Pearl Data Direct依靠Rapid7 Insight平台来保护其全球金融网络

挑战

Pearl Data Direct faced two major security challenges: 

1. Pearl Data是一个有吸引力的攻击目标，因为他们通过他们的应用程序管理数百万美元
2. Their business is heavily regulated in the financial sector

解决方案

为了满足这些关键的网络安全需求，Pearl Data实施了Rapid7 InsightIDR, InsightConnect, InsightAppSec. 在一起, they provide the critical visibility, 检测, 自动化, 并整合Pearl Data在其支付平台上保护成千上万用户信息和交易的需求. 它们还确保遵守要求苛刻的央行监管机构的规定. 

“As one of the leading exchange houses in the region, LuLu依赖Pearl Data来管理每秒流经系统的数千个事务,库马尔解释说, Head of Infrastructure 和 Cloud Operations. “So, cyber threats were a challenge we had to address. The second challenge was with our regulators, the central banks. They are very strict on cybersecurity, countermeasures, compliance. 第一个问题意味着我们的基础设施，我们的网络，必须是完美无缺的，并且戒备森严. The second one means we have to comply with bank regulations.”

数以万计的客户使用LuLu移动应用程序收发资金. “我们为许多客户持有个人身份信息，因为我们需要收集他们的信息以遵守规定. 在跨境汇款方面，我们的核心银行系统与多家银行相连. So, these are major challenges.”

A Large 和 Distributed Environment

Midhun manages three divisions. “The first is infrastructure, which consists of our network servers. The second is our cloud operation. We have a heavy presence with Amazon 和 Azure clouds. In addition, I head up the security team.”

Pearl Data’s IT staff encompasses 150 developers, engineers 和 R&D专家. 在LuLu开展业务的12个国家中，每个国家都有2到3名成员的核心团队和当地团队. “We also have a SOC in India with a dedicated 10-person staff.” Add it all up 和 Midhun 和 his team oversee IT, 在十几个国家的250多个地点提供云和安全服务.

Midhun在之前的职位上有过使用Rapid7的经验，这让他有信心在Pearl Data实施Rapid7解决方案. “我在网络安全领域有10多年的经验，当我刚进入这个行业时，我使用的是Metasploit. It’s an awesome tool 和 a key reason why I have confidence in Rapid7.”

“I contacted Rapid7 for a POC. 在我拿到许可证的那一刻，Insight平台就为我准备好了. 两三天后，包括基于生产的部署在内的所有工作都完成了. We were shocked at how fast it was implemented.”

Real-Time Alerts Are a Game Changer

“Rapid7’s InsightIDR was very easy to configure, it’s very flexible. 和, since InsightIDR is in the cloud, it’s virtually infinite as far as being scalable,米勋说。. “Of course, I need to balance security as well as the cost. 这就是Rapid7的魅力所在，因为你要根据资产付费. 这种模式非常容易预测和理解，因此对我们很有吸引力.”

对于Pearl Data安全团队来说，能够实时看到警报是一个改变游戏规则的功能. “通过实现insighttidr，我们在所有端点上都部署了代理, so I can see all kinds of alerts in real-time,米敦说. “还有SOC分析师, 只需点击几下, 可以调查机器, gather the application cache, 收集DNS数据, 获取系统上运行的所有进程的列表，并查看所有云活动, such as what is going on in the Azure cloud. 此外，所有这些信息都被收集、关联并一起呈现.”

Integrating SOAR with InsightIDR

对于Midhun来说，集成解决方案是Rapid7体验的一个受欢迎的好处. “The moment I realized the power of InsightConnect, 我做的第一件事是部署工作流并将其与insighttidr集成. 现在，如果检测到恶意IP，我可以在我所有的防火墙中阻止它，只需单击一下. SOC分析师无论身在何处都会收到一条信息，即使他们正在旅行. 

“InsightConnect会问，‘我们发现这个IP是恶意的，你想用防火墙阻止吗?然后，根据分析师的确认，我所有的防火墙都会屏蔽该IP. If I see a malicious hash on one of the desktops, 我可以使用我的防病毒软件阻止该散列，也可以利用基于InsightConnect的自动化. 我与InsightConnect和我们的安全解决方案紧密集成. 只需单击一下，我就可以在1500个端点中阻止这个特定的散列.”

“我们很容易配置InsightConnect，因为有大量的插件可用，以及文档资源和分步指导. 所以，我们做到了. 和 we have the confidence that we can do more.”

Meeting Compliance 和 Advancing Application Security

Pearl Data必须满足的一个关键要求是中央银行对应用程序漏洞进行测试的规定. 他们的应用程序安全程序包括测试本地应用程序和云原生应用程序. InsightAppSec帮助他们满足了这些要求，并推进了他们的AppSec计划.

Pearl Data实施了Rapid7 InsightAppSec，它对安全团队产生了巨大的积极影响. “We integrated InsightAppSec with Azure DevOps; all the pipelines have InsightAppSec components. 现在, I have peace of mind because whenever they commit a code, it follows an automated security process,米敦解释道。. “Our app developers don’t need to come to me, they don’t need to come to our team, they don’t need to send emails. They don’t need to go through any formalities. When they commit code, the scan happens automatically. 和, we created the metrics. 因此，如果他们发现高危漏洞，他们就不能将其推向生产环境. The code will get blocked 和 they have to remediate it.” 

A 30% Time Savings - 和 a Happier Team

Midhun报告说，在过去的30天里，一个Rapid7 InsightConnect工作流为他的团队节省了11天的工作时间. 但更重要的是，Rapid7让米敦和他的团队安心了. “自动化的另一个原因是，我希望在我的SOC和安全团队中看到更轻松的面孔. They have to enjoy their work. They need a work 和 personal life balance. So, I put the right tool in place 和 let them relax.”

To anyone considering Rapid7, Midhun说, “I would recommend the capabilities of the Insight solution, the integrations 和 all the scalability. +, Rapid7 is very cost effective, so, whether you’re a small business or an enterprise that spans the globe, you can implement Rapid7 InsightIDR 和 the rest of the Platform. 当然,米勋总结道。, Rapid7与客户保持着牢固的合作关系.”