Customer Story:

Amedisys Sees Immediate Value, ROI with Rapid7 InsightIDR

February 11, 2020

As one of the largest hospice and home health companies in the country, Amedisys knows that providing a reliable, secure experience for both their employees and patients is critical. They needed visibility, intelligent user data, and a seamless design. Brett Deroche, the director security operations, was already familiar with Rapid7 InsightVM and our universal Insight Agent. He knew that with an evolved SIEM solution like InsightIDR, he’d see an immediate return on investment, while also getting the visibility and alerts he needed.

Highlights include:

  • “We were able to see things occurring in our environment that we hadn't seen in years.”

  • “Setting up event sources and deploying InsightIDR was relatively easy. Within a week we had more event sources and more data flowing in than we could have imagined. We currently ingest more in three days than we did in three to four months previous in our traditional SIEM model.”

  • “Really all of the Rapid7 products, you can really tell that they've put a focus on user experience. Whenever you log into IDR, it's simple. It maps to the kill chain. It allows me to prioritize that. That visualization just makes my job a lot easier.”

  • “I don't spend time every day maintaining a traditional SIEM. I just come into work and I know what time it is and I'm able to take action.”

Video Transcript

Amedisys as an organization is the third largest hospice and home health company in the nation. We have a unique experience in the security team in that most of our user base is clinicians. They are medical professionals. We need to provide them the most seamless and secure experience they can, because they're providing care to people in their homes. We can't impact their usability and whenever they're in a patient's home. So really securing our patients’ data, as well as our employees data, is the unique challenge that we have every single day.

Show more Show less

What really drew us to Rapid7 for a SIEM platform—MDR and IDR both—was the immediate return on investment we could have. Whenever pairing that with InsightVM and deploying the agent, the return was evident immediately. We were able to see things occurring in our environment that we hadn't seen in years.

So for us, setting up event sources and deploying InsightIDR was relatively easy. Within a week we had more event sources and more data flowing in than we could have imagined. We currently ingest more in three days than we did in three to four months previous in our traditional SIEM model.

The User Behavior Analytics function within IDR has been a lot of help in that. It's baked into the product and it's aggregating that data, so I'm able to quickly click on a user and see what types of alerts they've generated, whether that be ingress from multiple countries within a limited period of time or brute-force attempts on that user. I'm able to easily transition from user to alert to specific logs if I need, and gather more data really in a seamless experience.

The other side where InsightIDR, I believe helps us a lot is that they say hackers don't break in, they just log in. Identity is the perimeter. So having that UBA functionality within IDR allows us to see whenever there are outliers. It baselines our users for us and provides us outliers really easily using IDR. Really all of the Rapid7 products, you can really tell that they've put a focus on user experience. Whenever you log into IDR, it's simple. It maps to the kill chain. It allows me to prioritize that. That visualization just makes my job a lot easier.

What was really attractive for the IDR pricing model was the asset-based pricing and not the data ingestion rate. A lot of SIEMs out there today charge per ingestion or, and they may or may not charge per storage as well. The MDR and the IDR model really allowed us to put as much data as we could into it and then see what value we can get out of it.

And that value was evident from day one. You know, I like to say, do you want to spend time building a watch or do you want to know what time it is? And the traditional SIEM model, you're building a lot. You're maintaining a watch and trust me, it breaks often. And the InsightIDR version or the InsightIDR spin on the SIEM model, you know what time it is. I don't spend time every day maintaining a traditional SIEM. I just come into work and I know what time it is and I'm able to take action.

On-Demand Demo: Detection & Response

See how InsightIDR can help you detect intruders earlier in the attack chain.

Watch Demo