AMN医疗保健与Rapid7合作，重新定义数字时代的网络安全

所面临的挑战

最近收购了28家不同规模的公司——从30-50名员工的初创公司, to an established organization of 2,500, 每个人都有自己的办公室, 政策, 和框架, AMN需要一个统一的, 面向未来的安全平台，将这些组织集成到他们的公司结构中. 他们需要确保每个组织在检测和响应方面都遵循单一的安全标准.

解决方案

AMN医疗保健将Rapid7管理检测和响应(MDR)作为下一代监控解决方案. 一旦上了MDR, AMN looked to Rapid7s security platform to address other gaps, adding InsightVM for vulnerability risk management, InsightAppSec for last, InsightConnect用于关键自动化，InsightCloudSec用于云风险和合规性.

从护城河到边缘

摩尼马苏德, Senior 导演 for Information Security at AMN 医疗保健, 和 his 7-person security team oversees a fairly complex IT environment. 超过10个,6个办事处的000名用户, 三个数据中心, 多个国家, 由于COVID-19和新的混合工作模式，新的分布式远程劳动力, they knew they needed a strategy to help protect them from cybercrime.

Mani recalls the tone 和 direction set by the AMN 医疗保健 leaders, "As we forge ahead with our agile, 虚拟, 数字, 和人工智能计划, it's crucial that we remain vigilant in our approach to cybersecurity. 只有将安全完全整合到我们的技术工作中，我们才能真正获得数字化转型的好处，同时保障我们业务的成功和客户的信任,马克·哈根说, Chief Information 和 Digital officer.

“在COVID-19之前，整个安全态势是，让我们建造护城河，”马苏德回忆说. “让我们有高高的城墙和塔楼来监视进出的人.” After COVID, however, their concept of how to work changed. This pivot created a security challenge for AMN 医疗保健 because suddenly, “我们没有六个, 八个, 或十个区域办事处. 我们有6个,因为每个人的家都变成了一个办公室，有一个家庭网络，我们无法看到或控制.”

重新构想SOC

Prior to working with Rapid7 MDR, AMN relied on an outsourced SOC. 然而, 他们发现他们能够在外包SOC分析警报之前标记和响应事件. As AMN 医疗保健 grew in asset count 和 became more dispersed, 他们需要一种能够快速工作并与他们的团队步调一致的解决方案——一种从端到端进行检测和响应的MDR，并实际帮助他们做出响应.

As they evaluated MDR vendors, Rapid7 stood out. 马苏德说:“使用Rapid7，感觉就像我们在和内部it部门对话. “It felt as though we all were working on the same objective; solving the same problem.”

A Proactive Approach to Monitoring

AMN医疗保健公司决定更加积极主动，增加一项技术，同时监控所有事情，同时剔除他们不需要担心的事情. That was the main driver for turning to Rapid7 MDR.

“Not only does Rapid7 MDR manage, 检测, 并使用日志进行响应, 它实际上在我们的边缘,马苏德解释道。. “我们现在在数千个家庭办公地点的用户设备上都有一个代理. Rapid7 MDR provides the depth of support we need. 它所做的不仅仅是收集和发送日志，它还在积极寻找威胁. And, if it spots one, it will intercept that threat immediately. It is that proactive piece that makes Rapid7 MDR an effective program for us.”

Rapid7 Technology Seals the Deal

According to Masood, Rapid7’s machine learning capabilities sealed the deal. “这项技术实际上是从发生的事件和这些事件的性质中学习的, then cross-references them across the entire Rapid7 field of view. 然后, Rapid7 MDR SOC团队的第二层步骤是验证发现和人工智能分析，并将其降低到只有关键警报-我们需要解决的少量警报.”

借助Rapid7 MDR, AMN医疗团队能够减少噪音和误报. 他们喜欢rapid7构建的技术可以简化和验证他们在仪表板上看到的一切. Masood表示:“通过Rapid7，我们正在购买技术、专业知识和自动化.

The automation abilities within Rapid7 were a value-add. “当我们看到在MDR平台中使用InsightConnect可以做一些事情时, 我们印象深刻. 这是一个很好的附加价值, because anytime we decide to automate something, we don’t have to go 和 learn new languages.”

The Strength of a Platform Solution

“Once we added these two tools, our approach changed. We decided to look at the entire Rapid7 platform” states Masood. “我们已经能够建立我们的报告和仪表板，并简化我们的流程. The more that we can do with the same agent, with the same automation tool 和 the same SOC, 更好的. It gives us economies of scale. We don’t have to keep learning new tools. 支持变得更容易. 集成变得更容易. That’s how Rapid7 became our core security technology.”

AMN 医疗保健接下来着眼于解决其在DAST扫描方面的差距，并实施了Rapid7 InsightAppSec. “将DAST扫描与InsightConnect工具集成并自动化工作流程的能力是主要的决策者,马苏德说。. We were able to close the security gap–和 in an optimized way, because we’re not just buying a box 和 plugging a hole. 现在, 我们有一个解决方案，与其他技术联系在一起，我们可以深化我们的自动化.”

AMN 医疗保健还添加了InsightVM，以减少代理的数量，这对他们的团队来说是一个关键因素. “This is a very strong value proposition. You’re getting everything under one roof through one agent. 这是世界各地安全部门的一个主要痛点。. 他补充说，这一单一代理将漏洞暴露到漏洞成为活动漏洞之间的间隔时间从几天缩短到几小时.

AMN 医疗保健目前的目标是将所有内容统一到一个技术平台下. 马苏德说:“每一项技术，每一个代理商都意味着我们方面更多的支持投资. “我们是一个小团队，最糟糕的情况就是团队成员经常在主机和仪表板之间切换, 登录和退出. We want that single platform, that single look 和 feel, 和 single language.”

重要的伙伴关系

Today, Rapid7 is an extension of AMN 医疗保健’s internal security team. 他们定期与他们的Rapid7客户顾问交谈，并直接与Rapid7 SOC合作. “从我们说话的方式来看，我们在任何时候都没有感觉到我们正在与一个不是AMN团队成员的人合作, 我们提出关切的方式, 我们获得反馈的方式, 总是一个团队,马苏德说。.

Different KPIs, Shared pg电子

至于结果, AMN 医疗保健 cites the ease of use, 前期成本, 总拥有成本, 和 integration abilities as top factors for their positive ROI with Rapid7.

On the numbers side, the results were clear. 1的,236 investigations by Rapid7 for AMN 医疗保健 in 2022, 90% were addressed within 30-60 minutes. 此外, 所有部署了Rapid7的机器都能100%有效地处理所面临的威胁. 在人的方面, 马苏德很高兴他的团队现在可以更积极主动，开始以威胁演员的方式思考问题. They can now solve problems before they present themselves.

His advice for others considering Rapid7 is pretty emphatic. “不要犹豫，”他催促道. “You’ll flourish with Rapid7 和 your program will go to a new level.”