For Pioneer Telephone Cooperative, like many organizations in the telecommunications sector, maintaining robust cybersecurity is paramount. The challenge lies in effectively managing an ever-growing landscape of vulnerabilities, particularly with a lean security team. This task is further complicated by the emergence of sophisticated, deeply embedded vulnerabilities such as Log4Shell. As Daniel Hernandez, Information Security Analyst III at Pioneer Telephone Cooperative, explains, “It’s a lot tougher for us to ask our developers and system admins if they use a specific type of sub-component of software because they only know about the top-level software that they purchased. And so, it’s a lot harder to have that visibility, to understand what’s being used under the hood in all these applications.”
To address these intricate cybersecurity challenges, Pioneer Telephone Cooperative has strategically implemented Rapid7’s suite of security solutions, leveraging the NIST Cybersecurity Framework (NIST-CSF) as a benchmark for their security program. “The number one step is to proactively identify the vulnerability,” Hernandez emphasizes. “You’ve got to be able to identify what you’ve got and where you’ve got it. That is where Rapid7 InsightVM helps. The next thing is to detect potential attacks and threats. And detection is where Rapid7 InsightIDR comes into play. Whether it’s happening in real-time or in the past. That’s the biggest step.”
Gaining Critical Visibility and Prioritizing Vulnerabilities with InsightVM
Visibility into their digital environment is crucial for Pioneer Telephone Cooperative’s security strategy. “For me, it’s about identifying the critical assets and workloads. Even though I know I can’t fix 100% of all the vulnerabilities that are out there, just knowing what and where those issues are, and which of those issues impact critical assets and workloads, is the first step to fixing things in the future,” Hernandez explains. Rapid7 InsightVM empowers Pioneer Telephone Cooperative to prioritize and manage vulnerabilities with enhanced efficiency, providing a clear roadmap for addressing the most critical issues first.
For instance, InsightVM plays a vital role in evaluating alerts from sources like CISA (Cybersecurity and Infrastructure Security Agency). Hernandez elaborates, “I see the vulnerabilities and ask: ‘Do we have this stuff?’ That’s where InsightVM comes in, it helps me know what we really have and what we don’t have, so we know which of the vulnerabilities apply to us. That is one of the things we value most about InsightVM; it has the capacity to pinpoint actively-exploited vulnerabilities, so we can prioritize and direct our attention where it’s needed most.” This capability is essential for a cooperative like Pioneer Telephone Cooperative, ensuring resources are focused on mitigating the most immediate and impactful threats.
InsightIDR for Real-Time Threat Detection and Rapid Response
Rapid threat detection is another cornerstone of Pioneer Telephone Cooperative’s cybersecurity posture. “We get alerts within the IDR platform that we do have to work on,” Hernandez notes. “We identify the threat if there is one. Once we’ve identified it, we contact those who are affected by it and go from there on our response. We can decide to isolate the machine, or to wipe it completely. It just depends on what we’re seeing.” Rapid7 InsightIDR provides these critical alerts, enabling Pioneer Telephone Cooperative to respond swiftly and effectively to potential security incidents.
The effectiveness of InsightIDR was notably demonstrated during the widespread SolarWinds attack. “We were one of the original 26 organizations hit by the attack a couple of years ago,” Hernandez recalls. “But we had InsightIDR in place so we knew at that time what those indicators were, so we could go back and look at those indicators in a historical context and tell conclusively from the logs that our data was not exfiltrated.” InsightIDR’s historical logging capabilities proved “priceless” in confirming no further compromise, potentially saving Pioneer Telephone Cooperative significant costs associated with extensive forensic investigations.
Strengthening Application Security and Developer Collaboration with InsightAppSec
Recognizing the importance of securing internally developed applications, Pioneer Telephone Cooperative utilizes Rapid7 InsightAppSec to bridge potential security gaps. “Our primary goal was to look at apps coded by our internal programmers and available to outside users,” Hernandez states. “And I’ll tell you, we found a lot of things that were easy to fix but they could have been really dangerous.” InsightAppSec facilitates a collaborative security approach, fostering better communication between security and development teams.
“A lot of our developers did not have the security background to really understand potential problems. And our security team does not have in-depth developer knowledge,” Hernandez explains. “But all the evidence provided by InsightAppSec gives us real talking points so we can explain the issues that we’re seeing based on evidence provided by InsightAppSec. And then identify the solutions available. This is very helpful.” Regular meetings between the security team and developers, facilitated by InsightAppSec findings, have fostered an ongoing dialogue, moving away from a siloed approach to a more integrated security culture at Pioneer Telephone Cooperative.
The Advantage of an Integrated Security Platform
The integrated nature of Rapid7’s Insight Platform offers significant efficiencies for Pioneer Telephone Cooperative. “Having a single point of contact for support so you don’t have to open up tickets for different vendors saves us a lot of time. Also, we like how InsightVM and InsightIDR communicate with each other so you can identify a detection and see what vulnerabilities are affecting a specific user or asset,” Hernandez highlights.
The unified agent for InsightVM and InsightIDR further streamlines operations, eliminating compatibility concerns and simplifying deployment and maintenance. This single agent also extends security coverage across Pioneer Telephone Cooperative’s infrastructure, including remote field personnel. “We do have a lot of folks out in the field,” Hernandez says. “Having those ties back to the agent, having those agents report over the internet, not having to be connected to the corporate network, that was a huge gain for us.”
A Partnership Approach to Cybersecurity
For Pioneer Telephone Cooperative, cybersecurity is an ongoing journey of continuous improvement. “In cybersecurity, you don’t get to check a box very often. Being able to show progress towards that goal is important. That’s a big value Rapid7 provides us.” Beyond the technology, Hernandez emphasizes the value of the partnership with Rapid7. “The best thing is the partnership and conversations with Rapid7 product managers, and the knowledge that Rapid7 really wants to improve their products and make them useful for customers,” Hernandez concludes. “That’s the first thing that attracted me to Rapid7, and it still does today. That partnership is the number one thing that I’ve really appreciated.” This collaborative approach is crucial for Pioneer Telephone Cooperative as they continue to navigate the evolving cybersecurity landscape and protect their critical infrastructure and customer base.
