Domestic & General Works With Rapid7 to Operationalize Cybersecurity

About Domestic & General

Domestic & General is a leading provider of subscription-based home appliance care, providing protection, 维修和支持范围广泛的国内产品和消费电子产品. Built on one of the world’s most advanced global warranty platforms, D&在客户最需要的时候,G将客户与设备工程师联系起来.

With nearly 3,000 employees across 11 international markets, including Spain, Germany, France, Portugal, Italy, the USA and Australia, D&G为近2300万家电提供服务,为约1600万客户提供支持.

The Challenge

Domestic and General是一家拥有110年历史的企业,积累了多年来不断发展的系统和数十个IT流程. 随着该公司的全球扩张和数字化,他们的攻击面也在不断扩大. 混合的异构环境在增加网络风险方面带来了额外的挑战. 

D&G’s Chief Information Officer, 菲尔意识到,他需要加强公司的网络保护,并授权企业承担自己的网络风险. But D&在混合环境中,G缺少一个现代组织需要确保其在识别风险和威胁方面得到充分保护的平台, at scale and with context. “我们需要一套现代化的技术,这些技术将为我们提供可观察性和主动能力,” states Phil.

The Solution

Phil looked for a cybersecurity partner that would enable D&G to operationalize cybersecurity; to ensure that the department and person in the best position to manage the risk, had visibility into the risk and the tools to address it. “Based on the sheer volume of data, tooling, and accountabilities that were being distributed back into the business, we knew that we needed an advanced, easy-to-use platform to help orchestrate that.”

国内和通用选择Rapid7的平台与InsightVM进行漏洞风险管理, InsightCloudSec, cloud risk and compliance solution, InsightAppSec for application security, and Threat Command by Rapid7 to manage external threats. Plus, 为了补充他们的安全团队,国内和通用选择了快速的管理检测和响应服务. “When we deployed the Rapid7 platform, it gave us a whole load of insights that we didn’t have before.”

Rapid7’s orchestration capabilities are unmatched. Rapid7让我们能够看到更动态的状态,因为云是动态的. So, 因为MDR SOC能够观察到真正发生的事情,所以可以更好地管理更多风险.
Phil, Chief Information Officer

Comprehensive and Easy-to-Use

“We identified a number of different tools that would help protect endpoints, the perimeter, and our end-users. 但是我们所需要的,也是我们所不知道的是如何将所有这些整合在一起,” recalled Phil. “We looked for a toolset that would bring that together in an intelligent way. And that’s where the Rapid7 Platform came on our radar.”

“The ease-of-use and strength of the Rapid7 Platform is significant. 它提供了一个全面的、集成的解决方案和一套用户友好的工具,”他解释说.

“Digesting complicated, fast-moving data is easier. And that’s really important in this world. If stuff is happening, 快速消化大量数据集并找出真实数据的能力至关重要. Rapid7 stood out on that front.”

Expanding Visibility and Ownership of Risk Beyond IT

Rapid7平台使Phil和他的团队能够分配任务的所有权, actions, and risks to different team members within the organization. As a result, Phil正在将网络安全从技术领域转移出来,使其成为业务流程的核心部分. It is helping improve resilience across the company.

例如,菲尔指出,犯罪分子创建假冒网站是多么容易. There’s literally hundreds with derivatives of the D&G name. 最适合决定如何处理这些网站的团队是我们的品牌团队. Do they want those websites taken down or those domains registered to D&G or deleted from the internet register? It’s not a security or a technology decision. But historically at D&G, the brand team has not been empowered to own this; that fell to the Information Security team to manage.

Phil, Chief Information Officer

Now, states Phil, “ the person best suited to manage the risk, will own the risk from a cyber perspective. 而且,有了Rapid7平台,这些团队不需要成为网络安全专家. This massively increases the velocity, the productivity of the team. So, 这绝对是一个成本节约,因为不需要建造大量盯着显示器的身体.”

Phil补充说,他从业务团队那里得到了很多关于Rapid7平台的赞扬,因为它能够以一种易于使用和理解的方式接收和呈现大量数据. ”People are telling us, Wow, this is great. I never had this way of looking at and managing risk before. I’m more than happy to own it. It’s definitely part of our job.” 

A “Massive” Increase in Productivity

Another winning aspect; the ephemeral single pane of glass. With the Rapid7 platform D&G有一个中央窗格,用于查看所有功能中的风险所在, and to make sure each function is mitigating those risks. “From my perspective as the CIO, Rapid7提供了一个平台,该平台将信息安全的能力放大为一个核心功能,使人们对风险有更多的了解,” Phil notes. 

此外,菲尔说,单窗格“大大”提高了D的生产力&G team by bringing contextual data to the severity of an issue. “它要么是高警报,要么是中等警报,该工具会迅速告诉你需要查看的地方. And so far, it’s been spot on. We’ve not had any false positives that have given us any concern.”

“And, Rapid7’s orchestration capabilities are unmatched,” continues Phil. “Rapid7让我们看到一个更动态的状态,因为云是更动态的. So, 因为MDR SOC能够观察到真正发生的事情,所以可以更好地管理更多风险.” 

New Data, Greater Insights

D&G soon learned that with Rapid7, they gained insights from new sets of data, 并将这些数据转换为商业利益相关者能够理解和采取行动的方式. ”Our appetite for metrics hasn’t changed, 但是我们交付上下文来支持指标的能力在Rapid7中发生了重大变化. It’s been modernized. 与六个月前的情况相比,这是天壤之别,我认为在接下来的六个月里,这种情况还会加速,” notes Phil. 

D&G always tracked some of the technical metrics, such as the number of DdoS attacks, phishing and malware emails. And Phil notes that in the past, those metrics, which are quite technical, 是否相对容易,因为你可以进入工具并找到那些指标. “但Rapid7 SOC提供了更全面的风险视图,使我们能够将围绕品牌的指标带入门户网站, reputational management, and spoof domains. 这使我们能够了解企业面临的整体网络风险.” 


Continuing the Journey with Rapid7

D&G has achieved a lot with Rapid7, 菲尔说,他们的公司仍在朝着他们设想的安全姿态前进. 菲尔补充说,Rapid7路线图是他们进入2023年所依赖的东西. “Rapid7建立业务的方式使像我们这样的公司能够实施网络风险管理,提高企业的弹性,这让我们相信这是一个非常令人兴奋的平台,它将会取得成功.”

Six products, one platform, no compromises. The Insight Platform is your single pane of glass security solution.