Permanent Partners: How a Lean In-House Team Created a Mature Security Program with Rapid7

After nearly two decades at Phibro Animal Health Corporation (NASDAQ: PAHC), Edward Chang has seen it all.

He joined the company at the help desk and has grown alongside it—through acquisitions, an IPO, and sustained double-digit global growth. He remembers wrestling with a scattered toolset and the impossible task of staying proactive with limited in-house resources. “We were firefighting,” says Edward of the early days.

Today, as Senior Manager of Cybersecurity and Compliance, Edward leads a small but mighty team. The company operates in the United States, Israel, Brazil, Ireland and other international locales with 2,300 employees. It supports the world’s growing demand for healthy animal protein. Last year, it exceeded $1 billion in sales.

Phibro’s massive IT estate is now monitored 24x7x365. “Technology and threats are advancing so quickly,” Edward says. “You need someone that can cover you around the clock.”

Searching for an effective partnership, not a vendor

Phibro Animal Health Corporation launched a global RFP process to evaluate platform security providers with a focus on Managed Detection and Response (MDR). Rapid7 stood out as the top provider, with deep expertise and a global SOC network that follows the sun. “Global coverage was key,” says Edward. “But even more important was the mindset—it was a real partnership, not just a transaction.”

Rapid7’s Managed Detection and Response (MDR) service became the cornerstone of Phibro’s security transformation. It delivers a comprehensive defense-in-depth strategy by leveraging both native telemetry and third-party alerts to ensure unmatched visibility and contextual detection. With unlimited data ingestion, always-on incident response, and continuous global coverage, Phibro gained the confidence of knowing they’re protected at all times—without worrying about limits or hidden costs. For Edward's team, the biggest game-changer was Rapid7’s ability to unify risk and threat coverage across the attack surface, turning siloed signals into a single, expert-driven security narrative.

“The signal comes through loud and clear.”

Storytime: a Sunday morning surprise during implementation

At 7:00am, Edward Chang’s phone rang with a notification from the Rapid7 SOC. A penetration test triggered an immediate response—during implementation, before Phibro’s internal team even knew it had started. Hey, there’s someone trying to take control of things on this computer, he’s told. It’s breach-like.”

Edward called the location and asked if they were doing penetration testing. “They're like, yeah, you got me.”

Getting value as you deploy a solution is rare. But not with Rapid7 and its knowledge that in cybersecurity, there is no such thing as being done. “It's not just about buying a tool. Set it and forget it,” Edward says. “It is really constantly improving.”

From reactive to risk-aware: Exposure Command elevates MDR at Phibro

For Edward and the team at Phibro, Rapid7’s value goes beyond chasing vulnerabilities – it’s about making smarter, faster, more confident decisions for mitigating risk and remediating every exposure. By integrating Rapid7 Exposure Command alongside their MDR program, Phibro now operates with full, continuous visibility of all assets across their environment and a real-time understanding of their most exploitable risks. This risk-aware context enables the team to proactively reduce exposures and empowers the Rapid7 SOC to quickly and efficiently respond to threats.

“Rapid7 brings everything together,” Edward says. “We can prioritize based on risk, respond faster, and focus on the bigger picture.”

The result: two teams collaborating on one mission

With 24/7 monitoring, real-time insights, and a true partnership in place, Phibro’s security team can finally focus on high-value work. “I sleep better now,” Edward says. “Rapid7 doesn’t just light up alerts—they follow through. They escalate, validate, and stay with you until resolution.”

As Phibro explores new technologies like generative AI and remote access tooling, it’s leaning on Rapid7 to help secure every new frontier. “Security is a continuous process—not a one-time fix. Rapid7 gets that,” says Edward. “They’re evolving with us.”

And one of the most powerful differentiators? The people behind the platform. “Rapid7’s team isn’t just smart—they care. Whether it’s onboarding, tuning detections, or just picking up the phone, they’re always there.”

You succeed, we succeed. Rapid7’s there for that.