Clinical Segmentation done right with Avaya SDN Fx for Healthcare

Similar documents
AVAYA SDN Fx HEALTHCARE SOLUTION BRIEF

Introducing Avaya SDN Fx with FatPipe Networks Next Generation SD-WAN

JUST WHAT THE DOCTOR ORDERED: A SOLUTION FOR SMARTER THERAPEUTIC DEVICES PLACEHOLDER IMAGE INNOVATORS START HERE.

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

Automating the Top 20 CIS Critical Security Controls

Extreme Policy Access Control

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

8 Must Have. Features for Risk-Based Vulnerability Management and More

Cisco BioMed NAC Solution for Healthcare: Flexible, Cost-Effective Provisioning for Identified Networked Biomedical Devices

Simple and Secure Micro-Segmentation for Internet of Things (IoT)

WHITE PAPER. Session Border Controllers: Helping keep enterprise networks safe TABLE OF CONTENTS. Starting Points

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Securing Your Most Sensitive Data

Comprehensive Database Security

BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology

Transforming Security from Defense in Depth to Comprehensive Security Assurance

SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE

Prestigious hospital. Outdated network.

Cisco Cloud Application Centric Infrastructure

Total Threat Protection. Whitepaper

ForeScout ControlFabric TM Architecture

Deliver End-to-End Systems Management for Cisco Data Centers That Run Microsoft Applications

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

THREAT REPORT Medical Devices

WHITE PAPER. Applying Software-Defined Security to the Branch Office

Solution Overview Vectored Event Grid Architecture for Real-Time Intelligent Event Management

mhealth SECURITY: STATS AND SOLUTIONS

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Addressing Cybersecurity in Infusion Devices

Enterprise Guest Access

Device Discovery for Vulnerability Assessment: Automating the Handoff

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs

NETWORKING 3.0. Network Only Provably Cryptographically Identifiable Devices INSTANT OVERLAY NETWORKING. Remarkably Simple

SIEM: Five Requirements that Solve the Bigger Business Issues

MaaS360 Secure Productivity Suite

RiskSense Attack Surface Validation for IoT Systems

Avaya WLAN 9100 Series

Avaya Collaboration Pod 4200 Series

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

HOW A CLOUD COMMUNICATIONS SYSTEM UNIQUELY SUPPORTS YOUR MOBILE WORKFORCE

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

Office 365 Buyers Guide: Best Practices for Securing Office 365

HEALTH CARE AND CYBER SECURITY:

BUILDING A PATH TO MODERN DATACENTER OPERATIONS. Virtualize faster with Red Hat Virtualization Suite

Securing Health Data in a BYOD World

IBM Internet Security Systems Proventia Management SiteProtector

2018 Edition. Security and Compliance for Office 365

Nuage Networks Product Architecture. White Paper

Preparing your network for the next wave of innovation

W H I T E P A P E R : O P E N. V P N C L O U D. Implementing A Secure OpenVPN Cloud

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

CA Security Management

SYMANTEC DATA CENTER SECURITY

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Technical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform

Healthcare IT Modernization and the Adoption of Hybrid Cloud

Cloud Security Gaps. Cloud-Native Security.

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

CoreMax Consulting s Cyber Security Roadmap

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

by Cisco Intercloud Fabric and the Cisco

Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video

Mapping BeyondTrust Solutions to

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

Next Generation Privilege Identity Management

PROTECT AND AUDIT SENSITIVE DATA

Use Case Brief BORDERLESS DATACENTERS

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Overcoming Business Challenges in WAN infrastructure

The McAfee MOVE Platform and Virtual Desktop Infrastructure

Cloud Connect. Gain highly secure, performance-optimized access to third-party public and private cloud providers

Spotlight Report. Information Security. Presented by. Group Partner

Best Practices in Securing a Multicloud World

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

Integrated Access Management Solutions. Access Televentures

All the resources you need to get buy-in from your team and advocate for the tools you need.

