Security Finance Trusts InsightVM to Discover the Unknown

Challenge

As a financial institution, Security Financial constantly has a target on their back. They therefore need to be ahead of the game and be proactive instead of reactive. It's fairly complex. The company has their own in-house software and various systems across the country in data centers, so they have a lot of surface area for possible attack.

Solution

Security Financial chose InsightVM to identify all of the assets in their environment and understand their associated risks; manage efficient, cross-functional remediation with ITSM integrations; and communicate the success of risk reduction efforts to executives with robust reporting capabilities.

For financial institutions, staying one step ahead of motivated attackers requires an intimate understanding of their organization's attack surface. In this customer story, Kurt Hazel, IT Security Manager at Security Finance, shares the journey of his organization's security program and discusses why his team depends on InsightVM to:

• Identify all of the assets in their environment and understand their associated risks.
• Manage efficient, cross-functional remediation with ITSM integrations.
• Communicate the success of risk reduction efforts to executives with robust reporting capabilities.

Our security program is not very mature. We're working towards maturity. One of the first things we did to bring about a more secure model was begin with looking at our assets, the various assets we have and the vulnerabilities that may or may not have. One of the key products to do that was InsightVM.

We weren't doing vulnerability management before we did this. We mostly did patch management saying we applied patches, but we didn't have the full story about what was still left unaccounted for on each one of the systems, and that's where vulnerability management came in.

When we purchased InsightVM, we did look at other products. We did do an evaluation. We decided to go with InsightVM because of the robustness of some of the various features. The reporting capability allows me to tell a story to my bosses to understand what's going on. The ability to hook into other aspects that we have within our environment is also a big driver.

We've narrowed down our ITSM tool to one of the ones that integrates with InsightVM because of that. The other competitors out there do not have the same feature sets. How we measure success with InsightVM is by watching the number of vulnerabilities trickle down through the tracking and software. Through the reporting features, I'm able to report on whether or not we're doing a successful job reducing those.

Our partnership with Rapid7's been-—it's been a wonderful engagement. The people within Rapid7 are always enthusiastic. They're always there to help us. If we have an idea that we want to try or be able to do something, they usually have a product, and if they don't have a product, they can at least tell me where I should be looking.

We've engaged with support. Our tickets have been handled with extreme diligence, always taking care of our issues and making sure that we were satisfied afterwards. Why InsightVM? Why Rapid7? It's been about being able to close that loop, being able to make sure that we're looking at our whole environment, and making sure that we're actually taking on the open issues, discovering what we don't know.