AMN Healthcare Partners With Rapid7 to Redefine Cybersecurity for a Digital Age

About AMN Healthcare Partners

AMN Healthcare is the leader in total talent solutions for healthcare organizations across the nation. The Company provides access to the most comprehensive network of quality healthcare professionals through its innovative recruitment strategies and breadth of career opportunities. Clients include acute-care hospitals, community health centers and clinics, physician practice groups, retail and urgent care centers, home health facilities, and schools.

The Challenge

Having recently acquired 28 organizations of varying sizes–from startups with 30-50 employees, to an established organization of 2,500, each with their own offices, policies, and frameworks, AMN needed a unified, futureproof security platform to integrate these organizations into their corporate structure. They needed to ensure that every organization was following a singular security standard for detection and response.

The Solution

AMN Healthcare looked to Rapid7 Managed Detection and Response (MDR) for a next-gen monitoring solution. Once onboarded to MDR, AMN looked to Rapid7s security platform to address other gaps, adding InsightVM for vulnerability risk management, InsightAppSec for DAST, InsightConnect for key automations and InsightCloudSec for cloud risk and compliance.

Rapid7 MDR provides the depth of support we need. It does more than just collect and send logs, it is actively looking for threats. And, if it spots one, it will intercept that threat immediately. It is that proactive piece that makes Rapid7 MDR an effective program for us.
Mani Masood, Senior Director for Information Security

From the Moat to the Edge

Mani Masood, Senior Director for Information Security at AMN Healthcare, and his 7-person security team oversees a fairly complex IT environment. With over 10,000 users across six offices, three data centers, multiple countries, and a newly distributed remote workforce due to COVID-19 and a new hybrid work model, they knew they needed a strategy to help protect them from cybercrime.

Mani recalls the tone and direction set by the AMN Healthcare leaders, "As we forge ahead with our agile, virtual, digital, and AI initiatives, it's crucial that we remain vigilant in our approach to cybersecurity. Only by fully integrating security into our technology efforts can we truly reap the benefits of digital transformation while safeguarding the success of our business and the trust of our customers,” stated Mark Hagan, Chief Information and Digital officer.

“Before COVID-19, the entire security posture was, Let’s make a moat,” recalled Masood. “Let’s have high castle walls and towers to keep eyes on who is coming in and going out.” After COVID, however, their concept of how to work changed. This pivot created a security challenge for AMN Healthcare because suddenly, “we don’t have six, eight, or ten regional offices. We have 6,000 regional offices because everyone’s home becomes an office with a home network that we don’t have any visibility into or control over.”

Reimagining The SOC

Prior to working with Rapid7 MDR, AMN relied on an outsourced SOC. However, they found that they were able to flag and respond to events before the outsourced SOC could analyze the alert. As AMN Healthcare grew in asset count and became more dispersed, they needed a solution that worked quickly and in lockstep with their team–an MDR that takes detection and response from end-to-end and actually helps them with response.

As they evaluated MDR vendors, Rapid7 stood out. “With Rapid7, it just felt like we were talking to our internal IT department,” said Masood. “It felt as though we all were working on the same objective; solving the same problem.”

A Proactive Approach to Monitoring

AMN Healthcare was determined to be more proactive by adding a technology that monitored everything simultaneously while weeding out anything they didn’t need to worry about. That was the main driver for turning to Rapid7 MDR.

“Not only does Rapid7 MDR manage, detect, and respond using logs, it’s actually at our edge,” explained Masood. “We now have an agent on user devices in thousands of work-from-home locations. Rapid7 MDR provides the depth of support we need. It does more than just collect and send logs, it is actively looking for threats. And, if it spots one, it will intercept that threat immediately. It is that proactive piece that makes Rapid7 MDR an effective program for us.”

Rapid7 Technology Seals the Deal

According to Masood, Rapid7’s machine learning capabilities sealed the deal. “The tech actually learns from the events coming in and the nature of those events, then cross-references them across the entire Rapid7 field of view. Then, the second layer of the Rapid7 MDR SOC team steps in validating the findings and AI analysis and bringing it down to only the critical alerts–the small number of alerts that we need to address.”

With Rapid7 MDR, the AMN Healthcare team was able to reduce noise and false positives. They loved that the Rapid7-built technology could simplify and validate everything they were seeing in their dashboards. “With Rapid7, we’re buying technology, expertise, and automation,” stated Masood.

The automation abilities within Rapid7 were a value-add. “When we saw some of the things that we could do with InsightConnect within the MDR platform, we were really impressed. It’s a good value addition, because anytime we decide to automate something, we don’t have to go and learn new languages.”

The Strength of a Platform Solution

“Once we added these two tools, our approach changed. We decided to look at the entire Rapid7 platform” states Masood. “We’ve been able to build our reporting and dashboards, as well as streamline our processes. The more that we can do with the same agent, with the same automation tool and the same SOC, the better. It gives us economies of scale. We don’t have to keep learning new tools. Support becomes easier. Integration becomes easier. That’s how Rapid7 became our core security technology.”

AMN Healthcare next looked to address its gap in DAST scanning and implemented Rapid7 InsightAppSec. “The ability to integrate the DAST scanning with the same InsightConnect tool and automate work processes was the leading decision-maker,” stated Masood. We were able to close the security gap–and in an optimized way, because we’re not just buying a box and plugging a hole. Now, we’ve got a solution that ties in with the rest of the technology and we can deepen our automation.”

AMN Healthcare also added InsightVM to reduce the number of agents–a critical factor for their team. “This is a very strong value proposition. You’re getting everything under one roof through one agent. This is a major pain point for security departments everywhere,” explained Masood. He added that this single agent has reduced the lead time between the exposure of a vulnerability and the vulnerability becoming an active exploit from days to just hours.

AMN Healthcare’s current goal is to unify everything under a single technology platform. “Each technology, each agent means more support investment from our side,” said Masood. “We’re a small team and the worst thing that can happen is for team members to be constantly switching between consoles and dashboards, logging in and out. We want that single platform, that single look and feel, and single language.”

With Rapid7, we’re buying technology, expertise, and automation.
Mani Masood, Senior Director for Information Security

A Key Partnership

Today, Rapid7 is an extension of AMN Healthcare’s internal security team. They speak regularly with their Rapid7 Customer Advisor and work directly with the Rapid7 SOC. “We don’t get the feeling at any point in time we’re working with someone who’s not part of the AMN team - the way we talk, the way we raise our concerns, the way we get our feedback, it’s always one team,” noted Masood.

Different KPIs, Shared Results

As for results, AMN Healthcare cites the ease of use, upfront costs, total cost of ownership, and integration abilities as top factors for their positive ROI with Rapid7.

On the numbers side, the results were clear. Of the 1,236 investigations by Rapid7 for AMN Healthcare in 2022, 90% were addressed within 30-60 minutes. Furthermore, 100% percent of the machines that had Rapid7 deployed on them were 100% effective to deal with a threat that they were presented with. On the human side of things, Masood enjoys the fact that his team can now be more proactive and start thinking in a way a threat actor does. They can now solve problems before they present themselves.

His advice for others considering Rapid7 is pretty emphatic. ”Don’t think twice,” he urged. “You’ll flourish with Rapid7 and your program will go to a new level.”

手軽に実現できる、プロフェッショナルなエンド-エンドのSOCオペレーション