For healthcare organizations everywhere, the world of digital security is scarier than ever, thanks to evolving ransomware attacks and ever-more connected medical devices.
Gone are the days when a hospital or health system could protect itself by simply adopting a handful of security technologies and practices focused on the internal network. Mobile and cloud technologies have expanded enterprise boundaries, and increasingly dangerous threats from cybercriminals now require healthcare organizations to move strategically from a threat prevention mindset to an approach that focuses on detecting and responding to attacks, and then recovering from them.
At the same time, today’s mobile and cloud computing paradigm demands immediate access to data at all times from any location, says Lenny Zeltser, a senior instructor in malware analysis at the SANS Institute, a cybersecurity training organization. As a result, organizations find themselves struggling to maintain control over the enterprise networks that employees and contractors use to interact with a wide range of sensitive data. “The network perimeter became ephemeral, with access occurring from homes, satellite locations, internet cafes and other networks that the organization cannot secure in the way that it attempted to lock down its corporate network,” Zeltser says.
To address powerful new threats while protecting a shifting landscape on which sensitive data resides, many organizations are employing endpoint security solutions with powerful capabilities such as endpoint protection platforms.
A Plethora of Medical Device Endpoints
The evolution of the network has redefined what organizations view as an endpoint. “Traditionally, we identified network endpoints as any device that manages communication across a network from within a corporate firewall, such as a modem, router, printer or PC,” says Sri Sundaralingam, Symantec’s enterprise security product marketing lead.
The cloud allowed organizations to expand network access to devices and services outside the firewall, forcing the entire IT community to rethink what should be classified as an endpoint. “Today, we consider the modern network endpoint to include any device that can access a corporate network, and that includes PCs, smartphones, tablets, wearables, Internet of Things devices and more,” Sundaralingam says.
Not to mention the huge amount of medical devices, such as MRI or EKG machines, on any hospital network that require their own set of protections. “These devices typically carry less protection from attacks than a laptop or phone and must be monitored for compromise,” says Larry Lunetta, vice president of security solutions marketing at Aruba Networks. Healthcare organizations also need to pay close attention to endpoints used by an increasingly mobile workforce, as well as branch offices connecting directly to the internet.
Healthcare IT teams are beginning to understand that breaches are inevitable and that they must strive to prevent as many attacks as possible. “They have to prepare to detect successful attacks and respond appropriately,” says Jim Waggoner, senior director of endpoint product management for FireEye. These capabilities are known as endpoint development and response (EDR).
EDR tools address the need for continuous monitoring of and response to increasingly sophisticated network threats. EDRs differ from standard endpoint protection platforms (EPPs), such as anti-malware solutions, in that they aren’t designed to automatically stop threats during the pre-execution phase. An EDR goes beyond EPP’s basic capabilities to offer deep visibility, providing insights that help security analysts discover, investigate and respond to advanced threats targeting multiple endpoints. For extra protection, many current security tools combine both EDR and EPP capabilities.
Learn more about how CDW services and solutions can help your organization protect itself against evolving security threats.