Given the need to handle sensitive patient data, healthcare companies face some of the most challenging and potentially disastrous security issues. After all, no IT manager wants to turn on the news and find out that patient records have been sold to the black market.
At Kelsey-Seybold Clinic in Houston, Chief Technology Officer and Chief Information Security Officer Martin Littmann uses a range of security tools to help protect 19 clinical locations that serve 500,000 patients annually.
For example, when zero-day exploits became more prevalent several years ago, Littman invited FireEye to demonstrate its product’s features and value. Today, he uses the FireEye Network Threat Prevention Platform in tandem with Proofpoint’s Threat Response tool, and has set up the FireEye alerts to feed to the Proofpoint product.
“I was recently at a dinner with all the CISOs around town, and we discussed that some vendors believe their suites of products can do it all. But I really believe that no one vendor has a corner on the best capabilities,” Littman says. He prefers a best-of-breed approach.
Kelsey-Seybold will soon select a network analysis tool that delivers more granular analytics on traffic. “If you look at all the major breaches, it always begins with a failure at the human level. Then, after the attackers get in, they plant tools that exfiltrate data,” Littman explains. “We need to have tools that can tell us when an intruder has been or still is in our network.”
Frank Dickson, a research director for Frost and Sullivan, says IT departments require tools today that not only identify malware, but can also track malicious activity.
“Organizations need tools that can deliver more visibility into network traffic,” Dickson says. “I think we’ll see more security products come with sensors, so IT managers can more accurately track the flow of traffic across the enterprise and determine if there’s anything suspicious with network activity.”
One Main Squeeze
Brian Blank, IT director for law firm Hunt & Henriques in San Jose, Calif., says the best approach for this midsize business with about 130 staff was to select security equipment from Barracuda Networks.
The firm deployed a Barracuda web filter several years ago, then added Barracuda’s spam filter. Today, Hunt & Henriques uses Barracuda’s NG Firewall, Secure Sockets Layer virtual private network appliance and backup appliance. “We run the VPN between the three locations using a standard Internet connection,” Blank says. “The backup appliance provides disaster recovery capability.”
In addition to the Barracuda gear, the law firm relies on Symantec endpoint security.
And while Blank says he is aware of threats from zero-day exploits and advanced persistent threats, he believes the Barracuda NG Firewall combined with the web and spam filters does a fine job at a much more reasonable price. “For all the different features we get out of the Barracuda equipment, we would have to pay a lot more money for those specialized security products,” he adds.