How a help desk took on a $5.6 billion problem and won

Consolidation, and making the world’s hardest job easier

Leave it to help desk guys to know instinctively: tools that are easy for humans to work with are always the best idea.

“Rapid7 was really the one that stood out to us as being easy to use as well as easy to set up,” said George, who rose to become Information Security Analyst for the Oregon Clinic. “And the support was also really thorough.”

The Oregon Clinic uses Rapid7’s next-gen SIEM InsightIDR, vulnerability management solution InsightVM, and 24/7 monitoring with Rapid7 Managed Detection and Response (MDR). “Rapid7 has helped us automate things and find those alerts that we really need,” George explained. “We love that it’s cloud-hosted, we don’t have to stand anything up on-premise. It was a huge selling point to not have to manage that in our own environment. And the cost for that benefit is great.”

George says his team loves the ability of Rapid7 to integrate with other platforms that they also need. “We still have a few different vendors and manufacturers, and getting it all in one pane of glass is beneficial,” he said.

Today, visibility is up 10x on that longed-for single pane of glass

Rapid7’s ability to easily integrate matters. The team can see logins from the VPN, logins to Active Directory and workstations, even executables that may have been launched on an endpoint. It’s all correlated within Rapid7’s InsightIDR. 

The result? According to Eric Bachelder – another long-termer who rose to IT Operations Manager – it’s alerts that are meaningful. “Alert fatigue is a real thing! The tuning we have been able to do with Rapid7, filtering out the alerts that we know are benign, gives us the ability to know that when we see an alert, it’s something we should be looking at. We can rely on Rapid7 for that. We’re confident in them.”

Oregon Clinic’s cybersecurity insurance company asked over and over: do you guys have 24/7 security operations center coverage? The answer was no.  “We didn’t have eyes on those alerts at three in the morning,” said Bachelder. Now, with Rapid7 MDR, the environment is watched around the clock. Like all healthcare organizations, Oregon Clinic is bound by HIPAA regulation. “If somebody, anybody, is trying to drop data into a third-party storage service like Dropbox or Box.com, any place like that, it’s not allowed, Bachelder explained. “Rapid7 identifies that traffic and puts a stop to it.”

Bachelder also says his support team and account managers have been wonderful to work with: “They’re a trusted extension of our team.”

Q: Any advice for those making their way into cybersecurity leadership now?

When asked how IT managers and analysts can get off to a strong start, Bachelder had a quick answer: “Ingest as much data as possible to the platform. Send everything to Rapid7 and then fine-tune what you actually do or don’t care about over time.”

The Oregon Clinic, for example, has set up their Rapid7 preferences to send logs to InsightIDR about every single attempt to try to log on to any device on their network.

“We’re able to tell if somebody fails to login to a network device, and I have that as a custom alert added on,” he said. “We were curious if somebody’s trying to brute force a network switch or something like that. We never had that visibility before until we had Rapid7. We get that email alert saying, Hey, this is suspicious. It was noisy, but we’ve fine-tuned it. You have to go big and just ingest everything. Then tailor it to your environment.”

Data breaches aren’t just catastrophically expensive, they also grind things to a halt – which you cannot have in the provision of health care services to patients. It’s a serious mission. Rapid7 is here for that.

¹Experian global information service

² PBS News, “Has health care hacking become an epidemic?” 3/23/16