Evaluating MDR Vendors Is Critical
Choosing an MDR vendor requires assessing both your internal skills and the security needs that your organization can’t meet on its own. It’s also important to recognize that not all providers offer the same kind of service.
“Depending on the vendor or the partner, some will offer full soup-to-nuts, hands-on-keyboard service when it comes to remediation. Others will take the form of guidance,” says Michael Cappiello, senior inside solution architect at CDW.
“Some customers may simply want to concentrate on EDR and the endpoint itself, versus those who may want to expand into network cloud. And some customers want to have a service that doesn’t really care what you’re feeding it, as long as they can take that data and just make sense of it,” Cappiello says. It all depends on the needs of the organization.
Daidone suggests that an assessment of a healthcare organization’s internal situation in addition to an evaluation of potential vendors will help clarify MDR choices. “First, assess your own organization. Next, evaluate the vendor organizations and MDR capabilities out there,” he says. “And then see how it fits internally.”
Supply Chain Security Adds a New Wrinkle
Sometimes a healthcare organization will be vulnerable to infiltration even when doing its best to protect itself, due to a security gap somewhere in its supply chain. For this reason, it’s important for any organization to always be aware of the cybersecurity policies implemented by partners and vendors.
Cappiello says it can open an organization up to attack when other companies in its ecosystem aren’t continuously assessing their own security.
“It’s much easier to either move toward social engineering or move toward existing exploits, simply because customers are not diligent about hardening their systems,” he says. “Sometimes it’s new stuff, and sometimes it’s just really old stuff. And if it’s not kept buttoned up, then that’s where we see some of these exploits that are coming out of the woodwork that had possibly been around for a while. And believe it or not, we still do get customers that are not diligent in that regard.”
DIVE DEEPER: What is MDR, and how does it benefit healthcare organizations?
“Third-party risk is something I’m seeing a lot of. I think that many of the organizations we talked to don’t have meaningful ways to evaluate these types of risks,” Daidone adds. “You may have the best defenses in the world, but if you have some bad people, or trust in people who have very bad privacy practices, you could become a target through some of those third-party vendors.”
Cappiello says larger organizations are just beginning to get a handle on dealing with third-party risk. “How can I figure out if someone I’m working with is taking security seriously?” he says. “Sure, there are forms and you can ask for this information, but what’s your confidence level there? Is there a way to evaluate that actively or passively, and from what you can see in front of the firewall, or if you can get a view?”
Working Within a Framework Can Better Protect Patient Data
Both Daidone and Cappiello highlight the importance of using a framework for detection and response. “I can’t tell you how many customers have homegrown security programs that aren’t evaluated against a framework that are just blatantly missing huge areas,” Daidone says.
He recommends performing a gap analysis to help an organization determine the strengths and weaknesses of its security efforts. “I think a gap analysis is really good because it helps an organization figure out the latticework and, internally, identify the technology needed to help address that,” Daidone says.
“Latticework refers to the tools and rationalization assessments, or how to map your tools back to certain frameworks; for example, do I know that Tanium meets Control 1 and 2 of the CIS Top 18?” he explains. He notes that if healthcare organizations want to map their tools against a framework, they can rely on trusted partners such as Focal Point, a CDW company, to provide the necessary workforce training and development.
Keep this page bookmarked to keep up with all of HealthTech’s Cybersecurity Awareness Month coverage, including more on managed detection and response.