Published on March 4th, 2021 📆 | 7734 Views ⚑0
Armis Use Cases for Healthcare, Part 1: The Importance of Device and Asset Visibility
As a former healthcare CISO, I have seen organizations use a variety of connected assets and devices that are critical not only in the care delivery / clinical decision support process but also used to provide much-needed patient engagement and satisfaction. These devices are known collectively in the industry as the Internet of Medical Things (IoMT). Analytics and data produced by this ecosystem are incredibly valuable, but it’s exposed to the same cybersecurity threats that affect any existing IT infrastructure that connects to organizations intranet or the Internet itself.
As we usher into 2021, I have seen healthcare organizations adapt by accepting and implementing 8 – 10 years of innovation in a span of 8 – 10 months. That innovation was not only in areas of remote care and telemedicine, it was also in the use of automation technologies to help remote workers, improve logistics, tie consumer devices with enterprise workflows. This has compounded the device visibility problem by creating a complex ecosystem of legacy devices, hybrid IT systems, cloud-integrated consumer health devices, all of which are in a constant state of flux related to their operating system versions, firmware, and software updates.
This is where we begin. Using existing security frameworks for IT and security, we can extend visibility not only to IoMT but to the ecosystem that maps the devices to “the patient journey.” The breadth of coverage, in this case, is as important as understanding the nuances of specialized medical devices. This allows for effective threat modeling which underpins the design of an effective security strategy.
In the world of healthcare today, I have seen nanotechnology, smart implantables, and augmented reality-based procedures coexist with legacy devices like integrated infusion pumps and dialysis machines. When you factor in other technologies like smart building automation, robotics, and supply chain systems, a list of challenges can be articulated for which the visibility process is key in addressing:
Correlating device configuration and vulnerabilities with operating risk
Mapping utilization with data from a security risk to prioritize incident response actions
Identifying areas for improvements in clinical quality and risk
Increasing data confidence for IT governance will help improve operational tasks (e.g. patch management, inventory, etc) which result in operational cost savings.
Qualitative and quantitative improvements in analytics for compliance reporting
Armis provides healthcare IT and Operations professionals with solutions that help address these challenges. Let’s take a closer look at these to better understand how they create a more secure environment for healthcare organizations:
A key friction point is balancing approaches as it pertains to managed vs unmanaged devices. To help reduce that, Armis uses an automated approach that discovers every connected device in an environment. This includes managed, unmanaged, medical and IT, wired and wireless, and everything both on and off the organization’s network. This approach helps baseline the onslaught of new/unknown devices and helps categorize them in alignment with the appropriate clinical care or support function.
For healthcare organizations, this means that in addition to employees’ smartphones, tablets, and printers, it can discover security cameras, temperature control systems, and even kiosks that are used in a clinical environment. Details such as manufacturer, model, operating system, serial number, and a wide range of identifying data points are also included.
In addition, Armis also delivers activity and behavioral data. This gives IT and security teams information like DNS queries, TCP sessions, HTTP requests, as well as device utilization, and application usage. This information can be used to secure medical devices, as it identifies the different services and systems these devices communicate with to segment the network or identify all devices that do not have endpoint protection software deployed. The data is then analyzed against activity from hundreds of millions of device behaviors in the Armis Device Knowledgebase to determine what may be anomalous. A device behavioral profile is then created which IT teams are able to use for operational tasks to maintain a secure, compliant environment.
Device Location and Usage
In addition to discovery, the Armis platform ingests data about how devices are being used, where they’re being used, and who is accessing them. These insights give IT leaders the ability to plan maintenance, schedule downtimes, increase or downsize inventory, upgrade systems, or migrate to new systems as needed.
With this information, device downtime is reduced and scheduling of medical equipment can be done efficiently based on usage patterns. For healthcare delivery organizations, these benefits translate into both cost savings and improved care delivery. Visibility from the Armis platform ensures optimal uptime and operations of critical medical devices and enables the following:
Compare usage across facilities for better equipment distribution
Identify offline devices and bring them back into service
Identify where end-of-life medical devices are still being used
Identify recalled devices and schedule maintenance windows
Make better-informed purchasing decisions
Improve operating costs by avoiding purchasing additional inventory to replace “lost” items
Airspace Device Discovery and Risk Management
From a security operations perspective, asset identification often occurs through scanning tools that only detect physical or logical network-level telemetry. This isn’t enough to keep devices secure, as attacks can be obfuscated,, and relying only on the physical or logical network data can lead to blind spots as intrusion points to an organization’s network and resources.
Armis can identify everything within the entirety of the organizational environment, including devices in the airspace that use WiFi, Bluetooth, and any other types of peer-to-peer connection (e.g Zigbee) points that might evade older security tools. This is especially helpful in mapping devices to the care continuum and utilization/location mapping to support that effort.
Rogue / Third-Party Device Discovery
Armis also detects devices that are impersonating legitimate assets and get access through an existing network access control (NAC) system. Applying Armis’ innovation in behavioral analytics, the efficacy of the NAC strategy can be extended to identify advanced evasion techniques. This capability, additionally, helps to secure unmanaged third-party devices such as those used by patients, visitors, and staff who are connecting to a guest network. This can be used to support patient and family support use cases. (eg. securing tablets for patient communication, game consoles for kids, smart TV inpatient rooms for long-term patients, etc.)
Continuous visibility, context, and alignment of security analytics to enterprise risk is the beacon to which we need to move to improve how we view device and asset management. This helps improve the confidence of the data that powers most of the “information security decision support” as well as provide much-needed context to help healthcare organizations align their processes to help continuity of care, manage effective security and improve the the allocation of operating spend. Be sure to look out for my next blog in this series, where I’ll highlight how to effectively manage device risk based on high confidence device and asset data.
If you’d like to see a short demo of how the Armis platform can help you address your Medical Device Security, please click here.
originally appeared on Source link