Proper Management of Security Analytics Tools Is Vital for Healthcare
Security analytics is a prime example. Healthcare organizations have a multitude of tools in place to collect, aggregate and analyze data, monitor security across the enterprise and detect threats. But few of these tools have been optimized to meet healthcare’s unique needs, which include links to a vast ecosystem of vendors and partners, medical devices that monitor patient activity 24/7, and an expanding secure access service edge to support remote care.
“Organizations need to spend the time to tune their security analytics tools correctly. Otherwise, they’ll get a lot of false positives,” Kalka says. The effect is similar to the alert fatigue felt by users of electronic health record systems. “After a while, you stop paying attention — and that’s when a breach is likely to occur.”
Kalka describes the process of tuning security analytics as adding a combination of wisdom and horsepower. Wisdom comes from working with industry partners and technology solutions that have the experience and expertise to meet healthcare’s needs.
Horsepower, on the other hand, is making the most of the tools that are already in place. “The answer isn’t to buy another engine, but to get more from the engine you have,” Kalka says. “You can accomplish that with technology accelerators such as automation and artificial intelligence.”
Manage Threats and Modernize Infrastructure with Security Analytics
A mature approach to security analytics — one that’s tuned to the needs of healthcare and designed to reduce the tedious manual labor of threat detection and response — can support healthcare’s overall cybersecurity efforts in two important areas: threat management and infrastructure modernization.
Threat management has three components: Organizations need to find threats, confirm that they pose enough of a risk to warrant remediation, and fix the problem that allowed the threat to surface.
Most organizations take a reactive approach, primarily by logging suspicious activity; for example, a contractor downloading thousands of files, or a specific IP address getting hit with a surge in traffic.
Logs are important, Kalka says, but they are a record of something that has already happened. Organizations are far better served by more proactive threat management. One approach is automated threat monitoring; IBM Watson, for example, ingests security threat monitoring data from more than 1 million sources per day. Another approach is attack surface management, which continuously monitors IT infrastructure for potential cybersecurity risks. A third is automated incident response, which in essence gives organizations a playbook for addressing threats and fixing problems without the need for human intervention.