Jeffrey Gardner, Director of Information Security at Landmark Health, had used just about every vulnerability management solution on the market. He wanted to consolidate various point solutions and go to one trusted partner who was an expert not only in vulnerability management, but also in areas such as threat detection and response and security orchestration and automation.
Learn why Rapid7 InsightVM was the ideal solution for gaining maximum visibility of Landmark Health's dynamic environment, prioritizing risk according to what attackers are leveraging in the wild, and remediating vulnerabilities in lockstep with IT.
My name is Jeffrey Gardner, I'm the Director of Information Security for Landmark Health in Huntington Beach, California.Show more Show less
I started looking for a new security partner because we had a number of different vendors in the environment and they all did separate things. So I really wanted to consolidate down to a single vendor for many of our applications, if possible.
It just made things a lot simpler to just go through one trusted partner who was experts in all of the areas that we wanted to hit.
So, prior to purchasing InsightVM, we were actually using two separate solutions by the same vendor.
We had their externally facing product and we had an internal scanner, so we had to go to two separate consoles, nothing was tied together, you could scan the same box with the different tools and you'd get different results.
So we really wanted to get everything in one console, but also get the best of breed when it comes to vulnerability management, and that ties into what intelligence your vendor is getting.
I've used everything, Retina, Nessus, Tenable, you name it, I've used it. I wanted something that actually gave, I don't want to say a more holistic view, but a more complete view of the risk in our organization.
When it comes to comparing vendors and why we picked InsightVM over some of the others, it was really simple, it was a bake-off of a single Internet-exposed system. We scanned that box with all of the different vendors that we wanted to POC, and which one actually picked up the least amount of false positives, but also the most vulnerabilities.
InsightVM picked up 15, all were true vulnerabilities. They were also prioritized by actual risk, not just CVSS scores, or the vendors own proprietary way of looking at risk, it was something that's been industry accepted, that everybody agrees this is a true risk, it's a critical, severe, it's a median, it's a whatever, that's why we went InsightVM.
it's easy to use and it gives it you flexibility in the way you want to do things. It's not just you're stuck with generating reports. You have many different options that you can give your IT teams to say, how do you want to view this data? Do you want it in projects, do you want it in a CSV, do you want it in a report?
And it gives them buy in to the process, where before, you're just here's your vulnerabilities, patch your stuff, your servers suck. Now it's, hey, let's get you involved in the process. Now you can check when you've done things. It gives them just a little extra impetus to get involved.
The Projects feature of InsightVM has been really awesome in that regard. Because they don't just rely on us giving them a report, we can assign them a project based on their systems. They can log in whenever they want, check the progress, check off things that they've patched. The next time it scans, they'll remove those from their project and they're only left what's actually there, as opposed to just making Sharpie marks in a report, or crossing things out in a PDF.
We tend to grow exponentially year over year, so when I say that, I mean literally every single year we're doubling users, we're doubling assets, we're doubling everything, so we needed a solution that scale with our growth and scale in a very easy manner.
Most other vendors, if they introduce new features, new functionality, new workflows, that's an extra license, that's an extra price point. With Rapid7, you've bought their product. They want you to be happy with their product. They're going to give you those features as part of the product, which is how it should be.
So the Landmark landscape is a little different than most. We have a very large remote workforce. So in terms of assets, 90 percent of the laptops are going to be out in the field. They're very rarely going to connect back through VPN onto the network.
Now that we have an agent that's on every laptop, it makes it real easy because as soon as they connect to the Internet, wherever they are, that vulnerability data gets sent to the cloud, it gets analyzed, and populated on our console in the environment.
So having the same agent for MDR as IVM was actually just a happy coincidence. I didn't even know it was going to be the same agent until we stood up IVM and the data was already populated. And we logged in the first day and were like, what is happening, we haven't run a single scan. It's the same agent, so we don't have to do anything? No. Amazing.
Comprehensive risk assessment and management requires visibility into your complete IT environment—including applications. Learn more with our free whitepaper.Read More
Curious how the Landmark Health security team works in lockstep with its IT operations team more for effective remediation?Watch Video