Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
INTERVIEW<br />
INSIDE TRACK<br />
INSIDE<br />
INSIDE TRACK<br />
INSIDE TRACK - GETTING TO KNOW THE IT<br />
PROFESSIONALS<br />
RAY SMYTH DISCUSSES MANAGING IT RISK WITH DARREN MCKAY,<br />
IT SERVICE MANAGER WITH NHS PROVIDER F4 IT (FORMERLY<br />
CAREPLUS)<br />
INSIDE TRACK<br />
With NHS security looming large in<br />
newspaper headlines, I asked<br />
Darren how he protects data and<br />
the illusive network boundary. Following a<br />
Wireless technology seminar in 2010 he<br />
realised that, for the majority, the primary<br />
threat focus concerned perimeter defences,<br />
but Darren believes that the biggest threat<br />
exists within the network. He successfully<br />
embarked on a mission to gain ISO/IEC<br />
27001 accreditation: "The process and<br />
accreditation are significant components of<br />
our successful track record."<br />
Darren explains, "Boundary controls using<br />
military grade WatchGuard firewalls and the<br />
UTM suite provide us with confidence. There<br />
is no room for complacency and we know that<br />
Access Lists alone are inadequate; we need to<br />
consider the risk that exists inside networks as<br />
well as that from the outside. Other Public<br />
sector networks, even USB devices move the<br />
boundary inside. These risks, if overlooked,<br />
can create significant outage."<br />
Public sector partners have visibility of the F4<br />
IT data centres, "and potentially pose our<br />
biggest threat because we have no control<br />
over their network, devices or access:<br />
complacency establishes serious risk."<br />
As those affected by WannaCry now know,<br />
updating software is critical. Darren asserts the<br />
importance of centrally distributed software<br />
updates for data centres and clients, along<br />
with endpoint encryption and AV, saying "You<br />
simply cannot overlook the basics."<br />
"Cybercrime is the new big threat. I needed<br />
intelligent tools to provide real-time network<br />
visibility. We deployed Threat Detection and<br />
Response (TDR) from WatchGuard so that we<br />
can fully monitor file and process activity at our<br />
primary and secondary data centres with<br />
holistic visibility and, more importantly, control.<br />
"Using this infrastructure insight we can<br />
review our WatchGuard Cybercon levels and,<br />
using the criteria we set, rely on TDR to<br />
manage risk. 27001 process helps to shape<br />
this activity, and depending on circumstances<br />
TDR can kill a process or quarantine a file as<br />
a precaution. We can then make judgements<br />
with the threat contained and full control,<br />
keeping ahead of emerging threats."<br />
Darren explained that he was reassured<br />
when the NHS targeted WannaCry<br />
ransomware attack failed. In fact, he<br />
identified suspicious network traffic from<br />
connected partner networks, advising them<br />
that they may be under attack. Using<br />
WatchGuard's IPS system, potential threats<br />
were isolated instantly at IP level.<br />
Protection of data, especially patient records<br />
is non-negotiable for Darren: "A compromised<br />
endpoint can be worked around with limited<br />
user impact, but a ransomed data centre may<br />
be unavailable for weeks." Creating a chain of<br />
protection using web filtering to control user<br />
access, intrusion prevention, application<br />
control, plus gateway, endpoint and data<br />
centre AV from different vendors, creates<br />
strength in layers.<br />
"Visibility of low level activity that alone does<br />
not constitute a threat is one thing, coalescing<br />
it into understanding and action, another.<br />
Resulting actions may cause slight impact and<br />
disruption, but compared to that of a<br />
ransomware attack, it is the lesser of two evils."<br />
Technology alone does not protect. It must<br />
be layered, structured, policy-based and<br />
intelligently applied: poor discipline and<br />
comfortable attitudes must be eradicated.<br />
Darren's approach illustrates that an effective,<br />
dependable defence has to be multilayered,<br />
based on good housekeeping with the basics<br />
in place and underpinned by intelligence<br />
gathering to establish full network control. A<br />
mindset that is confident, not complacent,<br />
firm but not inflexible and realistic is essential.<br />
Darren is clear, "Hard decisions need to be<br />
taken to maintain service and prioritise<br />
limited resource."<br />
"ISO 27001 is critical. It reassures employees,<br />
clients and suppliers by shining a light into the<br />
darkest corners of the network. Because it is<br />
based on a cycle of continual improvement<br />
and review it creates confidence and peace of<br />
mind. We will not compromise on security or<br />
safety of data for any reason." NC<br />
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards<br />
JULY/AUGUST 2017 NETWORKcomputing 29