Security

Review: Cortex XSOAR Protects Against Common Threats in Healthcare

This automated platform allows users to set custom responses to cyberthreats and incidents.

Carlos Soto is an award-winning reviewer and journalist with 20 years of experience covering technology and business.

Weak cybersecurity can damage a healthcare organization’s reputation, especially if it results in a high-profile attack that compromises the personal data of staff and patients or steals other sensitive or legally protected information. Many health systems have limited staff, resources and budget to put toward cybersecurity, even though they are under constant threat.

One solution that can extend cyber defensive capabilities and reduce attacks is automation. Automating mitigation of low-level attacks can reduce threats against healthcare up to 90% or more. This provides smaller staffs the opportunity to concentrate on advanced threats that could do real damage.

Automation can also help with mitigating incidents when time is of the essence. Instead of giving attackers who pass firewalls and other frontline defenses days, weeks or months to further scope out their targets, they can be blocked by well-informed humans in just a few hours. They could also be almost instantly removed using properly tuned automation that is given sufficient permission to act independently, perhaps with reports on its activities going to humans for review after the fact.

Click the banner below to learn why cyber resilience is essential to healthcare success.

x-cyberresillience2-static-2024-na-desktop

x-cyberresillience2-static-2024-na-mobile

Automated Security Helps IT Teams Do More with Less

The Cortex XSOAR platform from Palo Alto Networks was created with highly targeted environments such as healthcare in mind. We reviewed the platform in a test environment and found it to be helpful in eliminating many threats automatically and assisting human workers with the mitigation of others.

As an extended security orchestration and automation platform (where the XSOAR part of the name comes from), Cortex XSOAR simplifies security operations by unifying automation, case management, real-time collaboration and threat intelligence. It’s a complete package that is surprisingly easy to deploy and manage, even for smaller IT staffs.

The first thing I noticed when reviewing XSOAR was its easy-to-use interface, which is complemented by an intuitive user experience. Robust functionality native to the platform makes it easy to customize features to the nuances of your users and enterprise. That high level of customization is key to many healthcare organizations whose networks differ from most companies’. Customizing protections and acceptable risk levels can keep everything secure while allowing access to staff, patients and visitors.

Cortex XSOAR Allows Users to Customize Responses

This automation and response part of the platform is especially impressive. It delivers native threat intelligence management that can be tailored specifically to the environment, meaning that key intelligence about the most likely attacks will be prioritized. One key part of the automation platform is an incident response war room that empowers teams to both collaborate during mitigations and conduct post-incident analysis and training.

The automation even extends to the responses themselves. Users can customize how they respond to different types of threats and incidents using playbooks. When a similar threat comes along again, users can go through those playbooks to reach similar conclusions, or even have the platform automate much of the response.

Of course, automation is only effective if a platform is smart enough to act properly without human intervention. In my testing, the XSOAR platform was successful in eliminating over 90% of the most common threats without any human intervention at all. That could free up staff to concentrate on the most dangerous and complex security challenges, with help from Cortex but with humans in the driver’s seat. In any case, remediation of threats was handled much more quickly, if not instantly, when Cortex was on the job.

Healthcare is a vulnerable industry. A platform such as Cortex XSOAR can help to even the odds, giving a big boost to limited IT staff, handing many attacks on its own and assisting with everything else.

SPECIFICATIONS

BRAND: Palo Alto Networks
PRODUCT LINE: Cortex XSOAR
SOLUTION TYPE: Threat intelligence management
OPERATING SYSTEM: Linux, MacOS, Windows
SOFTWARE MAIN TYPE: License

Side-Stepping Healthcare IT Security Issues

Healthcare, like other industries, is subject to myriad cybersecurity threats. Hospitals are often targeted by cyberattackers due to the vital information they hold. Attackers also know that security budgets for hospitals may be limited.

These breaches can result in identity theft, financial loss and damage to an organization’s reputation. Internally, IT staff can become exhausted and stressed. The volume of IT security data that must be sifted through on college networks can become overwhelming for security teams to manage.

Here are the key types of attacks, security incidents and vulnerabilities often faced, and what a platform such as Cortex XSOAR can to do help out:

Phishing attacks. Phishing emails and websites are commonly used to trick staff into such as XSOAR can help orchestrate all other cyber solutions to help staff thwart attacks that lead to unauthorized access and account takeover.
Insider threats. Sometimes malicious but often accidental (following a phishing attack, for instance), these incidents can be triggered by employees, visitors, vendors or others who use a healthcare organization’s hybrid public and private networks. They are often difficult to detect because an authorized user is part of the attack. But tools such as XSOAR can detect anomalous activities outside of traditional workflows and either take action or alert human staff.
Lack of security awareness. The added time that IT staff can gain from using a XSOAR automated platform could allow them to educate staff, partners and patients about best security practices so that a basic level of cyber hygiene can be applied. This can help to eliminate most low-level threats.
Legacy systems. Many healthcare organizations use outdated software, and older systems may not receive regular security updates or patches. These systems are more vulnerable to attacks and may not meet current security standards. By implementing XSOAR, IT security teams are empowered with out-of-the-box integrations that can be used to wall off those assets and provide protection without having to do an immediate rip-and-replace.
BYOD policies. Many healthcare organizations let staff and patients use their own devices on their networks. That is an accepted part of the culture, but it does create additional security risks. XSOAR can generate playbooks regarding proper security practices to ensure that all connected devices meet security standards. Playbooks can also be followed if an attack comes in from a smartphone or other external device, speeding both detection and mitigation of those tricky threats.