CDM-CYBER-DEFENSE-eMAGAZINE-March-2019
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Better, Faster, Cheaper: Changing the Economics of<br />
Responding to Cyber Attacks in the Healthcare Sector<br />
By John Attala, Director, North America, Endace<br />
The healthcare sector has been and continues to be under attack. As long as malicious criminals<br />
and hackers have the upper hand in agility, healthcare organizations, frequently under-resourced,<br />
face a never-ending struggle to defend themselves and their data.<br />
Hardware appliances constitute the majority of security solutions required to defend healthcare<br />
companies from cyber-attacks. They are expensive to buy and maintain—and can become<br />
obsolete before being fully depreciated. The result is that NetOps and SecOps teams are<br />
habitually stuck with outdated security solutions during what is often a time-intensive upgrade or<br />
replacement process. Getting approval, raising budget, evaluating vendors, running proof-ofconcept<br />
tests, deploying and configuring new solutions can often take months or years. Cyber<br />
thieves don’t have the same constraints, often using their victims’ own infrastructure to attack<br />
them.<br />
For a healthcare organization to be truly agile and able to respond more quickly and more<br />
effectively to attacks, it must be able to move beyond hardware-based security solutions. A<br />
common platform that allows security analytics solutions to be deployed as virtualized applications<br />
removes dependence on specific hardware and allows agile deployment of new functionality as<br />
needs evolve.<br />
Virtualizing security functions has the potential to deliver the same benefits that virtualization has<br />
delivered in the data center, removing the overhead of managing huge numbers of individual,<br />
hardware-based servers and making deployment inexpensive, fast, and relatively easy.<br />
Healthcare security teams face another challenge: the challenge of dealing with a flood of security<br />
alerts that their security tools raise. The sheer number of security alerts, and the time it takes to<br />
triage, prioritize and investigate each alert is overwhelming. Research from McAfee states that<br />
93% organizations can’t adequately triage relevant threats and are unable to sufficiently<br />
investigate 23% of the alerts that are raised.<br />
The fact is, investigations simply take too long. Traditional investigation methods involve a slow,<br />
cumbersome, and often inconclusive, process of collecting and collating evidence from multiple