The Top 6 WAF Essentials to Achieve Application Security Efficacy

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

10 Cloud Myths Demystified

Hybrid WAN Operations: Extend Network Monitoring Across SD-WAN and Legacy WAN Infrastructure

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Protect Your End-of-Life Windows Server 2003 Operating System

Virtualisierung nur im RZ? Werden Netzwerke immer komplexer? Göran Friedl Senior Network Consultant, Avaya Deutschland GmbH

INTELLIGENCE DRIVEN GRC FOR SECURITY

METAFABRIC ARCHITECTURE A SIMPLE, OPEN, AND SMART NETWORK FOR THE DATA CENTER

Cyber Risk and Networked Medical Devices

Solution. Imagine... a New World of Authentication.

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Simplifying the Branch Network

AKAMAI CLOUD SECURITY SOLUTIONS

Digital Renewable Ecosystem on Predix Platform from GE Renewable Energy

The threat landscape is constantly

Deliver Office 365 Without Compromise Ensure successful deployment and ongoing manageability of Office 365 and other SaaS apps

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Data safety for digital business. Veritas Backup Exec WHITE PAPER. One solution for hybrid, physical, and virtual environments.

Transcription:

Clinical Segmentation done right with Avaya SDN Fx for Healthcare The stark reality is that patients are at grave risk as malicious attacks on exposed medical equipment increase. Table of Contents Highlights... 2 Enter Avaya SDN Fx for Healthcare... 2 Avaya SDN Fx The components of the Healthcare SDN Fx Solution... 3 In summary... 6 Further Information... 6 When entering any hospital, we expect a secure environment focused around patient care and wellbeing. While this is undoubtedly what thousands of healthcare professionals around the globe focus on every day, a danger lurks in the digital shadows. As confirmed by recent research, medical equipment is inadequately secured against cyber attacks. In close collaboration with leading healthcare institutions, Avaya has developed a solution that provides clinical segmentation, inventory management and device flow control as a total solution. Recent research into the vulnerability of healthcare equipment has turned up disturbing results 1. Successful attacks are being mounted against the whole array of networked medical equipment, ranging from infusion pumps which deliver critical doses of medicines and drugs, to high tech MRI and radiology systems. At times direct manipulation of the equipment has been attained with little or no signs of such intrusion. The primary reason for this is that most of this equipment still utilizes outdated operating systems and cannot be upgraded due to regulatory compliance issues. However, there is a more subtle issue: Application developers in the past may have assumed their equipment would operate in an isolated and very simple network environment which is not the case in modern, connected hospital environments. Areas of vulnerability range from simple Distributed Denial-of-Service (DDoS) type of attacks to full manipulation of the actual medical equipment due to weak application front ends and little or no consideration to security in the application architecture. While the first issue could, in theory, be addressed by updates to the regulatory requirements, the second more subtle issue is much more complex and delves into areas of both software and hardware redesign. Solutions to these problems, however are years away. The reality is that we are at least a decade away from any true resolution of the issues at hand unless something changes fundamentally. An external and flexible solution is urgently needed, providing the isolation and segmentation required to reduce the device exposure. 1 It s Insanely Easy to Hack Hospital Equipment, WIRED Not only are these devices exposed to cyber threats, they are also required to be mobile by design, something the device manufacturers have not factored into their designs and legacy networks don t provide effective support for. Any avaya.com 1

