John Harte, CISO at Starr Companies, needed a vulnerability management solution that could rank and prioritize risk better than what he currently had in place. In this testimonial, he discusses how Rapid7 InsightVM was that solution for him, and how he’s augmented it with our cloud SIEM, InsightIDR, and Managed Detection and Response services to truly provide ultimate visibility into his environment. He touches on:
I'm John Harte, I'm the Chief Information Security Officer for a company called Starr Companies. At Starr, we had a previous vulnerability management solution, which we liked. We felt like it could be better. So that exploitability score within Nexpose and now InsightVM was a huge factor for us.Show more Show less
With Insight VM, the biggest thing we looked at was the risk ranking of a vulnerability. Where we could say, "Hey look, this vulnerability is legit. I can exploit it with Metasploit. If I can do it, pretty much anybody else on the internet can do it, and let me show you."
We judge the success of that tool based on immediacy and a vulnerability being detected. We want those daily scans to rise up that if somebody in our environment didn't follow policy or didn't follow good hygiene, that InsightVM could show that to us as quickly as possible. So we're always focused on that. Speed of detection of a vulnerability. And then risk ranking, cause that's a part of every security program is ranking risk.
So we started with the VM piece, we looked at InsightIDR for lateral movement use cases. Then it really made sense for us to augment our managed security services with Rapid7 services as well. So we had that 24x7 coverage. Out of our security professionals we like to spend, you know seventy to eighty percent of our time hunting for threats. So the tools are very much built with that mindset of ultimate invisibility.
Having rich contextual alerts that we can trust was a huge part of why we selected IDR in our testing. We felt like the alerts with IDR and then to the MDR service were critical for us. Before MDR, I would say we did it all in-house. We used our best practices, our best tools, we used the services and threat intelligence feeds that we already have. But to have a product like InsightIDR run by the MDR team just gives us a little more confidence when we see something.
So at Starr, we use a dual agent for Rapid7. So the single agent hosts the vulnerability management agent as well as the IDR agent. For us, it was critical to keep the agent count low on our machines. So that was a huge benefit for us, to not have two separate agents running for those use cases. While they have dual roles, it's a single agent, it's a single deployment. Those deployments have gone very well for us, we've upgraded it five or six times now over two years. So yeah, we have it deployed globally, pretty much every continent there is.
With Rapid7, we have that confidence in the platform and confidence in the entire company, that it allows us to be more forthright in what we do.