Cyberattacks are particularly devasting in healthcare. Site outages, data breaches, and ransomware all disrupt the delivery of care and have severe financial consequences. At the same time, slow application and network performance frustrates clinicians and patients alike. Healthcare CIOs must strike the right balance between these two seemingly opposing forces – security vs performance.
Healthcare IT Today has teamed up with NETSCOUT – the technology leader helping assure digital business services against disruptions in availability, performance and security – to explore this and other topics in more detail.
Check out this entertaining on-demand webinar.
Networking vs Security
Traditionally, networking and security are seen as opposing forces.
The goal of the networking and application teams is to make sure systems function as fast and reliably as possible. Nothing makes them happier than to have data packets move between servers and endpoints as fast as possible. Performance Monitoring tools help them achieve this.
The goal of the security team is to defend and protect. More specifically, prevent threats from entering, propagating, and taking root within the organization. Their dream would be to investigate every data packet and filter out bad ones while letting good ones continue their journey. Security Monitoring tools are what they use to do this.
What is Performance Monitoring?
Put simply, performance monitoring aims to measure three main metrics:
- Availability (uptime)
- Network Performance (speed, latency, and errors)
- Application Performance (response time, dependency, failures)
When something goes wrong with any of the above, the performance monitoring tool alerts the appropriate member of the network and/or applications team who troubleshoot and correct the problem. Advanced tools can anticipate problems and send alerts before the issue becomes more severe.
What is Security Monitoring?
Security Monitoring, analyzes data about network activity, usage patterns, and other system activities, looking for anomalies and potential security threats. When one is identified, security mitigation controls and counter measures are deployed, which sometimes means the affected system is isolated from the rest of the network. A member of the IT security response team is notified so that they can eliminate the threat.
Does this mean you need separate tools?
It may seem at first that performance monitoring and security monitoring require separate tools, but that isn’t necessarily the case.
Ken Czekaj, Problem Solver at NETSCOUT, has this to say: “The Network + Application team and the Cybersecurity team many times are looking at the same data metrics, but with a different set of glasses. If I put on my Application glasses and I hear that there has been a “TCP reset”, I might think there is a network issue or a problem with a server. If I have my Cybersecurity glasses on and I hear TCP reset, I may start to think – is this a bot attack?”
Czekaj’s point is that the same “performance” metric causes a different reaction depending on which lens you are viewing the issue. He therefore questions whether you always need separate tools for performance vs security monitoring.
“Some organizations want to leverage common sets of data across teams and realize a higher ROI for the ‘visibility footprint’,” continued Czekaj. “Others want to keep the tools and the teams separate. It really boils down to the needs and requirements of the healthcare organization.”
The argument for a single tool
If you can combine your requirements to reduce the number of tools, you will get more bang for your buck:
- Common instrumentation platform
- Reduced number of software GUI’s
- Increased team efficiency of cross functional communication, workflows, and training
- One vendor to manage
- Reduced overall administration and maintenance costs
“These are real cost savings,” states Czekaj. “If you are buying two platforms and two sets of hardware (instrumentation) with 50-80% overlap, that’s a lot of unnecessary cost. You might be better off by consolidating platforms where this makes sense functionality wise.”
Using a single tool can also improve the time to triage issues. Having one source of truth (common set of data) means fewer arguments between the networking and security teams. Less argument over the data and metrics means tackling the problem sooner. This in turn results in less impact on clinicians and patients.
The argument for multiple tools
Every facet of the compute infrastructure has a security element. High availability cannot be achieved if infrastructure and servers are open to DDoS attacks. Similarly, performance means nothing if an attacker can place malware on the network that leaves systems vulnerable to exploits.
In healthcare, uptime can be the difference between life and death. There is a strong argument to be made, therefore, to use a best-of-breed approach for network and security monitoring.
“Remember that the primary goal is to not impact patient care, PERIOD,” says Czekaj. “The secondary goal is to be cost-effective in meeting your requirements and objectives. It is worth a second look to see if you can potentially consolidate network and security visibility platforms (where applicable) and reduce the need for multiple tools.”
Recommendation
Czekaj’s main recommendation is to “always to assess your business challenges, solution requirements, and expected outcomes first. Once you have the scope and outcomes defined, then you can analyze and select solutions that will meet your outcomes and objectives.”
Every organization wants to be cost conscious, and healthcare is no different. If network, application, and security monitoring solutions can be combined, real cost savings can be realized.
“This approach also opens the door to positively impact the “Defense in Depth” security mantra, by providing cybersecurity teams more and deeper levels of visibility including those for virtualized platforms and public cloud,” said Czekaj. “The increased visibility adds to the defense and protection of critical patient care services, and that is the bottom line in healthcare.”
Czekaj’s second recommendation is to “leverage as many bell and whistle features sets as possible.” To illustrate his point, Czekaj used a car example: “You would not buy a high-end sports car, just to drive it at 35 MPH. Along the same vein, nor would I deploy a visibility solution and not try to address network, cybersecurity, application, unified communications, cloud, etc. groups and their use cases.”
Healthcare is extremely dependent on technology, networks, and applications. The goal is to empower teams to quickly triage and mitigate these situations and avoid impacts to caregivers and patients.
To hear more from Czekaj be sure to watch this on-demand webinar.
