Gaining Control Over Medical and IoT Devices

The healthcare industry is increasingly relying on real-time decision making, using data from a wide range of sources, such as electronic medical record (eMR) systems, medical devices, mobile and remote services, etc., to improve patient care and outcomes. We sat down to talk about what this move means for the industry and show how the health systems can get the insights and control they need to keep patient data and care safe. Key takeaways from that discussion follow, but if you are interested in seeing a detailed demo of the Medigate and Splunk solutions, you can also access the on-demand webinar, “Gaining Control Over Medical and IoT Devices.”

It’s All About Data

It takes a lot of data — about all the devices within the healthcare delivery organization (HDO) to make real-time decision-making work. These devices make up the modern, hyper-connected HDO, as health information systems interact with the critical care-delivery infrastructure over the same converged network. This results in private and sensitive data (PHI) being stored and transmitted by various unmanaged endpoints, including tens of thousands of medical, IoMT, and IoT devices on the hospital’s network. In light of this, it is extremely important for health systems to protect all the devices within their operations to ensure patient data and, ultimately, care remains safe and reliable. 

Unfortunately, that’s easier said than done. In 2019, cyberattacks on health systems jumped 60%; this year, healthcare delivery organizations continue to be a target. Most of these attacks exploit human weaknesses in some form or another ― they try to trick users (e.g., click on a link, open an attachment, go to a malicious site, etc.) or leverage bad practices (e.g., use easy to guess passwords, delay patching vulnerabilities, etc.) to gain entry. HealthITSecurity reported that an assessment of successful ransomware attacks at 50 hospitals found that: 

Requirements to Protect Data and Devices

To make sure health systems can protect their data and devices, they need to: 

  • Understand their environment, with detailed visibility into everything, managed and unmanaged, connecting to the network, so there are no blind spots and no devices unaccounted for within the health system’s security and management strategies. 
  • Manage risks posed by all the different devices in use in the network. This takes accurate assessments that can identify the devices that are most vulnerable and open to exploit, so health systems can focus resources and prioritize efforts, from patching to network-based protections, to effectively manage and mitigate the risks in their network. 
  • Detect and respond to attacks in the network. This takes monitoring and analyzing how devices are connecting and a contextual understanding of what to expect from different devices, so that anomalous behavior, out of flow communications, and unusual data or application usage, can be detected and stopped before it can do any damage.
  • Auto-mitigate risks through network-centric prevention that reduces the risks of the devices connecting to the network. By connecting the data and clinically-vetted recommendations to the enforcement points in the network (such as a firewall or NAC), health systems can auto-mitigate alerts to prevent ePHI data exfiltration and stop device performance manipulation.

How Medigate and Splunk Deliver

Medigate and Splunk have partnered to deliver a comprehensive clinical SOC solution that gives health systems the real-time data needed to detect, manage, and respond to cybersecurity events to keep their patient data and care safe. The information captured and analyzed by Medigate on the connected medical and IoT devices active in the environment, network communications, and risks detected are fed into Splunk’s Enterprise Security (ES) to enable sophisticated investigations and facilitate effective playbook development, incident response, and remediation activities.  – Read more

Learn More About Splunk

Surviving the Pandemic Requires Renewed Commitment to Cloud & Data

If we were to vote on the most overused word in 2020, “unprecedented” would be at or near the top of the list. And while we may be tired of hearing it, the fact is we’re all doing our jobs in a radically different way than we were in 2019. 

In the same spirit, we’re holding our first “cloud native” .conf event. We always want attendees to walk away with practical information they can put to use immediately to help their organizations get a competitive advantage. We will focus on sharing the ways we’ve helped our customers meet the challenges of the pandemic, from the realities of remote work to the increased focus on digital commerce and associated challenges not only to their IT and security infrastructure but to their viability as a business. 

We’ve seen our customers significantly increase the pace of their digital transformation plans and their focus on the fastest way to achieve it — the cloud and of course, Splunk. We’ve been talking about the value of cloud for years, but in 2020, any doubt went out the window as we witnessed 10 years worth of e-commerce growth in just three months.

At .conf20, you’ll learn the three major ways Splunk is addressing the challenges of the pandemic, the meteoric increase in digital transformation, the necessity of accelerating your cloud migration strategy and how data ties it all together.

We’ve Expanded Our Data-to-Everything Platform to Address Broadbased and Complex Data Processing Needs

According to Splunk’s recent report, The Data Age Is Here. Are You Ready?, 80% of organizations say data is critical to success. (I have no idea what business the other 20% are in.) We’ve gone way beyond the traditional logging capabilities of Splunk Enterprise so that our customers’ data can help them achieve the outcomes that matter most to them. We’re focusing on expanding the core platform beyond the index to power customers’ digital transformations through the data age.

At .conf20, you’ll learn about how we’re expanding our platform centers in five major categories:

  • Stream Processing enables insights and analytics much earlier in the data lifecycle
  • Machine Learning delivers AI-based insights for every type of user, from the practitioner to the data scientist
  • Scalable Index lets customers ingest, store, and deliver flexible schema-at-read analytics on massive volumes of data
  • Federated Search and Analytics deliver insights via a single-pane-of-glass against all your data, wherever it may live
  • Collaboration and Orchestration enables users and teams to leverage data as they naturally operate 

The New Splunk Cloud Experience Is Going Cloud Native

We’re making fundamental changes to the feature sets, operating models and architecture of our system to make our entire portfolio cloud-first. All Splunk customers will get the benefits of the cloud, including being able to take advantage of innovative new features as soon as they’re available. In just the last nine months, we’ve deployed more than 50 new capabilities across nine releases into Splunk Cloud.

This shift is not only about technology, but also encompasses business-model changes in pricing and packaging. This is the largest architectural change in Splunk history. It’s taken a tremendous amount of work from many, many people. But it will bring tremendous value to our customers. – Read more

Learn More About Splunk

Trial by Fire: Making the Mobile Workforce Work

My Post (11).pngMore people than ever are working remotely, and about one-third say the coronavirus pandemic was their first chance to do so. As companies return to a new normal, they are considering how to manage workers who are not in the office, and mobile workers add a unique challenge.

The term “remote worker” includes work-from-home employees and mobile workers. Most employees who work remotely do both. Using your phone for a video meeting, messaging from the grocery store or checking email on your laptop through a café’s mobile hotspot are all forms of mobile work. When you get back home and connect through VPN, you are working from home.

All workers need secure, remote access to co-workers, files and data, but mobile workers face another layer of complexity. When they go from computer to phone or tablet they need their data to sync, and they need a seamless experience from desktop app to mobile app. There are also the fundamental requirements of secure access, a quality wifi signal, video and audio. That is the ideal state.

The coronavirus pandemic exposed a lot of things that were less than ideal in our ability to work remotely. We’ve experienced co-workers unable to hear or be heard when their phone audio cut out, or headphones failed, or they dropped altogether because of dead batteries or bad connections. We’ve seen workers struggling to get necessary data or access tools and dashboards when on a mobile connection. And we’ve had IT leaders worry about privacy, even basics like screen protectors, for people working on the go.

As organizations transition to a new normal following the stay-at-home orders, they will need a strategy to sustain remote workers and their mobile needs, and that should center around three common business principles:

Plan and Invest

Employees need the right equipment to work from home and collaborate, both hardware and software. IT managers should plan for any additional software licensing and equipment purchases. It’s not just a corporate issue — consider the many schools that were unable to teach because students lacked computers and wifi. Identifying needs and planning for future investments is the way resilient organizations will manage through the uncertain months — or years — ahead.

Make the Best Use of Your Technology

For a tech geek like me, it’s easy to assume everyone knows how to use all the remote tools and is comfortable with them, but that’s not always the case. Even though remote connectivity is easier and more secure than it’s ever been, there are still a lot of steps, a lot of interactions and interdependencies. I’ve made some quick internal videos for Splunkers where I explain some of the basics and also some best practices.

You also need to make sure that remote workers’ tools are working optimally. For every computer issued and every software license granted, the IT team should have a policy and governance to track hardware and software updates. An employee on the go with expired software is not productive. It’s also absolutely vital to be able to monitor your network for potential issues and security threats, which can be done through cloud-based applications with both desktop and mobile versions, easily accessible through a company’s single sign-on. – Read More

Learn More About Splunk