“不仅仅是一个小贩, a Full Partner": Junior Achievement 和 Rapid7 are an Unparalleled Combination

平稳过渡

“我们将Rapid7与几家供应商进行了比较. 我觉得我们有一个相当严格的过程，”兰德斯内斯透露. “Rapid7 graded out really well as far as functionality, ease of use, 和 cost. Since we’re a for-impact/non-profit organization, price is always top of mind for us. Our contacts were really good at showing us what the platform was going to look like, 解释实施过程是怎样的, 以及我们这边需要做什么.”

L和sness shared that after Junior Achievement signed up to use InsightAppSec, InsightVM, 管理检测 & 响应, 和 Pentesting 服务 with Rapid7, things got easier, rather than challenging.

"在我们的端点上安装单个代理, 台式电脑, 和服务器, 和 then creating a log server in our data center went really pretty easily. We were very happy with the onboarding experience 和 enjoyed the efficiency of using one agent for multiple platforms,他回忆道. “Fast-forward to today, 和 we consider them more than just a vendor – they’re a full partner.”

每个人都喜欢一块玻璃

像许多安全专家一样，L和sness喜欢简单. So it’s not surprising that when asked about his favorite feature within a Rapid7 product, 他重复了一句熟悉的话. “对我们来说，这是一块单一的玻璃，”他断言. “我们是一个小团队. 我有三个系统管理员类型的人向我汇报. 所有内容都在一个主机上，而且非常简单.”

当然，这不仅仅是为了便于L和sness使用. He also appreciates the coverage 和 attention to detail that have characterized his experience with Rapid7. Rapid7不仅为我们提供了一个专门的团队, 有一个人工智能组件可以查看我们所有的日志,他解释道. “It’s constantly ingesting our data, which we just can’t do manually because of our size.”

青少年成就和MDR:“没有人闯入”

Junior Achievement uses Rapid7’s managed detection 和 response (MDR) services, InsightVM, 和InsightAppSec——所有这些都是他们运营不可或缺的一部分. 然而, L和sness was quick to point to MDR as their “bread 和 butter” due to its outsize benefits – the regular, 迅速通知异常情况, L和sness说, 是非常宝贵的. Round-the-clock monitoring provided by Rapid7 SOC analysts is something L和sness 和 his team rely on – 和 more importantly, 他们对Rapid7的交付能力充满信心. 

“We probably get an alert or two per week of behaviors that are not consistent with what normally happens. And so, they’ll raise a ticket, 和 we’ll go take a look at it,他分享道. “We were alerted to a vulnerability in our firewall that needed to be patched really quickly recently, 和 we were able to remedy it before any of my other sources even knew about it.” 

To bring 24/7 SOC monitoring in-house would’ve been impractical 和 expensive. But it was a requirement laid out by Junior Achievement’s cybersecurity insurance provider. The value from Rapid7 on this front can’t be understated – by L和ness’ estimates, hiring someone in-house to do what Rapid7 does would easily cost twice the cost of Rapid7’s premiums.

遵从性和一致性 

此外, adhering to COPPA (regulatory compliance for the protection of children’s educational information) is an essential part of their job as well. L和sness has been pleased with Rapid7’s ability to fulfill both goals, 和 he also shared that effective 24/7 monitoring fully aligns their Junior Achievement’s mission 和 values.

“We want to be a secure place for students 和 their families,” he intimated. “没有人希望学生的数据甚至材料发生不好的事情. 我们很高兴能保证它的安全. Someone’s always trying to hack into something, but with Rapid7, no one’s breaking in.”

InsightVM:一个无价的工具

MDR may be Junior Achievement’s “bread 和 butter” but L和ness says his favorite feature is actually within another platform – InsightVM. 

“I have this dashboard where I have everything I want, everywhere I need to go. 在仪表板上, there’s a panel where you can sort all of your devices by how up-to-date they are in security patches. 这样我们就能知道是否遗漏了什么. 或者如果作业停止更新服务器. 或者如果用户一直推迟打补丁。”

这些知识节省了L和ness的时间和烦恼. “拥有这些直接的知识是非常宝贵的. And it happens way before it probably normally would in the course of doing your job without the tool,他分享道. “这是一个很大的帮助.”

少年成就的下一章

The next chapter in Junior Achievement’s security journey is pen-testing. While they’ve previously conducted such tests every other year, they now plan to up their game. 计划是每年进行一次渗透测试. “Partnering with Rapid7 on that, 和 what we do with the results, is going to be big for us. We’re just going to continue to try to be ever more secure in what’s a crazily insecure world right now.”