Rapid7 > Case Studies > Rapid7 Managed Services Help Australian Lender Minimize Risk and Maximize InHouse Resources

Rapid7 Managed Services Help Australian Lender Minimize Risk and Maximize InHouse Resources

Rapid7 Logo
Customer Company Size
Mid-size Company
Region
  • Asia
  • Pacific
Country
  • Australia
  • New Zealand
Product
  • InsightIDR
  • InsightAppSec
  • InsightVM
  • Nexpose
Tech Stack
  • Next-gen AV
  • Web Application Firewalls
  • Next-gen Firewalls
  • Email Security Gateways
Implementation Scale
  • Enterprise-wide Deployment
Impact Metrics
  • Cost Savings
  • Productivity Improvements
  • Customer Satisfaction
  • Digital Expertise
Technology Category
  • Cybersecurity & Privacy - Application Security
  • Cybersecurity & Privacy - Cloud Security
  • Cybersecurity & Privacy - Endpoint Security
  • Cybersecurity & Privacy - Network Security
Applicable Industries
  • Finance & Insurance
Applicable Functions
  • Business Operation
  • Quality Assurance
Use Cases
  • Intrusion Detection Systems
  • Regulatory Compliance Monitoring
  • Remote Asset Management
  • Security Claims Evaluation
About The Customer
With a history that dates back to 1985, Resimac Group is one of Australia’s premier non-bank lenders. Serving 50,000 customers across Australia and New Zealand, the firm has over three decades of experience delivering home finance solutions. Head of IT Operations, Rob Mihalek, and Cybersecurity and Engineering Lead, Brad Smith, work with a small in-house team of three service desk staff and two engineers, plus a handful of contractors. Alongside Rapid7, the firm runs a variety of security tools including next-gen AV, web application firewalls, next-gen firewalls, and email security gateways from industry-leading vendors.
The Challenge
Financial institutions around the world have always been an attractive target for hackers keen to get their hands on sensitive customer data, launch online extortion attacks, and interfere in internal business processes to siphon away funds. Even in the United Kingdom, one of the most mature global financial services markets, breaches reported to the regulator soared by 480% in 2018 according to RPC. As part of its customer offerings, Resimac issues a credit card, which means that it is also bound by strict PCI compliance rules. This puts extra pressure on an in-house security team already tasked with keeping escalating threats at bay. With just a handful of staff, Mihalek and his team manage a footprint of approximately 600 assets for the 300+ employees across Australia, New Zealand, and Manila. Needing extra help to support its PCI compliance program—and drive best practices to improve security across the organization—Mihalek sought the help of an outside managed security services provider back in 2017. The decision was underlined by a security incident the firm suffered, an incident Smith claims would have been picked up by a managed security service if one had been in place. But there were also good financial reasons for outsourcing security, says Mihalek.
The Solution
Using the CIS Top 20 as a benchmarking tool, Mihalek hired a third-party security firm to perform assessments of several providers. They found Rapid7 covered over 80% of their requirements via Rapid7’s portfolio of managed service offerings: Managed Detection and Response (MDR), Managed Vulnerability Management, and Managed AppSec. MDR is Rapid7’s flagship service for around-the-clock threat monitoring, incident management, and response, leveraging Rapid7’s expert threat hunters, SOC analysts, and the InsightIDR cloud SIEM platform. Managed AppSec enables teams to leverage the power of InsightAppSec, Rapid7’s leading DAST solution, and Rapid7 experts to perform scan management, vulnerability validation, and application pen testing. And Managed Vulnerability Management enables customers to leverage their InsightVM or Nexpose investments while saving operational resources. Underpinning each offering is a dedicated security expert, the Customer Advisor (CA), who provides guidance to the Resimac team and ensures the security program continues to mature.
Operational Impact
  • All three managed services run like clockwork, keeping Resimac’s IT systems and data more secure and more compliant at all times. Mihalek and his team check in on their AppSec program and InsightVM around once per month for basic housekeeping, while they consult InsightIDR every day to check the latest breaking alerts.
  • Outsourcing the management of InsightAppSec and InsightVM has significantly reduced the workload for Resimac’s stretched in-house IT team, while also streamlining internal processes.
  • Resimac is using the Managed AppSec service to run scans across five core web applications. According to Smith, the service saves time and resources by whittling down findings from the 600 or 700 vulnerabilities reported it may find per site following a scan to just 20 or 30 validated vulnerabilities that the team need to action on. All that’s left is to work alongside the development team on what to prioritize in their SDLC for the upcoming release.
  • When it comes to the level of engagement with all three managed services, Mihalek and Smith praise the CAs, their single point of contact in the Rapid7 SOC, who can be contacted quickly and easily to solve any issues or escalations. But beyond this, the real strength of the service has been in helping to improve Resimac’s overall security maturity.
  • In this way, Resimac’s CA was able to suggest and quickly roll-out some custom alerts for a new File Integrity Monitoring (FIM) feature in MDR, which were originally developed for another Rapid7 customer, a large law firm.
Quantitative Benefit
  • An initial assessment of the firm’s security posture two years ago revealed a maturity rating of 1.5/5. Today it has risen to between 2.5 and 3.
  • Resimac has been able to accelerate its efforts to deliver this uplift in maturity a year ahead of schedule.

Case Study missing?

Start adding your own!

Register with your work email and create a new case study profile for your business.

Add New Record

Related Case Studies.

Contact us

Let's talk!
* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.