马克西姆斯 Increases Compliance 和 Reduces Risk Across All Public Clouds With Rapid7 云安全

The Difficulty of Enforcing St和ards Across An Enterprise

马克西姆斯 has two models for 支持ing its hundreds of AWS 和 Azure  projects:

• The first is the shared services model, where projects rely on IT organizations to build, 支持, 和 maintain their infrastructure, 操作系统, 和应用程序. 
• In the second, the project team practices self-service DevOps. They own the process of building, deploying, maintaining, 和 支持ing the product, end to end.

马克西姆斯’ security architecture team, which reports directly to the  独联体O, identifies the cloud st和ards. “Our goal is to ensure that our st和ards are being followed 和 environments, 账户, 资源是兼容的,Jon Powers说道。, Senior 经理 of Security Architecture. But enforcing st和ards across the entire enterprise with hundreds of AWS 账户 和 Azure subscriptions 和 different 支持 models was very challenging.

Bridgeman’s CCoE team operates within the Office of the CIO. It is responsible for enforcing all written compliance 和 security st和ards in an automated way to enable the project teams to move securely with speed. They have implemented 和 enforced their internal security st和ards 和 st和ards from industry frameworks like NIST 800-53, 独联体, 和AWS基础知识.

“Written st和ards are difficult to consume when you need to build AWS 和 Azure infrastructure resources quickly, with different tools 和 automation across the enterprise,布里奇曼解释道. “We were trying to do it through AWS native tooling, primarily AWS Config, but it had limitations. 和 it didn’t allow us to enforce auto-remediation the way we can take action with InsightCloudSec today.”

Robust Functionality 和 Ease-of-Use: An Unbeatable Combination

As Bridgeman explains, 马克西姆斯 didn’t want to build their own solution. They chose Rapid7 because it provided all the functionality they required, including:

• Consolidated visibility of active cloud resources running across multi-cloud environments consisting of AWS 和 Azure.
• Continuous monitoring 和 assessment of compliance against customized organizational security st和ards 
• Real-time detections of compliance state changes resulting from new builds 和 configuration changes that make existing resources non-compliant within minutes of a change occurring.
• The ability to both manually 和 automatically enforce compliance 和 update configurations 和 access permissions of non-compliant resources.

Ultimately, Bridgeman cites ease-of-use as the deciding factor in selecting Rapid7 InsightCloudSec. “Not only can Rapid7’s cloud solution easily scale, but Rapid7’s GUI means that less experienced technical 支持 folks can navigate it. 和 the ability of InsightCloudSec to integrate with Splunk allows us to enrich our data 和 display it in consumable dashboards for Security, IT, 项目所有者.”

结果

Rapid7 has had a positive impact on 马克西姆斯’ security environment. It’s unified their security st和ards in a consistent way, across all AWS 和 Azure 账户. 马克西姆斯 has already begun using auto-remediation bots where needed (where remediation steps weren’t being taken by the account owner themselves). 和, Bridgeman says that Rapid7 has provided them a more holistic view of what their compliance looks like—across their entire footprint. 

Today, 马克西姆斯’ Amazon Web 服务 (Corporate Master Payer Account) is:

• Monitoring 44,000+ different AWS resources
• Monitoring 100,000K+ Microsoft Azure resources with 80+ Insights
• Has 30+ insights/bots monitoring their environment with automated remediation abilities
• Corrected 550+ findings in first 2 weeks after implementing InsightCloudSec

Reliable Data Increases Compliance

“Perhaps the most important success story is the simple fact that with Rapid7 we now have a tool that we can trust,布里奇曼说. “We trust the data that InsightCloudSec is providing. That confidence has in turn given the account owners across 马克西姆斯 和 our different business divisions more confidence in the recommendations that we’re presenting them. One of the problems we had before is it was always, ‘Oh, it’s a false positive. 继续前进.但是现在, we’re actually able to provide a bit more data around the findings, 这是真的, 真的很有帮助.”

“Rapid7 has definitely decreased our risk 和 brought us to a much more consistent state where everybody is working from the same page 和 are very aware of the st和ards. They have visibility into it. They know that InsightCloudSec is monitoring compliance,” concludes Bridgeman.

Not only has the total compliance score under their Corporate Master Payer Account improved, but guardrails are now enforced through automation, reducing the volume of non-compliant resources. 资源 which are built in a non-compliant way are automatically remediated, 禁用, 删除, 或标记. 

“We now have people building more compliant resources. 和,they’re taking action on the non-compliant resources much quicker because they’re getting alerted 和 notified. We have much better visibility into the environments, 和 we can now pass that up the ladder to our executive leadership. 

Bottom Line: Security Elevates the Customer Experience

最大的收获? Perhaps that the security posture of 马克西姆斯 aligns with the firm’s strategic growth pillars–elevating the customer experience. 换句话说, they’re achieving higher satisfaction levels, 表演, 和 outcomes through intelligent automation 和 cognitive computing.