卫斯理的使命增加了Rapid7 InsightVM工具和MDR服务，以确保其远程工作人员的安全

挑战

像大多数劳动力一样, since the COVID-19 p和emic, WMQ面临的最大安全挑战是向远程工作的转变. “我们注意到，在人们开始在家工作的时候，网络威胁有所增加,Taraiz Khan说, the manager of information security. “The biggest issue was monitoring vulnerabilities in staff computers. 我们对他们在做什么了解有限，所以对这一事件做出反应是一项挑战. We particularly noticed an increase in phishing scams.“ 

Their other major challenge is resources. “我们是一个相对较小的团队，我们没有资源来建立一个内部安全运营中心，也没有一个庞大的SOC团队. 从一开始，我们的目标就是对环境进行全天候监控, so if there were an incident, there are eyes on it immediately 和 the fastest possible resolution.” 

解决方案

今天，昆士兰卫斯理教会拥有InsightVM和Rapid7 MDR服务. “漏洞管理是ISO 27001安全合规要求之一，”Khan说. “We also want our endpoints protected. 根据以前的经验，我知道我们不想有太多的代理商. And with Rapid7, we only need one agent for both InsightVM 和 MDR.”

InsightVM 和 MDR Are a Powerful Combination

“My role is to look after everything related to cyber security; writing policies, 风险管理, security awareness 和 security operations. 我们的运营和IT团队也帮助我们实施安全控制，”Khan解释道. “我们的环境由SaaS应用程序组成，例如Office 365和医疗应用程序. We also have applications hosted in our data centers, which users access through a VPN,汗解释道。. Khan takes a realistic approach to managing the large environment. “我们的策略是提供一个安全的环境，以支持我们的员工，使他们能够专注于为客户服务. 作为一个安全团队，我们在后台工作，在发生事故时进行监控和响应. WMQ在支持昆士兰人方面做得非常出色，我们的团队在支持我们的一线员工方面发挥着不可或缺的作用, so they can focus on what they do best.”

可汗对他所需要的安全方法有一个清晰的认识，他需要解决他的环境中的漏洞挑战. “我们知道我们需要持续监控，在联系了很多供应商之后, we liked the Rapid7 InsightVM vulnerability management tool, 特别是它的实时仪表板更新和Rapid7的管理检测和响应(MDR)服务的专业知识.”

InsightVM和MDR的结合使Khan和他的团队在他们广泛的基础设施上的可见性达到了一个全新的水平. “When we first started with MDR 和 IVM, we could see people were trying to log in from outside 澳大利亚. 我们是一家总部位于澳大利亚的公司——我们不经常派人在海外工作. We didn’t have that kind of visibility before. That’s where we see huge value in Rapid7. Rapid7对威胁和漏洞的丰富研究为我们提供了新数据或环境变化时的更新.”

“如果终端上有可疑活动，IVM可以将所有信息提供给MDR. We have visibility into how many vulnerabilities there are. 有了实时仪表板，我们就有了显示进度的过去数据以及实时数据，这样我们就不必运行报告或等待扫描完成.”

Patching is h和led by 卫斯理的使命 Queensl和’s IT team. “We run a meeting 和 give them access to IVM. 他们可以看到所有的漏洞信息，并可以计划如何打补丁.”

Adding 24/7 Experience to Their Team

Khan chose Rapid7 MDR for its SOC expertise. 在MDR之前，WMQ安全团队对其环境没有清晰的了解. 但这一切都变了. 现在，MDR团队可以让他们全面了解整个景观. “我们可以从我们的防火墙、端点保护和DNS窗口中摄取大量日志. We can search endpoints. We can see all of the activities happening. That was the concern, because we have a large staff working remotely. Having visibility into our entire environment is key.”

在推出MDR服务后，他们注意到的第一件事就是Rapid7团队的报告和沟通迅速增加. MDR SOC为他们的小团队寻找和管理最关键的警报. “The MDR team is doing threat hunting for us regularly. 如果他们发现问题，他们会通知我们并立即升级.” 

昆士兰卫斯理教会的安全团队已经获得了前所未有的事件检测和响应能力. “Since we began working with Rapid7 two years ago, we have not seen a major incident within our environment,汗说。. “我们对系统进行了测试，当时发生了一个小事故，一个用户在半夜下载了一些恶意软件. Our Rapid7 MDR team picked it up right away 和 called us at 2:00 a.m.在那次事件之后, Khan很快利用了MDR团队的专业知识和24/7的覆盖范围，并与他们合作建立了一个自动响应程序. 

The MDR team provides critical expertise investigating incidents. “我们非常高兴MDR团队能够提供见解和专业知识, working side by side with our in-house security team,汗说。. Khan also points to the quality of incident reporting he receives. “报告是我们安全流程的重要组成部分，我们对MDR团队提供的质量和细节以及补救建议感到满意，以防止将来发生同样的事情.” 

事实上，Khan认为Rapid7 MDR SOC是他团队的重要延伸. “The MDR team is always available, 24/7 to help us. We always have someone to talk to whenever we need to. 我们可以发电子邮件. We can call the number. This is what we like about Rapid7.” 

A New Level of Security

可汗现在看着他周围的环境，看到了一个全新的安全水平. “We’ve built a team 和 brought in a new level of controls. Before Rapid7, we knew there were cyber-attacks happening. 但在我们与Rapid7签约，帮助解决漏洞、检测和响应之后, we see that incidents have gone down almost to zero. 当然是小事. But we have not had a single, 自从我们将Rapid7添加到我们的团队中以来，我们的环境中发生了重大事件.” 

“Rapid7确实帮助我们降低了很多网络和IT方面的风险. We have visibility,” concludes Khan. “That’s very important for us. And, I know if anything happens, the MDR team is there to help us.”