Feb 09 2024

Review: Supporting Healthcare’s Zero-Trust Journey by Uncovering Network Assets

ExtraHop Reveal(x) can monitor cloud-based and on-premises assets to expose complex attacks.

Healthcare organizations face a challenging cybersecurity environment, with numerous connected devices, applications and users they must manage on their networks to support patient care. A smart hospital bed or an infusion pump may have vulnerabilities that can become attack vectors, offering a bridge into the core network.

This complex network environment can also make it difficult to implement advanced security approaches such as zero trust, since the risk of cutting off critical medical devices from backend databases and other assets is extremely high.

A sophisticated network detection and response platform with the ability to monitor devices by the traffic they generate, such as ExtraHop Reveal(x), can go the distance to protect healthcare networks and offer a strong foundation for zero-trust security.

Click the banner below to learn how to get the most out of your zero-trust initiative.

The ExtraHop Reveal(x) Platform Offers Critical Monitoring

Instead of working with agents that would need to be installed on devices, ExtraHop Reveal(x) pulls in raw network traffic from a variety of potential sources, including network taps or port monitors. For Amazon Web Services or Microsoft Azure clouds, it can read all the data coming from a virtual traffic mirroring feed. It then analyzes that traffic — and can do so very quickly at up to 100 gigabytes per second.   

The platform then begins to classify every device operating on the network using its highly trained machine learning engine. In testing, it properly discovered everything from a Domain Name System server to a heart monitor. Reveal(x) comes pretrained so that it can quickly identify thousands of medical and Internet of Things devices. It can also learn about new or unique devices that may be operating within a healthcare network.

Once identified, devices are put into logical groups so that Reveal(x) can monitor traffic to determine what normal patterns flow within the network to compare against future outliers. It can also immediately identify malicious traffic associated with cryptomining or attack patterns.

The network discovery process is not a one-time event: Reveal(x) is always monitoring traffic, so every time a new device comes online, it will be identified the instant it starts to communicate. In this way, the platform can quickly identify and protect newly installed equipment; it can also reveal shadow IT or unauthorized devices before they can touch any other network assets.

laptop with data on screen


Get More Support for Security Alerts with ExtraHop Reveal(x)

Once a potential threat is identified, Reveal(x) generates an alert and presents an explanation for its findings. This includes the devices and hosts involved, the IP addresses, the type of threat that is being launched and the severity of the alert. It explains why the threat is dangerous and what should be done to counteract it.

Reveal(x) will also offer to help with remediation, making it a great tool for less experienced security personnel.

Healthcare networks are necessarily complex behemoths so that providers can deliver high-quality patient care. A platform such as ExtraHop Reveal(x) can help to simplify some of that complexity, spotting threats and suspicious activities by their network traffic while exposing hidden behaviors that could be sheltering potential attackers.


PRODUCT TYPE: Cloud-native network detection and response
DEPLOYMENT: Software as a Service
TRAFFIC ANALYSIS SPEED: Up to 100GBs per second
TRAFFIC DECRYPTION ABILITY: Can passively decrypt SSL and TLS 1.3
MACHINE LEARNING ENGINE: Knows over 5,000 attack methods and patterns


Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.