Bioventus Relies on Rapid7 to Secure Critical Patient Data

Challenge

拥有庞大的分布式劳动力, 多个云, 不同的设备, 以及重要的病人数据, Bioventus的安全团队面临着一场艰苦的战斗. User compromise and phishing emails are among the most critical challenges the team faces daily. 

As an American healthcare company operating internationally, Bioventus has an additional security challenge related to safeguarding patient records. “We’re dealing with medical devices and patient information that has to be protected at all costs,克里·勒布朗解释道. “A breach of any sort can be damaging, but a breach of patient records can be expensive.”

Bioventus also faces the kinds of security challenges that are all too common for enterprises of a certain size. “There are people out there hitting every IP address that they can. 我的大部分网络都在云端. 所以，我们也会受到这些类型的攻击.”

Solution

勒布朗实现了Rapid7 InsightVM, the leading vulnerability management solution and Rapid7 InsightIDR，领先的云SIEM. LeBlanc chose Rapid7 in large part because of the system-wide integration designed into both InsightIDR and InsightVM. “Rapid7 had the best integration possible with what I already had in the environment and with what I wanted to put in. 我想用AMP表示端点. Rapid7有一个为端点AMP构建的API. They have integrations built-in for my firewalls; for all the tools I wanted.”

勒布朗还指出了Rapid7强大的技术支持. “Every review I read said Rapid7 support is always there. And, Rapid7 has proven it over and over in the three years I’ve been working with them.”

当勒布朗加入比奥文特斯时, his first step was a system-wide assessment to pinpoint gaps and weaknesses. 一个迫在眉睫的问题是脆弱性. “我们没有SIEM. 我知道这绝对是我们需要的. We needed a vulnerability management solution and an endpoint detection and response solution,勒布朗解释道。.

“我做我的工作已经很长时间了. I have a lot of experience with a lot of tools, a lot of platforms. 所以，我心里知道我想要什么.” LeBlanc is responsible for Bioventus’ cyber security, reporting to the director of IT infrastructure and security. “如果是安全问题，那就是我的了，”勒布朗解释道. “I’m in charge of the security awareness program, I am the incident response team. 我是威胁猎人. 我是事件调查员. 我也是SOC.”

可见性和背景是关键

“For me, it’s all about visibility and context into the threats,” LeBlanc says. “And as soon as Rapid7 was in place, two critical things changed. One, InsightIDR discovered a lot of things I hadn’t known before, which was unbelievable. “一切都进入了insight tidr. 我是说，一切. 

扩展检测和响应(XDR)

“另一个重大变化是, and this is part of extended detection and response (XDR), 是否能够相互关联, analyze, 尽快确定优先级并进行补救. Rapid7 does that because it has visibility into everything,” continues LeBlanc. “It can build context around the threats and the events. It can help prioritize them for a higher level of awareness. 我可以更快地集中注意力, and it gives me the opportunity to reduce severity and eliminate further impact.”

“InsightIDR is my go-to tool because it offers a context that allows me to correlate my data. 如果我想调查用户数据, everything tied in with that user is right there in my investigation. 我的EDR解决方案中的所有内容, 处理用户ID的所有内容, everything from firewall traffic that might have the user ID. 这对我很有帮助.”

增强的端点遥测

LeBlanc is also taking advantage of the InsightIDR 增强的端点遥测. “我用它来提醒恶意进程, which is super nice because my EDR may not catch the process as malicious as quickly as the Insight Agent” LeBlanc also uses it for threat hunting, 资产认证报告和失败. “It’s tremendous information that comes in through that endpoint telemetry.”

单个代理用于insighttidr和InsightVM

LeBlanc is scanning all of his locations; cloud servers, data center servers. “A lot of these have the Insight Agent, and that agent feeds InsightIDR and InsightVM as well. 它涵盖了我所有的环境，我所有的位置. InsightVM has the ability to look at everything, not just my endpoints. 我们在错误的地方发现了证件, 配置使用错误, 永远不应该打开的服务. It immediately found all these things that we were able to go and address. 在我们开始使用InsightVM之前，没有人知道这一点.” 

将响应时间缩短到几分钟

“When I put Rapid7 in place my response time went from three to four hours to ten to fifteen minutes. 我知道这是什么，也知道如何补救. 一切都在那里. I can query the endpoint or get information and pull up different things on the user.”

成熟的安全程序

LeBlanc has used Rapid7 tools to take Bioventus’ security program to a high level. And he points to the confidence his executive team has in his security programs. “One of my VPs was at a conference where they reviewed a checklist of all the things that you should do for a good security program. And as they’re going down the list, he said, ‘Kerry has checked every box’. 那是一种很好的感觉.”