Banking on Trust: How Chemung Canal Trust Company Fortifies Security with Rapid7

Chemung Canal Trust Company background image v2
About Chemung Canal Trust Company

"No organization is bulletproof... but with Rapid7, we've got a trusted partner by our side."

Meet Christopher Conklin, Chief Information Security Officer at Chemung Canal Trust Company—a community bank serving New York's Southern Tier. Chris isn’t your typical CISO tucked away in a server room; he’s a hands-on leader who’s built his career on proactive defense and collaboration. His journey to leadership was cemented during one of cybersecurity’s most turbulent times: the Log4Shell vulnerability crisis.

At the height of the Log4Shell chaos, Chris was more than just a spectator. He led community efforts to share threat intelligence, coordinating with other cybersecurity leaders across the region to ensure every institution, not just his own, was shielded from the rapidly evolving threat. “Log4Shell was unlike anything we’d seen,” he recalls. “The speed at which it spread, the volume of vulnerable systems—it required a level of collaboration we’d never needed before. Being able to connect with other CISOs, to trade knowledge and support, was essential.”

During this critical period, Rapid7’s support and emergent threat response proved invaluable. “Rapid7 was instrumental in helping us get ahead of the threat,” Chris notes. “Their team was quick to share insights and recommendations as the vulnerability unfolded, giving us and other CISOs the edge we needed to adapt and respond effectively.” With Rapid7’s guidance, Chris was able to stay ahead of potential impacts and connect with the information needed to secure Chemung Canal Trust and its partners swiftly.

For Chris, this experience reinforced his commitment to building a resilient, proactive culture of defense at Chemung Canal Trust. His approach now focuses on empowering his team and company to anticipate and mitigate threats with the backing of trusted partners like Rapid7.

Disparate Systems, Desperate Measures

Before partnering with Rapid7, Chemung Canal Trust faced a labyrinth of disconnected security tools and data. "We had a lot of disparate systems where we were getting log information from," Chris explains. "It was very difficult because we had different outputs coming from different systems, and that created a lot of delays in parsing that information and determining what was exactly the threat that we might be dealing with."

With a small team and mounting external threats, the bank needed a unified platform to streamline their security operations. The tipping point came when they realized the inefficiencies were hindering their ability to respond promptly to potential cyber attacks.

Banking on a Trusted Partnership

After an extensive evaluation, Chemung Canal Trust Company chose Rapid7 as their cybersecurity partner, beginning with InsightVM—a proactive vulnerability management solution that allows the team to identify, prioritize, and address vulnerabilities swiftly, while ensuring compliance. This initial investment laid a solid foundation for secure operations, but as their needs grew, the bank sought a partner that could help them operate even more efficiently. This led to adopting Rapid7’s Managed Detection and Response (MDR) for comprehensive 24/7 threat monitoring, threat hunting, and incident response.

For Chris, the benefits of MDR go beyond just round-the-clock monitoring. 

We particularly looked at the MDR to help save us time, let us focus our attention on other areas where somebody else that we were confident in—that being Rapid7—would help us manage those alerts and help us prioritize those alerts as to what was really important and what might not be
Christopher Conklin, Chief Information Security Officer at Chemung Canal Trust Company

Before MDR, his team was often bogged down by alert fatigue, wading through a flood of notifications to determine what truly needed their attention. Now, with MDR’s constant oversight, embedded SIEM, and expert triage, the team is no longer in the weeds of alert management, freeing them up for strategic security work and proactive cybersecurity measures.

"Take patching, for example," Chris adds. "Before, we were in a reactive mode, dealing with patches as they came up and sometimes lagging on high-priority ones due to resource constraints. 

Now, with InsightVM and MDR working in tandem, we can see where the real risks are and handle patches with precision, getting high-impact ones addressed immediately.
Christopher Conklin, Chief Information Security Officer at Chemung Canal Trust Company

Additionally, Rapid7 MDR's ability to distinguish benign from malicious alerts has greatly reduced the team's response time. Previously, any suspicious activity would require hours, sometimes days, of investigation to rule out false positives. "The MDR team does a very good job letting us know when there are alerts we need to be concerned with, whether an alert is benign, and that saves us a tremendous amount of time throughout the week," Chris shares. "It's really shifted us from a reactive stance to a strategic, forward-looking approach."

With Rapid7’s MDR, Chris’s team gains valuable time back each week, allowing them to focus on broader initiatives like employee education, internal phishing campaigns, and compliance projects—all while knowing their environment is in control around the clock.

From Compliance to Confidence

Implementing Rapid7's solutions transformed the bank's security posture. "Our overall security posture has improved by using Rapid7 over the last several years," Chris notes. "We started at a place where we were compliant... but we were concerned from a credible perspective what would happen should we really be faced with a cyber event."

With Rapid7's integrated, intuitive platform, the bank now has comprehensive visibility into vulnerabilities and threats. "It helped us look at vulnerabilities in multiple different ways," Chris says. "With a small team, we were better able to prioritize what we patched and when."

An Extension of the Team: The Human Touch in Tech 

The relationship between Rapid7 and Chris' team is so much more than you would expect from a vendor/customer relationship. 

We don't see them as the people from Rapid7. We see them really as an extension of our own team," Chris emphasizes. "Our relationship with the MDR team is a very positive one. We talk to various individuals throughout the month. We know that they're there for us.
Christopher Conklin, Chief Information Security Officer at Chemung Canal Trust Company

This partnership was put to the test on Christmas morning when Chris noticed an anomaly: no alerts were coming through. Concerned, he reached out. "I called the SOC. Yet again, someone answered very crisply like they were not woken out of bed on the second ring," he recounts. "It was very nice knowing that even on Christmas morning, someone was there ready to answer our call."

Another instance highlighted the personal commitment of Rapid7's team. Faced with a suspicious alert just before his daughter's chorus concert, Chris felt torn. "Our customer advisor, upon hearing that I was going to neglect going to my daughter's chorus concert, called me up on my personal cell phone and explained to me that he would jump in and facilitate the triage of this alert, thereby freeing up my time," Chris shares. "That's a great example to me of that tightly knit, woven relationship where Rapid7 isn't just selling you a platform or a service. They're really becoming an extension of your team."

Navigating the Future: Staying Ahead in a Perilous Landscape

Chris is realistic yet hopeful about the future of cybersecurity. "Ransomware operators are getting better. The external threats are getting worse. More and more organizations are falling victim," he acknowledges. "My future vision of cybersecurity is one in which we have a tightly woven partnership of all of the defenders so we can start taking control out of the hands of the threat actors and into the defenders."

With plans to onboard Rapid7's Surface Command and enhance compliance reporting, Chemung Canal Trust is committed to fortifying its defenses. 

With a partnership like Rapid7, we're better able to have visibility on those potential attacks in the near future,"
Christopher Conklin, Chief Information Security Officer at Chemung Canal Trust Company

In a world where cyber threats don't take holidays, Chemung Canal Trust Company finds solace in a partnership that offers both advanced technology and unwavering human support. For Chris and his team, Rapid7 isn't just a service provider—they're family. Rapid7 is here for that.

 

 

インフラストラクチャ全体にわたり明確にリスクを自動的に検出して修復