or not we're doing a successful job reducing those.
Our partnership with Rapid7's been-—it's been a wonderful engagement. The people within Rapid7 are always enthusiastic. They're always there to help us. If we have an idea that we want to try or be able to do something, they usually have a product, and if they don't have a product, they can at least tell me where I should be looking.
We've engaged with support. Our tickets have been handled with extreme diligence, always taking care of our issues and make sure that we were satisfied afterwards. Why InsightVM? Why Rapid7? It's been about being able to close that loop, being able to make sure that we're looking at our whole environment, and making sure that we're actually taking are of the open issues, discovering what we don't know.