A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

Similar documents
How to Transition from Nessus to SecurityCenter Reports

How to Add, Deactivate, or Edit a Contact

Tenable for McAfee epolicy Orchestrator

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Vulnerability Management

PVS Subscription Registration Process

Tenable for McAfee epolicy Orchestrator

How-to Guide: Tenable for McAfee epolicy Orchestrator. Last Updated: April 03, 2018

Tenable for Palo Alto Networks

SIEM: Five Requirements that Solve the Bigger Business Issues

Tenable.io User Guide. Last Revised: November 03, 2017

Tenable.io for Thycotic

How-to Guide: Tenable.io for Lieberman. Last Revised: August 14, 2018

How to Register for Training

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk

Threat Centric Vulnerability Management

Tenable Nessus Customer Loyalty Program to Purchase PVS Subscription

Tenable for Google Cloud Platform

8 Must Have. Features for Risk-Based Vulnerability Management and More

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

How-to Guide: Tenable Nessus for BeyondTrust. Last Revised: November 13, 2018

Think Like an Attacker

Nessus Manager Registration Process

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Device Discovery for Vulnerability Assessment: Automating the Handoff

Reinvent Your 2013 Security Management Strategy

Symantec Security Monitoring Services

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

IoT & SCADA Cyber Security Services

How-to Guide: Tenable Core Web Application Scanner for Microsoft Azure. Last Updated: May 16, 2018

SIEMLESS THREAT MANAGEMENT

HP Fortify Software Security Center

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

RiskSense Attack Surface Validation for IoT Systems

HEALTHCARE IT NETWORK SURVEY REPORT

Think Like an Attacker

IBM Internet Security Systems Proventia Management SiteProtector

NIST Framework for Improving Critical Infrastructure Cybersecurity Technical Control Automation

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

How-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018

Continuous protection to reduce risk and maintain production availability

Cyber Resilience. Think18. Felicity March IBM Corporation

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

ForeScout Extended Module for Splunk

Managed Endpoint Defense

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

McAfee epolicy Orchestrator

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Checklist for Evaluating Deception Platforms

Asset Discovery with Symantec Control Compliance Suite WHITE PAPER

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

Best Practices in Securing a Multicloud World

Securing the User: Winning Hearts & Minds to Drive Secure Behavior

SIEMLESS THREAT DETECTION FOR AWS

Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture

with Advanced Protection

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Managing Business Risk with Assurance Report Cards

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

Vulnerability Management Trends In APAC

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)

Aligning Agency Cybersecurity Practices with the Cybersecurity Framework

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

INTELLIGENCE DRIVEN GRC FOR SECURITY

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

CloudSOC and Security.cloud for Microsoft Office 365

Department of Management Services REQUEST FOR INFORMATION

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Speed Up Incident Response with Actionable Forensic Analytics

CAMSCANNER TURN YOUR PHONE AND TABLET INTO SCANNER FOR

One Hospital s Cybersecurity Journey

Total Protection for Compliance: Unified IT Policy Auditing

Cisco Network Assurance Engine with ServiceNow Cisco Network Assurance Engine, the industry s first SDN-ready intent assurance suite, integrates with

Information Infrastructure and Security. The value of smart manufacturing begins with a secure and reliable infrastructure

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

Tips for Effective Patch Management. A Wanstor Guide

align security instill confidence

Technical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform

Smart Data Center From Hitachi Vantara: Transform to an Agile, Learning Data Center

Security-as-a-Service: The Future of Security Management

Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs

FOR FINANCIAL SERVICES ORGANIZATIONS

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Aviation & Airspace Solutions MODERNIZING SYSTEMS TRANSFORMING OPERATIONS DELIVERING PERFORMANCE

Security by Default: Enabling Transformation Through Cyber Resilience

Clinical Segmentation done right with Avaya SDN Fx for Healthcare

Chapter 5: Vulnerability Analysis

Transcription:

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface ORGANIZATION SNAPSHOT The level of visibility Tenable.io provides is phenomenal, something we just never had before... what we ve been able to do with the data following that is just brilliant. Cybersecurity Manager COMPANY A Government Health Agency NUMBER OF HOSPITALS 150+ NUMBER OF EMPLOYEES 125,000+ INDUSTRY Healthcare, Government CHALLENGES Reduce cyber risk across expansive network of hospitals Deliver sector-wide, advanced reporting on cyber risk to executives Easily roll out a comprehensive solution to 25 IT teams Simplify and streamline incident response process Provide non-intrusive monitoring of critical IoT assets SOLUTION Tenable.io with Nessus Network Monitor RESULTS Peace of mind with improved visibility across an extended network A comprehensive, organization-wide view of cyber risk with actionable dashboards Increased efficiency, eliminated use of spreadsheets Helped deliver on organization s mission to improve patient care