Highlights Recent research indicates the exposure of medical equipment to cyber attacks posies a real threat to patient wellbeing. Most critical medical care equipment is network enabled and dependent, and the trend is increasing. Most of these systems are regulated and are running on antiquated operating systems that are vulnerable to malware, attack or direct manipulation. Regulation negatively affects the ability of healthcare institutions to secure the systems themselves. The Avaya SDN Fx Healthcare solution, co-developed with healthcare institutions, provides an end-to-end solution, addressing the problem but also massively reducing operational cost. The Avaya Open Networking Adapter provides a cost effective distributed edge to provide the relevant services to medical devices while helping to dramatically reduce operational cost. next-generation infrastructure solution will thus need to automate the process end-to-end to reduce dependency on IT staff while providing smooth and reliable operation on the ward and in the operating room while reducing operational expense. Some larger institutions today are already supporting thousands of mobile devices, hence inventory management is yet another challenge. In close collaboration with leading, large healthcare providers Avaya has developed the Avaya SDN Fx for Healthcare solution, designed to address the following key challenges: 1. Clinical Segmentation Providing specific device network isolation, thus virtually segmenting the infrastructure and isolating devices based on category and associated policies. For example all MRI s or equipment from a specific vendor could be virtually isolated in a virtual service network together with the required backend imaging systems. 2. Flow Control Having segmented the network and provided what the industry terms clinical segmentation, the Avaya SDN Fx Healthcare solution provides healthcare providers the ability to understand and control flows between devices in a very granular fashion and apply them via group and/or device policies. Continuing from the previous examples, flows could be limited to only permit communication between the MRI and the imaging server for the purpose of delivering image data but nothing else, thus further isolating the device and protecting it against malicious activities. 3. Edge Automation & Mobility Healthcare environments are complex. Adding to the complexity of all the different services the infrastructure has to provide is the mobility of healthcare devices. Providing ubiquitous mobility and providing edge automation the SDN Fx Healthcare solution helps ensure that any Ethernet port at any location provides on-demand service only to an authorized device. This removes the need for edge port pre-provisioning or expensive and time-consuming IT operations actions. This on-demand service to authorized devices provides added security since edge ports are unprovisioned by default. It allows medical staff to perform the required activities without IT support, thus speeding up processes in time critical environments while helping to reduce operational cost and complexity. avaya.com 2

The SDN Fx Healthcare Solution is designed to provide the benefit of clinical segmentation to fabric based networks as well as legacy networks. 4. Inventory Management With possibly thousands of mobile devices in large healthcare environments, performing effective inventory management is a difficult challenge. The Avaya SDN Fx Healthcare solution, however, provides a remedy, providing detailed information on the amount and type of devices as well as their network current location. 5. Ease of Management Healthcare providers and their IT staff need to manage a complex healthcare service environment. The Avaya SDN Fx Healthcare solution is fully integrated with all required Avaya network management tools and provides a simple, task-based and policy controlled web management interface. The solution enables faster time to service with less complexity. 6. Ease of Deployment Unlike networking devices, the number of mobile medical devices can easily exceed ten thousand in large environments. Making it easy to quickly deploy these devices by non-it staff is a crucial advantage. Working together with lead customers Avaya has developed a simple deployment process that is supported by a smartphone or tablet based app, thus allowing facility and other non-it staff to deploy the devices quickly and effectively while IT operations maintains full control over on-boarding and policy. 7. Single Architecture end-to-end The SDN Fx architecture underpinning the solution provides a single and unified architecture end-to-end, within a single building, spanning a campus or even globally. It s one architecture, one set of processes, one system. No more complex processes and technology but an easy to use, easy to deploy and easy to operate healthcare offering meeting the needs of a modern healthcare environment. In summary, the SDN Fx Healthcare solution, based on the input and needs of our healthcare provider customers, is a market leading offering and the first solution of its kind designed specifically around the healthcare industry s needs. Avaya SDN Fx The components of the Healthcare SDN Fx Solution Avaya s SDN Fx is a series of automated fabric extensions that have been developed to facilitate next generation SDN requirements. Unlike other providers who solely focus on data center automation, Avaya has focused on providing a wide palette of service extensions and closer application infrastructure control instead, providing organizations with foundational simplicity and effective control and automation in the infrastructure. These services can be summarized into five major categories. avaya.com 3

