温德姆酒店通过Rapid7平台将其风险评分减半

The Challenge

With customers and staff across the planet, 温德姆已经确定了两个主要的攻击媒介——他们庞大的网站和维持其全球运营的大量商业应用程序.

Wyndham’s corporate workforce, which includes IT, marketing, brand operations and the customer relations call centers, has been gradually embracing remote work for several years. Most corporate users work remotely on Mondays and Fridays. 因此，确保家中所有台式机和笔记本电脑的安全至关重要.

The Solution

温德姆已经使用Rapid7十多年了，并将继续在Rapid7平台上实施更多工具, utilizing InsightAppSec, InsightIDR and InsightVM to secure 3500 corporate users, 150 applications and more than 1 million loyalty members. 拥有一个中央平台来满足温德姆所有的安全需求，这无疑带来了回报. Rapid7平台为我们提供了广泛的撒网和能见度,” stated Joseph Gothelf, Vice President for Cybersecurity.

Gothelf负责监督11名负责事件响应的团队成员, vulnerability management, application security, threat intelligence, SOC and firewall management.

Securing Critical Applications

“我们今天使用超过150种不同的应用程序，其中包括各种安全性, IT and general business applications,” Gothelf shared. “我们一直在考虑如何更好地保护那些我们不一定能控制的应用程序. 以及我们如何更好地监控谁、为什么以及何时在使用它们.”

Wyndham has been all-in on InsightAppSec, which provides Dynamic Application Security Testing (DAST), for about five years. “我们留下了一个竞争对手来实施InsightAppSec，并在Rapid7世界中把事情联系得更紧密,” he explained. “我们每个月或每月对一些网页应用进行两次扫描, and sending those reports to our internal customers.“我们的内部安全团队以及应用程序所有者会定期收到这些报告.

So Long, Spreadsheets, Hello IVM Dashboards

温德姆实施了Rapid7 InsightVM，以获得对内部部署IT环境和远程端点的可见性，并清楚地了解这些漏洞如何转化为风险. “The agents provide real-time data,” shared Gothelf. “我们大量使用InsightVM仪表板进行漏洞管理，我们的内部客户希望定期报告. But, we were a spreadsheet organization for many, many years; the whole vulnerability management program hinged on a spreadsheet,” he continued.

Gothelf决心让他们的安全行动更有效率. “We cleaned up all of our tags, our asset groups, and we said everything is going to be in a dashboard. 如果你想知道资产的情况，你必须登录才能查看. We’re not doing spreadsheets anymore,” he chuckled. “We have a team that exclusively uses dashboards today. And, 当我们提到我们将开始将一些数据导出到Jira时，因为我们也有专门在Jira工作的团队, the team came back and said, Absolutely not. We want to be in Rapid7. 修补团队喜欢他们可以很容易地看到哪里存在最危险和最严重的差距, which are easily seen with various snapin dashboards.”

The dashboards are making a difference. Gothelf分享了InsightVM仪表板对他们Log4j管理的影响. “这是我所见过的最快的一次，我们在假期内修复了整个组织, at Christmas. 我们有几台机器受到影响，我们在30天内修复了它们. I’ve never seen us work that fast before. But again, that was Rapid7. That was us dashboarding. We were 100% reliant on Rapid7 and we got the job done.” Today, 仪表板被我们的内部安全团队以及桌面和基础设施管理团队使用, who are ultimately responsible for patching. 这有助于确定需要团队最关注的领域的优先级.

“如果我们在端点上有EDR和Rapid7，我们就很好了. 这就是我们在部署过程中给大家留下的印象。. Perhaps best of all, Gothelf很喜欢与Rapid7签约，因为他们不需要放弃其他已经习惯的平台. 温德姆还使用另一种SIEM平台，多年来，它们都达到了摄入极限. “And so, we started to ingest stuff into IDR, things like our web-proxy data and identity management logs.

Success with a Single Pane

“Having everything in one spot, one login, 有一个地方当然有助于日常工作的进行, especially for the teams that are cross-platform,” beamed Gothelf. And of course, Gothelf说，就节省时间和简单性而言，你不能夸大一个联系人的重要性.

“我们必须通过电话联系的供应商要少得多. 在过去的10年里，我们确实接到了竞争对手的电话，希望我们转移业务, but really, we don’t want to leave Rapid7,” he shared. “We feel like we have such a good thing going with Rapid7. “We’ve got the entire Rapid7 team on our regular calls, 因为它现在是跨平台的，有InsightAppSec和漏洞管理, all of our SOC people, and all of our IR people, all together.”

The ladbrokes立博中文版 are Real

Rapid7’s Real Risk Score provides an actionable, 基于攻击者在真实攻击中利用漏洞的可能性，从1-1000的粒度得分. The score takes into account CVSS scores, malware exposure, exploit exposure and ease of use, and vulnerability age. According to Gothelf, 他的团队密切关注它，并利用它在安全态势方面取得了真正的进步. As of February 2023, 温德姆的总Rapid7风险评分全面降低了50%，单个团队的降低幅度高达80%.

“这是一个巨大的成功，每个人都感觉好多了，”Gothelf笑着说. 我们对Rapid7今天所提供的一切都非常满意。”.