New thinking needed on aged care network security
As health and aged care provision becomes increasingly connected, network visibility is the key to enabling IT teams to see and respond to threats, writes Keith Bromley.
Keith Bromley
A number of key health and aged care areas are becoming more connected, including patient monitoring, asset tracking, electronic health records, and communications.
But if any one of these areas malfunctions, or if a security breach occurs, businesses must have immediate response capabilities.
For example, a Distributed Denial of Service (DDoS) attack, which occurs when multiple compromised systems are used to attack a single target, can prevent people from legitimately accessing a website or it can negatively impact website performance.
IT needs to be equipped to prevent as many outage scenarios as possible, in all areas. In medical emergency and trauma situations, time is of the essence as lives can literally hang in the balance.
Consequently, organisations need to find ways to improve security for their aged care care network. This includes shoring up a multitude of possible intrusion points, including patient electronic health records, patient portals, employees’ own devices, and Wi-Fi.
The 2015 Trustwave Global Security Report stated that 81 per cent of compromised victims did not detect the breach themselves. They had to be told by law enforcement, a supplier or a customer. The report also noted that the median delay from initial intrusion to detection was 86 days.
Creating visibility
The most important way to prevent a delay in discovery is to create a visibility architecture in your network, which integrates into the current security architecture.
A visibility architecture is a coherent plan for optimising a network monitoring solution, which provides four key capabilities:
deployment of inline security tools
optimisation of data for out-of-band security tools
IP address filtering to reduce security threats
application intelligence to detect rogue applications.
The first consideration should be about strengthening the inline security tool deployment. Inline security tools include routers, firewalls and intrusion detection systems. Using a bypass switch or a network packet broker (NPB) lets the organisation increase network uptime while running these critical security tools. NPBs can also be used to optimise the flow of critical data to out-of-band tools, which manage devices connecting to the network. If you suspect a security breach on the network, out-of-band tools will be extremely useful to investigate the threat vector and damage caused.
Secondly, it is important to know whether there is a threat response plan in place, ready to be activated. If not, the organisation must develop one and test it, so it can respond as fast as possible to limit any damage.
The third step is to install an IP address filtering appliance. This is used to eliminate traffic to or from known bad IP addresses.
Finally, organisations should deploy application intelligence, also called intelligent data processing, which is designed to find any rogue applications running on the network.
Application intelligence can identify the types of applications running on the network, the bandwidth each application is consuming, the geolocation of application usage, device types and browsers in use on the network, and the ability to filter data to monitoring tools based on the application type. These capabilities give quick access to information and insight about the network. The organisation doesn’t have to implement these solutions on its own. Working with a trusted security advisor can help the business choose the right solution.
The end goal of improving network visibility is to be able to capture data that will provide insight into network performance. IT teams must be able to see threats to respond to them appropriately. They should also consider where best to start their troubleshooting efforts. These decisions can make the difference between being able to protect the network and being vulnerable to breaches. Network visibility is the key.