Manufacturer Hypertherm Stays in Motion with Rapid7 Solutions

Challenge

James Thompson, Information Security Manager at Hypertherm, 依赖于安全解决方案，使操作和技术在其组织的环境中平稳安全地运行. 负责整个资产范围，包括操作技术, IoT devices, and Hypertherm's own proprietary software, 詹姆斯寻找了一个单一的窗格，以便看到制造业的“狂野西部”.

Solution

Rapid7 InsightVM was the ideal solution for identifying, assessing, 并且在没有与其他工具相关的停机时间的情况下修复风险. Hypertherm’s partnership with Rapid7 led to the adoption of InsightAppSec， Rapid7领先的动态应用安全测试(DAST)解决方案.

Highlights include:

• “对于一个真正成熟的漏洞扫描管理程序，我们开始评估Tenable.io and Rapid7's InsightVM... 当我们在演示InsightVM时，我们发现我们可以创建一种动态黑名单. 这样我就可以制定我的扫描计划，而不会有使打印机下线的风险, and that was a big deal for manufacturing."
• "AppSpider* empowered the developers to help themselves. 将这个工具构建到我们的web应用程序中，可以帮助我更好地理解边缘的暴露... It also empowers those developers to improve their product, to test their product, and with AppSpider, they can test on the fly."
• “[Rapid7帮助]最终构建一个完整的解决方案，并围绕产品可以提供的相关性进行编程... 客户成功经理真的在帮我描绘这幅图景."

 * Rapid7 AppSpider背后的行业领先的DAST引擎现在是Rapid7 InsightAppSec.

Video Transcript

My name is James Thompson. I'm the information security manager for Hypertherm. 我们是金属切割解决方案提供商，所以考虑高压水，等离子体，激光. 所以你会发现我们在造船厂，石油，管道工作，或者是开卡丁车的家庭爱好者.

The manufacturing environment is challenging. I like to call it the Wild West. 我们没有金融行业或健康行业可能有的很多监管. So, much of our security isn't forced upon us, we choose where that balance may be, for better or for worse.

所以，谈到我们的环境和我们环境的结构，非常流动. Very mobile workforce, especially with IoT. So, many of our associates, as we like to call them, 他们有笔记本电脑，我们的人口中有很高比例是工程师. 因此，高性能的CAD工作站，高度虚拟化的基础设施.

And a lot of manufacturing has old legacy machines. 所以我可能有一台价值百万美元的机器在生产车间里，它还在生产零件, delivering value, but it's running on XP or XP Embedded, or something that's becoming very difficult to secure.

So having been able to build on the awareness, 构建一个真正成熟的漏洞扫描管理程序的业务案例, we started to evaluate Tenable.io and Rapid7's InsightVM.

We were trying to find a way, we were manually managing a blacklist of IPs for our printers, 不同的生产单元总是在组织中移动, someone will move a printer to a new IP range, and I might not know until I knock production back offline. 所以不管我说什么你真的需要告诉我你什么时候搬这些东西, the reality is I'm a pain point for the business.

当我们在演示InsightVM时，我们发现我们可以创建一种动态黑名单. 这样我就可以制定我的扫描计划，而不会有使打印机下线的风险, and that was a big deal for manufacturing. Certainly for us.

就我们现在利用的功能而言，这些功能对我们来说非常重要, there's really two I would highlight. One is the dashboards. 内置的仪表板允许我退后一步，让我的经理, or my higher level C suite executives to see that, 问问题，而不需要我深入创建这些自定义报告. Always regenerate a report, tweak it with every question.

他们可以实时查看正在发生的事情的实时快照. So when there's a new vulnerability they're like I said, "James, I saw this in the news, BlueKeep for example, how are we doing? What's our footprint? What's our exposure?“他们可以直接跳进去，看到WannaCry和里面的各种CryptoLocker. There's two or three assets. Should I be concerned? What are we doing about it?

我们使用的另一个重要部分是DHCP扫描.

所以当一个新设备被插入网络并且以某种方式绕过了我们的外围防御系统, when it pulls that DHCP address, it scans at that point in time. 或者我们会设置如果在过去两周内扫描过, it won't, because that's a known device plugging in and pulling DHCP.

所以我们可以看到连接到网络的非法设备, 让我有能力自信地说，如果这是在网络上, I am aware of it.

我们正在利用Atlassian Jira在InsightVM平台内进行票务. 对我们来说真正的好处是我不再是交警了. Looking at the various vulnerabilities, how critical they were or weren't, 做出一个非常主观的决定，我们是否需要将这些提升到商业层面? 我现在有了一种更可量化的方法，可以自动创建一张票, that goes into a workflow, that gets assigned to someone for mediation. And that orchestration saves an awful lot of time, really.

我们一直都意识到我们的应用程序扫描存在漏洞. 无论是网络应用程序，还是我们自己开发的销售软件.

It was a new space for us. We were struggling to understand how to fill the space, so really our relationship, as it grew through InsightVM, we started asking questions, what more can Rapid7 do for us?

I need to leverage a tool that can come back and say, "You might have a sequel injection opportunity here, you might have poor authentication methodologies." So AppSpider empowered the developers to help themselves.

将这个工具构建到我们的web应用程序中，可以帮助我更好地理解边缘的暴露. 所以现在我可以更好地向管理团队介绍我们的工作情况. 但它也赋予了这些开发人员改进产品的权力, to test their product, and with AppSpider, they can test on the fly. So they'll point out their dev instance, they'll make a change, they'll run it, go, "Ooh, there could be SQL injection.他们会做出调整，在那里运行它，然后说，“这可以工作”，然后发布它. So they're able to really make very fast agile adjustments.

这只是每周与Rapid7的互动，看看我们做得如何? What we are doing? Do we need to invest more here? I have an acquisition coming here I need the plan for, 然后再进一步考虑如何引入IDR, partner that with MDR. Can I automate more with the connect platform? 最终，围绕产品所能提供的相关性构建一个完整的解决方案和程序. Rather than me doing a best-in-breed here, a best-in-breed here, a best-in-breed here, 有三块不同的玻璃，我必须把它们绑在一起.

And so the coaches, I'll call them coaches, 客户成功经理真的在帮我描绘这幅图景. 所以我晚上可以睡觉，出去玩，玩得开心，而不用担心时区里发生了什么. The 12 hours off from me working.