In 2020 we have seen a massive rise in the number of internet-connected devices with the goal of improving patient care, organizational efficiency, speed of crisis response, and much more during COVID-19. The emergence of telemedicine, digital health records, internet-connected medical devices, patient wellness apps, and an increasing amount of third parties entering the health supply chain undoubtably has created benefits. What it has also created is a vast landscape for threat actors to exploit devices that are unpatched, have default passwords, FDA recalls, CVEs, and so many more vulnerabilities.
This week, we will delve into IT, IoT, OT, and IoMT devices and the appropriate steps to building a true asset inventory, having a baseline of acceptable device behavior in order to spot anomalies or malicious behavior, and the ability to create automated actions based on this information.
Have a True Asset Inventory
Most organizations today struggle to have a real-time, accurate inventory of the devices on their network with the context needed to understand how to manage them.
- Detect ALL connected devices — including unmanaged, IoT and IoMT devices on your network. This can include unknown or unknown and unauthorized devices missed in traditional asset inventory.
- Have rich context on those devices with make, classification, location, application/port usage, weak ciphers and certificates, manufacturing and FDA recalls, National Defense Authorization Act banned, and devices with regulated data including PCI and PHI.
- Continuously analyze every device in real-time to in terms of potential risks to the organization.
Understand Device Behavior – The Good and Bad
Once a true and continuous asset inventory is established you have a clear picture of the devices but how do you sift through the devices to understand which to remediate, take offline, and utilize more.
- Identify anomalous and suspicious communications to unauthorized networks and malicious sites and monitor devices for risks such as vulnerabilities, active threats, anomalies, and other malicious activity.
- Compare and contrast device utilization across different facilities to identify and improve operational efficiency, schedule upgrades/patches on light usage days/hours to minimize disruption of operation, and ultimately, identify underutilized high-capital equipment to increase the utilization.
Create Automated Actions Based on Rich Device Context
After establishing both a solid asset inventory and then understanding the behavior surrounding your devices, being able to use this information is critical.
- Dynamically generate and automatically enforce segmentation policies to isolate high-risk and vulnerable devices and only allow “sanctioned communications”.
- Integrate with your existing CMMS, CMDB, firewall, NAC, and SIEM to trigger workflows for enforcement of Zero Trust policies.
The Ordr Systems Control Engine (SCE) can enable visibility and security of all your connected medical devices. It can discover every connected device, profile device behaviors and risks, and automate action for all medical and IoT assets in your healthcare organization.
Recently, we began an IoT Discovery Program that allows organizations to:
- Gain high-fidelity visibility into devices that you may not know are on your network
- Understand risks including communication patterns and vulnerabilities
- Discover usage patterns for your devices
- Map these devices to your Layer 2 and Layer 3 architecture
- Identify appropriate segmentation policies to secure your devices
If you feel this program would be a good fit for your organization, register here: https://ordr.net/sensor/