Amedisys Sees Immediate Value, ROI with Rapid7 InsightIDR

挑战 

We have a unique experience in the security team in that most of our user base is clinicians. 他们是医学专家. We need to provide them the most seamless 和 secure experience they can, because they're providing care to people in their homes. We can't impact their usability 和 whenever they're in a patient's home. So really securing our patients’ data, 还有我们的员工数据, is the unique challenge that we have every single day.

解决方案

What really drew us to Rapid7 for a SIEM platform—耐多药 和 IDR both—was the immediate return on investment we could have. Whenever pairing that with InsightVM 和 deploying the agent, the return was evident immediately. We were able to see things occurring in our environment that we hadn't seen in years. So for us, setting up event sources 和 deploying InsightIDR was relatively easy. Within a week we had more event sources 和 more data flowing in than we could have imagined. We currently ingest more in three days than we did in three to four months previous in our traditional SIEM model.

的 用户行为分析 function within IDR has been a lot of help. It's baked into the product 和 it's aggregating that data, so I'm able to quickly click on a user 和 see what types of alerts they've generated, whether that be ingress from multiple countries within a limited period of time or brute-force attempts on that user. I'm able to easily transition from user to alert to specific logs if I need, 和 gather more data really in a seamless experience.

的 other side where InsightIDR, I believe helps us a lot is that they say hackers don't break in, 他们只是登录. 恒等式是周长. So having that UBA functionality within IDR allows us to see whenever there are outliers. It baselines our users for us 和 provides us outliers really easily using IDR. Really all of the Rapid7 products, you can really tell that they've put a focus on user experience. Whenever you log into IDR, it's simple. 它映射到杀伤链. It allows me to prioritize that. That visualization just makes my job a lot easier.

What was really attractive for the IDR pricing model was the asset-based pricing 和 not the data ingestion rate. A lot of SIEMs out there today charge per ingestion or, 和 they may or may not charge per storage as well. 的 耐多药 和 the IDR model really allowed us to put as much data as we could into it 和 then see what value we can get out of it.

And that value was evident from day one. 你知道, 我想说, do you want to spend time building a watch or do you want to know what time it is? And the traditional SIEM model, you're building a lot. You're maintaining a watch 和 trust me, it breaks often. And the InsightIDR version or the InsightIDR spin on the SIEM model, you know what time it is. I don't spend time every day maintaining a traditional SIEM. I just come into work 和 I know what time it is 和 I'm able to take action.