A GOVERNMENT HEALTH AGENCY As the government health agency digitally transforms healthcare using data and technology to improve and streamline patient care the number of cyber threats has increased exponentially. The cybersecurity team led by the manager of cybersecurity, must manage, measure and reduce risk across an expansive network of 150+ hospitals with 125,000+ staff and over 25 different IT teams. Due to the personally identifiable information (PII) the hospitals manage, including patient data and sensitive health records, they are an attractive potential target for cyber criminals. With patient lives at stake, it is critical the hospitals quickly identify their exposures and meet the highest level of security standards.. CHALLENGES The government health agency must monitor and measure cyber risk across a large network of hospital services, including both metro and rural hospitals. The cybersecurity teams require a leading-edge, organization-wide solution to address the following challenges: Understand and reduce exposures in each of their hospitals With several high-profile security incidents in the healthcare sector, along with increasing ransomware and phishing attacks, the agency requires a comprehensive solution to provide full visibility into their security posture across thousands of legacy and modern assets. The cybersecurity manager says, We have a very large attack surface. The digitization of healthcare increases risk as you collect, store and process more data, you must continue to raise the bar on security standards and performance to mitigate risk. As part of the organization s security strategy, the team has introduced a statewide framework requiring each of the hospital services to quickly identify and mitigate exposures to meet statewide KPIs. Deliver accurate numbers to their c-suite and executive team The team needs ongoing visibility into the security posture of each hospital to ensure they are quickly mitigating risks as well as analyzing and benchmarking performance to share best practices across their network. They need an actionable, comprehensive dashboard that delivers accurate numbers to their c-suite and executive team. Ensure adoption with a solution that is easy to use and implement The agency requires an easy-to-use platform that is simple to implement and roll out to each hospital. With over 25 teams using it across the sector, the system must be intuitive and provide immediate value. Simplify incident response process The agency also requires a more streamlined incident management process to efficiently reach across all their hospitals. If an exploit occurs, they do not want to rely on sending out an agency-wide email and pulling together responses into a spreadsheet. A non-intrusive way to monitor IoT biomedical devices The adoption of IoT biomedical devices from infusion pumps to cardiac pacemakers to robotic carts has increased hospital efficiency and improved patient care. But, device vendors do not always allow patching or enable organizations to scan or put an agent on them. The agency needed a non-intrusive approach to safely monitor these devices and quickly identify vulnerabilities. Case Study / Government Health Agency / 2

SOLUTION After evaluating several vulnerability management vendors including Rapid7 and Qualys, they chose the cloud-based Tenable.io due to the following reasons: Continuous, accurate visibility with comprehensive assessment Utilizing Nessus scanners for vulnerability assessment, combined with the centralized management capabilities of Tenable.io, the agency gained unparalleled visibility into its IT infrastructure, including legacy and modern assets that were once blind spots. Actionable dashboards to identify, prioritize and manage risks Tenable.io s actionable dashboards give the agency the data they need to identify and prioritize risks. Additionally, the cybersecurity manager can now benchmark remediation of vulnerabilities between IT teams. The cybersecurity team is able to analyze the data and lessons learned, and share best practices across their network of hospitals. With Tenable.io, we re able to confidently analyze, report and reduce our level of exposure across the hundreds of thousands of assets we manage every day. This ensures we can properly brief leadership with actionable insight and recommendations on how best to reduce our cyber risk and protect our patients, says the cybersecurity manager. Turn-key implementation Due to the cloud-based design and ease-of-implementation of Tenable.io, the agency was able to successfully deploy a statewide solution across over 150 hospitals in two months. The cybersecurity manager mentions, I don t think this broad implementation has been done in the government before. The team at Tenable and the professional services group were very flexible and the training for our hospitals was simple. Continuous monitoring of critical IoT assets with passive network monitoring The agency can now continuously monitor IoT assets and systems with Nessus Network Monitor in Tenable.io. This enables the critical devices to be available 24/7 and not be taken offline when lives are on the line. The hospitals can safely monitor these devices and quickly identify vulnerabilities and implement controls where needed. Case Study / Government Health Agency / 3

IMPACT Peace of mind with improved visibility and significant risk reduction With Tenable.io as their enterprise Cyber Exposure platform, the agency is assured they have eliminated blind spots and have continuous visibility across all their assets. Comprehensive coverage of both traditional and IoT assets significantly reduces their cyber risk and enables the team to continually understand their exposure. They can also establish best practices to mitigate future cyber risks. A consolidated view of risks The security team now has a centralized view of their overall risk and Cyber Exposure. Their manager says, We have never had this level of data before. In the past, we would rely on phone calls to over 25 different organizations to provide us with the information we need and assemble this together. Now, we have access to actionable, consolidated data to provide to our leadership team, so it s been fantastic. Improved efficiency Actionable dashboards provide the team the consolidated view of risk they require. They no longer need to manually collect data across their network or use spreadsheets to summarize their efforts. In addition, the team saves time with a streamlined incident management process. In short, Tenable.io significantly improves the team s efficiency. Help the organization deliver on business goals By reducing cyber risk, the security team actively participates in the organization s mission of improving healthcare outcomes. Case Study / Government Health Agency / 4

CONCLUSION With Tenable as their strategic partner, the government health agency is able to accurately identify and manage risks across their expansive network, have a consolidated view of their program to share with leadership, and help the organization deliver on business goals. They have a comprehensive vulnerability management solution in place which they can build on as their IT infrastructure and attack surface evolves. The cybersecurity manager concludes, The level of visibility Tenable.io has provided has just been phenomenal, something we just never had before...what we ve been able to do with the data following that, is just brilliant. The agency is enthusiastic about Tenable s vision for the future and its road map. Advanced benchmarking and predictive prioritization capabilities will offer new benefits to the organization s security strategy. To learn more visit tenable.com Contact Us: marketing@tenable.com Tenable, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus, Tenable extended its expertise in vulnerabilities to deliver the world s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com. COPYRIGHT 2019 TENABLE, INC. ALL RIGHTS RESERVED. TENABLE, TENABLE.IO, TENABLE NETWORK SECURITY, NESSUS, SECURITYCENTER, SECURITYCENTER CONTINUOUS VIEW AND LOG CORRELATION ENGINE ARE REGISTERED TRADEMARKS OF TENABLE, INC. TENABLE.SC, LUMIN, ASSURE, AND THE CYBER EXPOSURE COMPANY ARE TRADEMARKS OF TENABLE, INC. ALL OTHER PRODUCTS OR SERVICES ARE TRADEMARKS OF THEIR RESPECTIVE OWNERS. Case Study / Government Health Agency / 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback