Customer Testimonial

The Future Is the Limit for Automation at Starr Companies

June 26, 2019

For Starr Companies, finding a partner that valued nimble, agile development to continuously move forward was critical. Having been a Rapid7 customer for years, they turned to our security orchestration and automation solution, InsightConnect, to solve common use cases across business, security, and IT. In this testimonial, John Harte, CISO at Starr Companies, explains how he's partnered with Rapid7 to:

  • Discover time- and cost-savings as related to vulnerability management and incident response.
  • Leverage automation within the company's DevSecOps shop.
  • Maintain confidence in the platform and the company through continuous dialogue and improvement.

Video Transcript

I'm John Harte, I'm the Chief Information Security Officer for a company called Starr Companies

Show more Show less

We're a private company, we consider ourselves very entrepreneurial. Very nimble. Particularly on software development, our DevSecOp shop. Our developers, our security team and operations team are embedded. We're continuously moving forward. With that continuous improvement, we felt like Rapid7's culture very much lines up with our culture of continuously moving forward, of being nimble, offering new tools, new ways of doing things.

With Rapid7 as a company, we have a number of different relationships. We also felt like the IDR tool gave us a major capability. The VM vulnerability management tool was one of the best that we've used. And it made sense then to engage with the managed detection response service. With InsightConnect, we've felt like with our services engagement, with Rapid7, with the IDR tools and rich detail that that turns over to that tool, that InsightConnect really fits our ecosystem well with other Rapid7 tools.

InsightConnect, right now, we're very excited about that relationship because we are able to go to their developers and the people within Rapid7 and say, "We like this, this, and this. We want to change this. And we want to integrate this with this tool." And Rapid7's been amazing about responding to those requests.

With any automation tool, you can do a number of things with it. Whether they're business processes or security processes or general IT processes. There are people within the DevSecOps organization that see automation tools and are excited by some of the things they can do with it. If I was a customer just looking at an automation tool, I would definitely consider Insight Connect just cause the usability of it is very, very simple.

So us, at Starr, partnering with Rapid7 on that tool and some of the immediate rules we want to automate and use, we're excited. Every rule we put in is something my staff may not have to do. And it may protect us from an event in five minutes instead of twenty minutes. And the extra fifteen minutes may be a major encryption event, a major malware event avoided. So we can put real cost savings to that. So we're pretty excited to see how many of those use cases we can put numbers to of like, “Hey, these five rules saved us this many man hours, or this many possible events. And if a breach costs you this much money, what does that look like?” So we're excited for the tool. We're hoping it continues to grow with us.

We're actually talking more than when we used to. This is the first time I've ever actually wanted to say what I do for any of my security layers. So we're very, very protective of what we do. But with Rapid7, we have that confidence in the platform and confidence in the entire company, that it allows us to be more forthright in what we do.

Curious how to take the next step with your vuln management program?

Comprehensive risk assessment and management requires visibility into your complete IT environment—including applications. Learn more with our free whitepaper.

Read More