defending healthcare networks with netflow
DESCRIPTION
TRANSCRIPT
Defending Health Care Networks with NetFlow
Jeffrey M. Wells, CCIE, CISSP
Director of Business Development
© 2013 Lancope, Inc. All rights reserved. 1
• Rapidly changing technology and pressure for adoption.
• Expensive stationary and mobile devices.
• High-risk medical equipment (automated pharmacies, medical robots, etc.)
• Need to provide guest access for patients and their loved ones.
• Need to provide access for transient professionals – visiting surgeons, etc.
• Need to provide access that’s open to “any device, anywhere”.
• Need to monitor and differentiate access.
• Enormous, complex and murky regulatory environment.
• Patient care aspect of business enormously magnifies risk.
• For Healthcare IT these all boil down to a problem with visibility.
The Healthcare IT Problem Space
© 2013 Lancope, Inc. All rights reserved. 2
3
Examples
• Where is my crash cart? Who
used it last? Is it in use now?
• What devices on the network are
touching my infusion pumps?
• Is my automated pharmacy
secured? Are the network access
policies working?
Monitoring medical devices
• How can I ensure rapid delivery of
radiology images from my PACS
system across the hospital
internetwork?
• How do I know the QoS policies
I’ve implemented are working?
• Which clinics are utilizing the
network the most effectively?
Bandwidth management
• How do I track access to regulated
information?
• How can I ensure compliance with
HIPAA, ACA, PCI or other regulatory
requirements for critical systems?
• How do I deal with an audit in the
most efficient way possible?
Regulatory environment
• Is patient guest access sufficiently
isolated?
• Is that patient’s bored, angry
teenage son trying to hack us?
• Can I get the visiting neurosurgeon
with his iPad online rapidly so he can
do the job we’re paying him for?
Differentiated access
© 2013 Lancope, Inc. All rights reserved.
How can I ensure that my IT operations and underlying infrastructure positively impact my patients’ medical outcomes?
The Big Picture
© 2013 Lancope, Inc. All rights reserved. 4
We still have to deal with all the “normal” IT issues common to all business:
• Network monitoring and management
• Security of assets and data
• Advanced threats – detect and respond
• Antivirus
• Et cetera…
Additionally …
It all boils down to a problem of visibility
© 2013 Lancope, Inc. All rights reserved. 5
What would be the ideal visibility situation?
Full packet capture or IDS everywhere…?
6
InternetShasta
Lompoc
Chandler
ASR-1000
Cat6k
UCS withNexus 1000v
ASACat6k
3925 ISR
3560-X
3850Stack(s)
Cat4kDatacenter
WAN
DMZ
Access
© 2013 Lancope, Inc. All rights reserved. 6
Traditional Monitoring
7© 2013 Lancope, Inc. All rights reserved.
Introducing NetFlow Technology
telephone bill
NetFlow
© 2013 Lancope, Inc. All rights reserved. 8
End-to-end visibility via flow telemetry …
… your infrastructure is the source:
9
InternetShasta
Lompoc
Chandler
ASR-1000
Cat6k
UCS withNexus 1000v
ASACat6k
3925 ISR
3560-X
3850Stack(s)
Cat4kDatacenter
WAN
DMZ
Access
NetFlow
NetFlow
NetFlow
NetFlow
NetFlow
NetFlow
NetFlow
NetFlow
NetFlow
NetFlow
NetFlow
NetFlow
NetFlow
NetFlow
NetFlowNetFlow
© 2013 Lancope, Inc. All rights reserved. 9
StealthWatchManagement
Console
StealthWatchFlowReplicator
StealthWatchFlowCollector
NetFlow,syslog, SNMP
NetFlow enabled routers, switches,
firewalls
StealthWatchFlowSensor
vSphere with StealthWatch
FlowSensor VE
User and Device Information
ID1100
© 2013 Lancope, Inc. All rights reserved. 10
• Protecting Patient Data– Enhancing data privacy and security policy enforcement
• Ensuring Regulatory Compliance with industry legislation– Reduce the risk of data tampering or theft, track user identity and
increase accountability
• Monitoring Data from a range of devices– Track critical devices on the network including heart pumps, dialysis
machines, drug dispensing machines, etc. View the device, location and activity to ensure machines are secure and operating within policy
• Securing Hospital Guest Networks– Maintain a robust BYOD policy to ensure visitors can use the hospital
guest network without accessing confidential data and devices
Typical Use Cases
© 2013 Lancope, Inc. All rights reserved. 11
• Rapid reaction to network or security issues– “Network is slow/down”
– “My app isn’t working”
• Network Bandwidth Management– Ensure devices on the network are correctly configured
– Track data across the network including large electronic images and files (X-Rays, MRI scans, etc)
• Enhance Network Infrastructure– Augment investment in existing hardware (switches and routers) by
capturing flow data for full end-to-end visibility across the network
– Monitor RTP infrastructure: VoIP, video, etc.
– Monitor QoS policies
Typical Use Cases -
© 2013 Lancope, Inc. All rights reserved. 12
Use case examples
© 2013 Lancope, Inc. All rights reserved. 13
How are my critical links being utilized?
© 2013 Lancope, Inc. All rights reserved. 14
Who talks to my HIPAA hosts?
Legitimate
What’s this??
© 2013 Lancope, Inc. All rights reserved. 15
Monitor complex relationships
© 2013 Lancope, Inc. All rights reserved. 16
Monitor wireless guests
© 2013 Lancope, Inc. All rights reserved. 117
Monitor critical servers or devices
© 2013 Lancope, Inc. All rights reserved. 18
Identity integration
From any report, instantly answer the question of “who”…
© 2013 Lancope, Inc. All rights reserved. 19
• Market Brief (Network & Security Challenges in Healthcare)
• http://www.lancope.com/resource-center/market-briefs/network-challenges-of-healthcare/
• Webinar: Defending HealthCare Networks: 30th Octoberhttp://www.lancope.com/company-overview/webinar/defending-healthcare-networks-with-netflow
• Featured Case Studies/Success stories
• http://www.lancope.com/resource-center/case-studies/stanford/
• http://www.lancope.com/resource-center/case-studies/psbc-case-study/
• CTD Video
• http://www.lancope.com/resource-center/videos/ctd/
Further learning
© 2013 Lancope, Inc. All rights reserved. 20
Q&A
© 2013 Lancope, Inc. All rights reserved. 21
Thank YouJeffrey M. Wells, CCIE, CISSP
Director of Business Development
www.lancope.com@Lancope (company)@netflowninjas (company blog)
https://www.facebook.com/Lancope
http://www.linkedin.com/groups/NetFlow-Ninjas-2261596/about
https://plus.google.com/u/0/103996520487697388791/posts
http://feeds.feedburner.com/NetflowNinjas
© 2013 Lancope, Inc. All rights reserved. 22