Background: The largest municipal healthcare organization in the United States, this $6.7 billion company provides medical, mental health and substance abuse services through its 11 acute care hospitals, four skilled nursing facilities, six large diagnostic and treatment centers, and more than 80 community-based clinics. With over 35,000 employees serving 1.3 million patients per year, the organization also provides home care services and has its own 385,000-member health plan.
Challenges: In early 2007, the head of security for this large U.S. healthcare organization partnered with global IT solutions and services provider Dimension Data to kick off its security solutions overhaul. To start, the company consolidated its seven data centers to just two main data centers. Dimension Data began this phase of the project by building out the consolidated remote access and Internet infrastructure for the new data centers.
Solution provided by Dimension Data: Dimension Data architected and deployed a range of solutions, from firewalls and an inline 10G network Intrusion Prevention System (IPS), to secure Internet gateway solutions with SSL interception capabilities, network access control solutions and remote access connectivity technology. After building out the necessary security infrastructure, Dimension Data began to upgrade the company’s security operations throughout 2008. The project began with designing a corporate wide vulnerability management solution, implementing the secure web gateway and architecting a new security event management solution. In 2009-2010, Dimension Data deployed a comprehensive event management solution to assist in analyzing events from all of the company’s new security infrastructure, routers and servers. Security events vary from system to system, but this solution was able to gather events from each system, normalize them to a common format, and make it easy for the company to determine if there was indeed an actionable security event. This new security technology provided a corporation-wide view of vulnerable systems and security events. Events were now classified into four categories: denial of service, inappropriate usage, malicious events (infections, breaches etc) and unauthorized access. Because Dimension Data had a holistic view of the company’s requirements, they were able to architect this multi-vendor solution that matched their customer’s need to consolidate and build more intelligence into their security operations center.
Summary: Following the implementation of the new security architecture and solutions by Dimension Data, the U.S. healthcare organization’s ability to filter, analyze and respond to security events in real-time improved dramatically. Their security staff of four used to handle 40 million security events per day. Now, these events are better correlated and the staff handles only 2 million events per day. The system has been tuned to the point where security analysts need to deal with just 10-12 actionable security incidents per day.One of the biggest benefits realized by the large U.S. healthcare organization is the common security event format. No matter what device the event comes from, logs remain in the same format and the security staff doesn’t have to worry about what events are coming from which log. This common, streamlined log format led to a significant increase in security reporting efficiency and accuracy, and the company can now provide executive level reports to upper management on demand. Since the product workflow is very visual, the security staff can easily explain security events and challenges to executives. Further, they are able to quickly gain a view of security metrics and trends, and understand the network in terms of protocol and usage. Trending is better and compliance reporting is now excellent. As a healthcare organization, the company’s log retention is highly regulated because of HIPAA (Health Insurance Portability and Accountability Act) compliance requirements. With the new security event management system in place, they can send logs to this system and not store them locally. It is much easier to keep logs elsewhere than on the local system because of threat management and compliance management needs. Since the system upgrade, the organization doesn’t have to worry about storing logs locally. All of the management of the security infrastructure and events now happens in a centralized security operations center.
One Penn Plaza, Suite 1600,
New York, NY 10119 U.S.A.
Tel: +1 212 613 1220