Control 1: Gain Visibility with a Flow Traffic Analyzer
A flow traffic analyzer is a visibility tool capable of reporting normal network traffic flow data for all peripheral devices, along with anomaly detection against known good baselines. Not only do flows provide a convenient unit for traffic measurement, most popular security information and event management solutions accept flows to augment detection capabilities. Capturing contextual data, such as traffic volume, port origination and destination, network path and quality of service — along with who generated what data and when — provides useful information for effective treatment of traffic through policy.
Consequently, an effective access policy strategy includes the analysis and classification of data flow into manageable subsets across local, regional and global scopes. Traditional network detection response platforms and Internet of Medical Things tools can serve this role.
Control 2: Get a Boost with Next-Generation Firewalls
While these devices require signatures to block malicious traffic, they are an essential component for application visibility and blocking. Next-generation intrusion detection and intrusion prevention systems provide additional capabilities to manage application, identity and behavior.
Newer firewalls can collect additional traffic information outside of normal IPSec parameters — such as device tags, OS and current logged-in user — to enhance policy enforcement. Additionally, a next-generation firewall can provide east-west protection for selective unmanaged segments by forcing all traffic, ingress and egress, through a comprehensive access policy.
READ MORE: How to avoid the five most common security monitoring mistakes made in healthcare.
Control 3: Deploy a Network Access Control Solution
A network access control solution provides the foundation for software-defined access and network segmentation. The platform operates as a traffic controller that recognizes and profiles users and devices into assumed roles and dynamically assigns predefined or on-demand access policies, thereby controlling traffic behavior.
By enforcing rule-based restrictions, the platform prevents cross-contamination of critical network components by unsecured endpoints. For example, NAC can force an endpoint into a specific virtual LAN, provide remediation access for managed but noncompliant endpoints and provide an easy blacklist capability for a security orchestration tool.
Control 4: Rely on an Orchestration Tool
In keeping with all things pertaining to visibility, imagine an orchestration tool capable of streamlining the repetitive process of publishing a new app into your network and coordinating all activities that lead to access provisioning as well as security monitoring.
Security orchestration tools are usually deployed to automate security processes for first-line defense in case of a cyberattack, which is a worthwhile pursuit. Nevertheless, connecting disparate systems and tools to automate repetitive processes should address all areas of visibility, including incident response.
EXPLORE: What is managed detection and response, and how does it benefit health systems?
Control 5: Don’t Skip Out on an Auditing Tool
While this function could potentially exist in other management platforms, such as your next-gen firewall management platform, the goal is to audit all IT assets and policies to alert on security concerns and stop security breaches. Consider an audit tool that can perform asset discovery and software inventories as well as vulnerability assessments and penetration testing.
Control 6: Include an Agent-Based Endpoint Security Solution
Don’t forget an agent-based endpoint security solution, preferably a multipurpose lightweight agent with firewall, inspection, alerting and reporting, data leakage protection, and advanced detection and response capabilities. Endpoint protection is not only essential but also one of the best investments in your toolset, a reporting tool that provides full visibility and enforcement before traffic enters the network.
DISCOVER: How MDR services are helping healthcare organizations ‘sleep peacefully at night.’
Why Do Healthcare Organizations Need These Controls?
Network monitoring is essential to security. Yet, some organizations may feel like there are immense barriers to it, such as lack of budget, lack of in-house skill or concerns about having to replace an entire program or toolset after a significant investment has already been made or time spent on the solution.
Naming the necessary controls in detail will hopefully help guide healthcare organizations and instill confidence as they work toward a more robust security approach. Consider the benefits of improved security:
- Increased network visibility
- All east-west network traffic inspected
- Significantly reduced movement of malicious bots and threat actors
- Increased protection for apps and data
- Better compliance with regulatory requirements and audit controls
- The potential for lower cyber insurance premiums or increased coverage
- Application performance monitoring
- Dependency mapping and capacity planning
With these controls in place, healthcare organizations can strengthen their security posture and limit disruptions to the important delivery of care.
This article is part of HealthTech’s MonITor blog series.