Fabric Connect (FC) Avaya Fabric Connect is an Ethernet fabric technology based on IEEE 802.1aq Shortest Path Bridging (SPB) and is a direct ancestor to Provider Based Bridging/Provider Based Transport (IEEE 802.1ah). As such a more secure and segmented solution is provided. This legacy is extended in Fabric Connect to provide more secure isolated communities of interest. We refer to these constrained service domains as Virtual Service Networks (VSN). These are service domains that are totally invisible to IP scanning techniques. The reason for this is that Fabric Connect does not use the IP protocol as a utility to establish service paths. Further, no discovery or reachability is possible if the communities of interest are properly constructed. We refer to this as Stealth Network Services. These communities are validated and authorized by our Identity Management portal into the Fabric provided by Avaya Identity Engines (IDE). This secure framework can be leveraged to provide for secure separation in multi-tenant/multi-instance situations where other legacy technologies struggle with complex multi-protocol overlays. Avaya Fabric Connect holds all service and topology information within a secure and distributed database environment that is held by every switch within the fabric. The end result is a more secure fabric with unmatched topological and geographic reach. Fabric Attach (FA) Avaya Fabric Attach technology allows native Ethernet edge devices to negotiate service connections based on the secure authentication and authorization practice that can be enforced by Avaya s policy engine, Identity Engines (IDE). This signaling technology will be ratified within IEEE 802.1Qcj as auto attach. Additionally, the code has been placed into Open Source by Avaya and Avaya has, in collaboration with partners, integrated and submitted the code into the Open vswitch. Fabric Extension (FE) Avaya Fabric Extension allows Fabric Connect to provide elastic service extensions that can provide a more secure segmented connectivity to services. This can occur with direct Fabric connections, a key feature of Fabric Connect, or can be facilitated over service profiled IP / MPLS paths or non SPB capable Ethernet equipment. This evolution allows for ubiquitous connectivity to the core enterprise fabric and allows for the rapid and simple extension of the fabric domain and its benefits. Fabric Orchestrator (FO) Avaya Fabric Orchestrator provides the control and management of the integrated SDN Fx environment. It coordinates Virtual Network Services and their secure extension based on the authentication and authorization provided by IDE. Avaya Fabric Orchestrator also serves as a full SDN controller/gateway to manage interfaces into SDN program environments. avaya.com 4

Open Networking Adapter (ONA) Avaya Open Networking Adapter is a cost-effective, high performance intelligent edge platform linking the Fabric with the healthcare devices and providing the necessary functionality. It provides for an effective platform to support present and future SDN Fx functionality at the service edge and is unique in the industry. The SDN Fx Healthcare Solution The SDN Fx Architecture is the core of the solution and provides the intelligence, policy and control of the end-to-end solution. The solution is an application that was developed by Avaya specifically for the healthcare industry in close cooperation with our customers. The solution provides all the components pertaining to the deployment workflow, the clinical segmentation, device (group) policies, control as well as the inventory and status management. The solution also provides the single point of management pertaining to the clinical segmentation solution and as such provides a healthcare view into a complex infrastructure, thus increasing manageability and helping to lower operational cost. The figure below conceptually illustrates the clinical segmentation that the SDN Fx architecture provides, orchestrated by the SDN Fx Healthcare Solution. avaya.com 5

About Avaya Avaya is a leading, global provider of customer and team engagement solutions and services available in a variety of flexible on-premise and cloud deployment options. Avaya s fabric-based networking solutions help simplify and accelerate the deployment of business critical applications and services. For more information, please visit www.avaya.com. In summary Why wait until your environment is compromised and your patients are placed at risk? The Avaya SDN Fx Healthcare solution addresses today s challenges today with a comprehensive and extensible end-to-end solution a solution that was co-developed with healthcare providers for healthcare providers! Further Information For further information on Avaya SDN Fx, its components, overviews and uses cases, please visit avaya.com/sdn 2015 Avaya Inc. All Rights Reserved. Avaya and the Avaya logo are trademarks of Avaya Inc. and are registered in the United States and other countries. All other trademarks identified by, TM, or SM are registered marks, trademarks, and service marks, respectively, of Avaya Inc. 04/15 MIS7741 avaya.com 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback