Ariana Grande and Nicki Minaj performing “side to side” is one thing, but unusual network traffic moving side to side (internal lateral movement), now that’s a whole different story. An in a healthcare environment where sensitive customer information is stored and lifesaving equipment is connected, it can be downright dangerous. In part 3 of 6 in our series on Control, we dive deeper into Network Control and the concept of traffic control of internal lateral movement to help you maintain order in your healthcare facility.
Trouble in Louisiana
Remember when Louisiana’s governor issued a state of emergency in response to a rash of malware infections that hit the public schools? In the northern part of the state, the ransomware attacks crippled these schools when malware was embedded and allowed to spread quickly throughout the campus. Sorely needed files were encrypted and criminals demanded payment in exchange for the decryption key. How did this happen? Clearly someone with a lot of resources found and exposed a vulnerable spot in the network.
Firewalls are one thing but people and devices move around constantly. What is the purpose of a stationary perimeter if there is constant movement in the network? Consider, for example, a hard-working healthcare worker (Bob) at a regional hospital who goes home late at night and connects to the web and accidentally clicks on a few bad URLs here and there. Without his knowledge, he has just downloaded malware onto his trusty laptop. The next day when a connection is made to the hospital network, this is when the malware does its thing, performing reconnaissance to understand the devices near its proximity so it can spread. This side to side movement is what you need to stop and contain right away.
Know What You Have
Adding anti-virus software is one thing but consider many medical devices that can’t be patched in the first place or think of the headache of keeping a log to make sure all devices are patched. Most often, we find that many hospitals don’t know what’s exactly in their network in the first place. Assuming you’ve taken the necessary steps to add full visibility, the next necessary step is to implement network control specifically network traffic control.
The Traffic Tower
If and when a breach occurs, the quick remedial action to take is to ensure that the malware does not spread. Ordr’s traffic control can ensure that the damage is restricted to a small contained area and the whole hospital network does not go down. When routers, switches, gateways, and firewalls all have flow-based whitelisting enabled, a bad packet from Bob’s laptop computer will be stopped and it will never make its way to a camera or a medical device in a different part of the network.
We can take it further with rule-based automation. For example, if we find that a camera is trying to have dataflow to a particular VLAN that it shouldn’t and the flow looks unusual, we can shut it down right there and then. It starts with total visibility and having the smarts to see all the internal traffic movements, up and down and side to side. Worried about MAC/IP spoofing? We take care of that too.
Much Happening Behind the Scenes
Network control is also about who gets in and out of your network. The point of entry can be wired or wireless, it can be serial or VPN. Doctors, nurses, visitors connect all the time to the healthcare network. It’s important to have the smarts to know what’s happening with the traffic flows, all the stream of information moving north and south and also side to side. And just like Ariana Grande and Nicki Minaj, we’re good friends with Infoblox and we play nice with Cisco ISE. Go ahead, do a little dance, Ordr has you covered.