布鲁克斯 Relies On Rapid7 SOAR 解决方案 to Automate Their Security Program





布鲁克斯, a 108-year old American sports equipment company designs 和 markets high-performance running shoes, 服装及配饰, 哪些产品在全球60多个国家都有销售. 总部位于西雅图, 华盛顿, 布鲁克斯是伯克希尔哈撒韦公司的子公司, 世界十大上市公司之一.


布鲁克斯 is growing rapidly which means a growing list of potential vulnerabilities. “We grew from a company doing $500 million in sales to $1 billion in a short amount of time,赖安·弗里德解释道, 高级安全工程师.. 我们已经发展到近1800名员工. 这给我们的网站带来了更多的点击量和更多的合作伙伴, 这意味着更多的安全事件, 更多网络钓鱼邮件, 潜在的风险更大.” Even with three analysts, the security team was running fast to stay one step ahead of the alerts. 

Ryan Fried,高级安全工程师


Ryan实现了InsightConnect, Rapid7的安全编排, automation 和 response (SOAR) solution to accelerate their traditionally manual, time-intensive incident response 和 vulnerability management processes. InsightConnect has helped the security team meet the challenges head on. “InsightConnect帮助我们扩大规模. It doesn’t really care how many integrated systems there are,” states Ryan.

瑞安·弗里德是布鲁克斯公司的高级安全工程师. He is part of a five-person security staff of two engineers 和 three analysts. Ryan的团队与多个业务部门紧密集成. “我们很早就植入了安全措施, as well as our security management tactics such as network segmentation, 安全自动化, 防火墙与网络安全, 在其他任何事情中. We like to build things to help our security analysts do their job.”

瑞安指出,布鲁克斯之前没有使用SOAR的经验. “We did a POC with another SOAR product but it was super convoluted.“那就是瑞安, 谁在以前的公司使用过Rapid7 InsightConnect, 我建议布鲁克斯考虑一下这种产品. “We did the POC to prove the value 和 went with Rapid7 InsightConnect.” 


Ryan takes a proactive approach to SOAR noting that traditional SOAR solutions, 专注于没有动手, 自动化来减少fte. 我的感觉完全相反. I’ve been able to build a ton of enrichment workflows with InsightConnect so that our Teams channel becomes our central comm和. I think in terms of the number of tabs our analysts need to have open in their browser, I’ve reduced it from 10 to 20 to just one or two when it comes to an incident investigation. I give them a super repeatable process that works the same for every analysis.” 

InsightConnect节省了分析师的时间, but even more importantly to Ryan is that InsightConnect has increased analyst engagement 和 made their jobs easier. “现在他们可以做自己真正想做的事情了. They’re not spending 60 minutes looking at a phishing email or 20 to 30 minutes blocking URLs.而且,Ryan指出,InsightConnect省去了繁重的工作. “当我们屏蔽一个URL时, 或域, 或IP地址, 我们需要封锁三四个不同的地方. If we use InsightConnect workflows, it’ll be blocked in the right places, every single time. 这种一致性是巨大的.”


InsightConnect确实提高了他们的响应覆盖率. “Previously, we were a nine to five, Monday through Friday kind of shop. 我们没有寻呼之类的东西. 与InsightConnect we’ve become a 24/7 shop - without expAnding our staff. Now we have three to four different alert types 和 we predefined which alerts we should be woken up for in the middle of the night. 如果没有InsightConnect,我们不可能做到这一点.”

Ryan也看到了改进的响应时间, especially in critical situations like potential ransomware attacks. “We’ve taken our paging system 和 integrated it, leveraging InsightConnect, with our alerts. Now our analysts only are getting woken up in the middle of the night when it really matters, 所以我们的响应时间非常快. 如果是勒索软件, our analyst can isolate the host directly from their phone instead of waiting 20 minutes for the computer to boot up 和 log in. 这是非常关键的. 这对我们来说是一个巨大的价值.” 


与InsightConnect, Ryan can quickly find 和 build a myriad of workflows leveraging the work of others.“我喜欢InsightConnect的原因之一是,如果我被难住了, 我可以在Rapid7扩展库中找到一个工作流. 如果这不是我需要的工作流程, 可以导入, 看看是怎么做的, 然后将其应用到我自己的工作流程中.瑞恩解释道, 每个工作流通常与前一个工作流具有可比性, 所以他可以很快地添加多个工作流. 展望未来, the 布鲁克斯 team will begin working with the Active 导演y team to use InsightConnect to automate user account termination. 

“In security, a third of your job is proving it’s not your fault when stuff breaks,” continues Ryan. “I have workflows that look at configuration logs for the tools I own, 例如防火墙, 它显示了过去24小时内所有的配置变化. With that I would know if I made the change or if a teammate made it. 与InsightConnect, it is much faster to prove it’s not your fault. 我们用过很多不同的方式. 我们所做的很多工作都是通过团队进行特别的工作流程. 这是新的. 我们从中发现了很多价值.”

Ryan believes InsightConnect has helped his security team deal effectively with the company’s surging growth. “随着我们的发展,我们正在采用额外的安全工具. As we add more IT 和 security systems, we integrate them into InsightConnect. 如果我们有这些不同的安全工具, that’s more time we would need to spend on different consoles 和 bouncing from one to the other. But a new security tool that’s API capable doesn’t add more complexity, 只是更多可用的功能. Having the automation benefits of InsightConnect is almost like working with an operating system. You just plug in the next app 和 it integrates with other users 和 systems,” Ryan says.


For Ryan, the time-saving benefit of InsightConnect automation is clear 和 compelling. “就指标和查看仪表板而言, InsightConnect无疑节省了分析师的时间. I’d estimate it is saving us about 11 days or 88 hours of manpower each month, 只是基于我们运行的工作流程. InsightConnect还减少了响应和解决的时间, which helps mitigate any threats that do make their way into the company.” 

“If you took InsightConnect away from our analysts, that would be demoralizing,” continues Ryan. “他们将不得不重新进行手动流程. InsightConnect帮助我们更有效地扩展团队. As we get more events 和 add new businesses 和 more processes, InsightConnect helps us keep up. 我们刚刚有了一个新的分析师,他说, “I’ve never seen anything like this before [referring to the level of existing automation]. His job’s been easier because he doesn’t have to learn where to get all the information. 和, 现在他有了一个频道,可以显示他可以使用的所有命令, 而且他不需要到处登录. 安全流程无论如何都是一致的.

