Neil Campbell: For those that don't know, briefly explain what SAI Global does and the security challenges you face.
Peter Macarthur-King: We handle and store highly sensitive and regulated data for clients. It's the kind of data that could be at risk of compromise by both financially motivated cyber-criminals, criminals seeking sensitive data about individuals, and potentially even nation state actors hunting for strategically important information on specific organisations. We have to keep such threats at bay, while continually enhancing the global organisation's IT resilience. What's more, we have the added complexity of ongoing cloud migration efforts, business-critical in-house applications to support employees spread across the globe.
Neil: What led you to consider Rapid7?
Peter: Our previous vulnerability management solution had become increasingly difficult for a small team to operate and to maintain coverage globally. So, upon the advice of a colleague, we looked at Rapid7 InsightIDR and InsightVM, running a proof-of-concept project across 300 servers globally. This proved to be very successful and as a result, we decided to scale up and deploy the agent to every PC and server in the organisation. Within a month, we'd gone from zero to the best part of 4,000 windows and linux assets. The process was quick, smooth and without fault.
Neil: What immediate improvements did you notice when using Rapid7 InsightVM?
Peter: The first thing we discovered with InsightVM was that we had broader visibility into our environment and the way the system identified and brought into clear focus risk was more effective than simply counting common vulnerabilities and exposures.
Neil: You have a globally dispersed workforce; and the recent pandemic outbreak would have forced pretty much all your staff to work from home. How do you manage this risk?
Peter: InsightIDR really helps reduce risk. We've been able to analyse the behaviour of users connecting via VPN and directly, providing transparency into Office 365 connections. The InsightIDR solution goes beyond traditional SIEMs to aggregate and analyse data sources across logs, users, endpoints, and networks, notifying us at the first sign of a change of behaviour which may indicate an attack.
Neil: You talk about the ability to democratise security across the organisation. What exactly do you mean by that?
Peter: Because of the insights we get through Rapid7, particularly things like the Top 25 Remediations Report, I have been able to distribute accountability and ownership for security across the entire business rather than limiting it to just my team. To do this we generate focused reports which provide relevant information directly to all our divisions, this means they now take greater responsibility to resolve challenges which deliver amazing benefits to us. The InfoSec team is only small, which means by divesting responsibility we can now focus on providing greater strategic value to the business.
