Case Study: Healthcare Industry | Garland Technology

Cyber Defense Group, an incident response firm needed to gain visibility to contain a breach on a large healthcare facility’s network. With a complicated network environment stacked with legacy equipment, and staffed with basic onsite IT and an underperforming MSSP, the facility was overwhelmed.

The network seemed to work great when there was nothing wrong, but issues were quickly exposed during the attacks in this scenario. Once they were under attack, it became apparent that the network was not set up properly with zero visibility. The existing switches didn’t have the proper firmware updates, they weren’t configured correctly and had ingress / egress set up issues.

The first challenge was gaining visibility to monitor the network traffic: understand where the attackers were coming from, where they might be touching internally, and how to stop them.

“We’re under attack and every minute that we don’t have visibility, is another minute that bad guys are exfiltrating sensitive data.”

- Lou Rabon, Founder/CEO, Cyber Defense Group

The second challenge was finding the right vendor to provide that access and visibility. “Before we found Garland our options were limited. It’s either we go to a huge provider like Gigamon, which is super expensive, and doesn’t give you a custom solution. Or the other end of the spectrum would be buying a 1G consumer grade mirror on Amazon and that wasn’t going to solve our problem.”

Out-of-band security and monitoring tools analyze packet data from the production network to provide insights or alerts for SecOps and NetOps teams to properly respond. These packets are delivered to solutions by either Network TAPs or SPAN ports both mirror traffic from ports to out-of-band solutions.

Cyber Defense Group utilized two Garland Technology ‘Breakout’ TAPs and one Bypass TAP, in aggregation mode to feed the proprietary tools they use for intrusion detection system (IDS), security monitoring, NGFW and log management. “We were able to get the visibility we needed quickly. That allowed us to do what we needed to do to find the bad guys and kick them out.”

Diagram 1: Three Garland Technology TAPs aggregating traffic to forensics or network analyzers tools.

TAP ‘Breakout’ mode sends each side of traffic to separate monitoring ports. Ensuring that no packet is lost to high-priority monitoring tools. Aggregation mode merges traffic streams into one monitoring port to reduce appliance costs, often used in combination with filtering taps, ie: filter, aggregate data streams.

When I found Garland, I got a network expert on the phone and they configured a custom solution for us. Really from the beginning, from sales to the solution, to support. I can’t say enough good things.”

-Lou Rabon, Founder/CEO Cyber Defense Group