Garland Technology ensures complete network visibility by delivering a full platform of network test access point (TAPs) and packet broker products
Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.
Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.
The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners
Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.
Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.
The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to keep sensitive patient data safe. It’s security rules have been published since 2003, and yet, nearly 35% of the record-setting number of reported data breaches in 2016 happened in the healthcare industry.
It is no secret that security healthcare data is becoming more of a challenge and as the Health and Human Services Office for Civil Rights commits to proactive HIPAA audits in 2017 and beyond, it’s becoming more critical to ensure that you are collecting the security information you need, both to provide the best possible security and also to validate your compliance status.
Whether it’s a large hospital with well-staffed technical team, or a smaller organization with a single IT person, there seems to be one prevailing mindset—“focus on patients and keep systems running” rather than “maximize security.”
One of the unique challenges with healthcare and hospitals in particular, is the sheer volume and type of data that needs to be collected to support compliance and overall security. Providers are also becoming more and more connected, with little vulnerability mitigation in sight.
Even in the case of a small organizations, there are so many nuanced angles to consider. Many different sub-entities all have different requirements from a networking operations standpoint:
Fluctuating operating requirements across departments give network admins plenty to worry about without trying to maximize security efforts. In large organizations, performing security monitoring of large volumes of network traffic becomes time consuming, complex and expensive.
Up until last year there hasn’t been much of a threat of compliance auditing from Health and Human Services (HHS). There weren’t any repercussions for lackluster cybersecurity other than fines for a data breach - if one occurred. They have now said that they will continue to do proactive auditing of organizations on an ongoing basis. This means anyone could be audited at any time and they should all expect it to happen at some point.
Now that HIPAA audits are a real possibility, organizations of all sizes have to take control of data sprawl within their organizations and keep track of who has access to PHI and monitor its use.
Keeping systems up and running is literally the difference between life and death in the healthcare industry. But as hospital IT departments focus on performance and availability, security still needs to be top of mind. The complexities of networks needs in healthcare all add to the challenge of collecting the data you need to get visibility and support compliance. A few of the key data points that need to be collected are:
Logs and events are essential from every critical component in your environment and in many cases, systems you would consider non-critical, such as a receptionist workstation. Logs are a permanent record of something very simple that happened to a device. On a firewall, they will tell you what sessions were established, who has logged into the device and who has made changes to it. In directory services, logs will tell you when new users were created, accounts disabled, administrative privileges granted and much much more. All essential data when talking about security and compliance.
Analyzing network traffic sounds simple enough until you think about how many packets are flying around on every device and where they might be going to or coming from. The biggest bang for your buck is always going to be to monitor your Internet ingress/egress traffic, but even that poses challenges that need to be thought about.
To be able to get the data you need and do something meaningful with it, you need to arm yourself with the right tools to do it and resources to manage them. If you need help in this arena, give us a call, for a free consultation or discussion on the best security options. Not ready for that step? Here a few pointers to get started:
1. To handle the log collection analysis and meet your compliance requirements, you need to get a Security Event and Information Management (SIEM) tool. There are several out there that work well (Kiwi will not work for this), but the most important thing with any SIEM is to get a handle on what data you want to collect, what is the volume and how you want to analyze it. This will help you find the right tool and size it properly to handle the data you want to collect. Also know how long you have to keep the data – it adds up quick and can be expensive to store. Keep in mind that all log data is not created equal and some has no security or compliance value. If you want to collect all of your server error events and non-security operational logs, send them to an ELK stack. That will be far cheaper.
2. Network analysis requires its own set of tools as well. In most cases we are talking about feeding data to a dedicated network Intrusion Detection System (IDS), full packet capture tool or something else that is network aware. Mirror or monitor ports on switches can sometimes suffice for getting data to these tools, but the answers to the question above all play a big role. Typically, you are looking at needing something like a network tap and/or packet broker. These allow you to physically get in the middle of multiple network links, aggregate them into a single appliance and send just the packets you want out to multiple network appliance.
3. Need to TAP multiple fiber links and send data to a 1Gb copper interface? Have 4Gb of network traffic and can only monitor 1Gb with your IDS? Want to monitor only traffic between your user community and a couple critical servers? No problem; throw all the data at a packet broker and filter out what you need, so that you only get the traffic you care about and your tools can handle it.
Looking to add inline or out-of-band security monitoring solutions, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do.
Darrick Kristich is a security professional and founder of Sedara, a managed security service provider. His background primarily stems from the Aerospace & Defense markets and has expertise in technical and security architecture, as well as compliance program development and incident response. He currently resides in Buffalo, NY.