利用物联网加强安全和漏洞管理:Visier 和 Rapid7 案例研究
技术
- 应用基础设施与中间件 - 事件驱动型应用
- 传感器 - 温度传感器
适用行业
- 玻璃
- 国家安全与国防
适用功能
- 质量保证
用例
- 网络安全
- 篡改检测
服务
- 网络安全服务
- 系统集成
关于客户
Visier 是一家提供基于 SaaS 的劳动力智能解决方案的科技公司。该公司开发了一个分析平台,并在其上构建应用程序,主要是在商业智能领域。这些应用程序有助于解决劳动力规划和分析需求。 Visier 最近还宣布了一项人才招聘产品。该公司负责保管敏感数据,并非常重视其保护。 Visier 的主要挑战是了解其在漏洞、活动和环境、潜在威胁以及可能对该客户数据感兴趣的威胁行为者方面的暴露情况。
挑战
Visier 是一家基于 SaaS 的劳动力智能解决方案提供商,在确保保护敏感客户数据方面面临着重大挑战。作为一家拥有大量敏感数据的公司,了解其漏洞、潜在威胁和威胁参与者的暴露情况至关重要。该公司需要一种解决方案,不仅可以帮助他们了解自己的暴露情况,还可以提供强大的系统来进行事件关联、检测、警报和潜在事件调查。我们面临的挑战是找到一种全面的解决方案,能够深入了解漏洞,帮助制定修复计划,并为漏洞管理提供强大的沟通策略。
解决方案
Visier 采用 Rapid7 产品组合来解决他们的安全挑战。该产品组合包括 InsightIDR,它提供了出色的事件关联、检测和警报引擎,并且还提供了调查任何潜在事件的关键视图。 InsightVM 是 Rapid7 产品组合中的另一个工具,被用作其漏洞管理程序的扫描引擎。它在办公室和数据中心环境中用于扫描所有主机,深入了解可能暴露的漏洞,并帮助制定修复计划。 AppSpider 是 Rapid7 的另一个工具,在评估应用程序方面提供了很大的深度。 InsightIDR 和 InsightVM 的集成使 Visier 能够将漏洞数据与各种事件数据源关联起来,从而提供潜在威胁和漏洞的全面视图。
运营影响
Case Study missing?
Start adding your own!
Register with your work email and create a new case study profile for your business.
相关案例.
Case Study
Data Capture for Afghanistan Forces
Electronic equipments on the field of Afghanistan provided information on the status of the vehicle and to identify potential threats surrounding it to the British Force. The monitoring and interpretation of this data requires robust and sophisticated digitization for data capture and communication.
Case Study
Enhancing Security and Compliance in Remitly's Global Money Transfer Service with Fastly
Remitly, an online remittance service, was faced with the challenge of securing its proprietary global transfer network. The company needed a security solution that could meet PCI requirements and protect customers' sensitive transactions through its mobile application. The solution had to be capable of defending against new and emerging attack types without impacting performance. Remitly also had to deal with irregular traffic patterns, such as a sudden spike in account transfers from a small network segment on the Pacific coastline of South America. The company needed to determine in real time whether such traffic indicated an attack or valid requests. A traditional web application firewall (WAF) would not be able to distinguish this traffic, potentially leading to customer frustration if the IP was blacklisted.
.png)
Case Study
Discrete Manufacturing Industries (Fiberglass Pipe)
The implementation of ERP software in a Discrete Manufacturing organization needs to be strategic, irrespective of its size and capacity. The client had already implemented an ERP system which fulfilled their requirements but was not efficient enough. Efficiency here meant Synchronized Planning, Updating and Multisite Planning. Planning at client’s place was done outside the ERP system. Lack of proper synchronization to the ERP system paved way to huge delays in the changes getting updated in the system. These delays caused disruption in achieving delivery schedules. Multisite Planning is a solution to an organization which has multiple production units (may or may not be geographically separated) and thus needs planning across these units to synchronize production activities within them. The client also has multiple factories and hence Production Planning control is very essential in their case. Since Multisite planning was not possible with Baan ERP system, this was another bottleneck for the client.
Case Study
Major Aerospace Company Automates Asset Management
The O&M division of an aerospace and global security company was using spreadsheets to manually track more than 3,000 assets assigned to students and staff. Maintaining audit trails for this high volume of equipment became increasingly time-consuming and challenging. The chore involved knowing precisely what equipment was on hand, what had been issued, its location and the name of the custodial owner of each item. Every aspect of this task was carried owner of each item. Every aspect of this task was carried out by individuals with spreadsheets. Manually documenting the full lifecycle of each asset added to the burden. This included tracking maintenance requirements and records, incidents and damages, repairs, calibrations, depreciation, and end-of-life data.
Case Study
Securing a Large Data Center in the EMEA Region: An IoT Case Study
A leading data-center operator in the EMEA region, with multiple facilities spanning over 25,000 square meters, faced significant security challenges. The operator experienced interruptions in their internal IT network due to unsupervised work of third-party technicians. Despite having a high-end building control system that provided 24x7 monitoring and control to all the building’s infrastructure, the data center was vulnerable from a cyber perspective as it was connected to the IT network infrastructure. The operator launched an urgent OT cyber security project that included both IT-OT network segmentation and OT network asset mapping and anomaly detection. The main objectives were to harden the security of the server systems, secure the facility’s power supply and server cooling system, strengthen the segmentation between building and operational systems, create a visual OT network map, and set up a system for presenting supply-chain attacks that may threaten the data center through equipment vendors’ maintenance activities.
Case Study
Leveraging Graph Technology for Enhanced Cybersecurity: A Case Study on MITRE's CyGraph
MITRE, a federally-funded, not-for-profit company that manages seven national research and development laboratories in the United States, was grappling with the challenge of managing an influx of cybersecurity data. The constant changes in network environments were impacting the security posture of U.S. government agencies. Intrusion alerts, anti-virus warnings, and seemingly benign events like logins, service connections, and file share access were all potentially associated with adversary activity. The cybersecurity researchers at MITRE needed to go beyond rudimentary assessments of security posture and attack response. This required merging isolated data into higher-level knowledge of network-wide attack vulnerabilities and mission readiness. The challenge was not the lack of information, but the ability to assemble disparate pieces of information into an overall analytic picture for situational awareness, optimal courses of action, and maintaining mission readiness. The team also struggled with fully comprehending a given security environment and mapping all known vulnerabilities.
