- Infrastructure technology is evolving quickly and organizations are subsequently faced with more sophisticated healthcare security threats. Simply monitoring and reacting to malware and other security threats are not enough to protect the network. Organizations need to take a more proactive approach to HIT infrastructure security.
Modern health IT infrastructure security begins with network monitoring, but security needs to extend beyond that, Veriflow CTO Dr. Brighten Godfrey explained to HITInfrastrucutre.com.
“Any time you're building a complex system, you want to be monitoring what’s happening,” he said. “Imagine you're driving a car with your eyes closed. That’s not a good situation. You can point the car in the right direction but if you’re not paying attention to what’s happening, you will veer off course.”
While monitoring is an important part of network security, a comprehensive security solution requires more. Taking a proactive approach as opposed to a reactive approach is the biggest distinction between traditional network security methods and modern security methods.
“Some sort of network monitoring is critical, and it’s always been critical,” Godfrey explained. “That’s been done by monitoring ongoing traffic, which can be done with sampling traffic that’s flowing through the network or sampling some kind of metadata like the source and the destination, for example. Even if you're not gathering all of the contents.”
“In some cases, you will log everything that’s sent,” he continued. “There’s a range of what you can do and there are more mature techniques.”
Organizations need to be able to know and predict their network’s weaknesses. That way, entities can defend against cyberattacks before PHI is compromised. Tools are needed to collect and present complex security data so it can be used to protect the network.
“There’s this modern trend of using automation, particular machine learning, to understand complex data,” said Godfrey. “You can try to look for trends in monitoring or in monitored flow, using traditional monitoring methods and using machine learning.”
These techniques have been the go to methods for network monitoring. However, verification is another layer of security that can help organizations gain actionable insight into their network.
Formal verification is a valuable tool for healthcare organizations because it helps entities ensure that their network software works the way it’s supposed to. Verification uses a mathematical system to analyze the design of the network and continuously verifies it as it’s constantly changing.
“The reason verification is critical for network infrastructure is due to complexity,” said Godfrey. “Previously, you would put a packet into the network and it would come out the other side, but, today there’s a lot more complexity.”
“There’s dozens of vendors and new layers like virtual networks in the cloud,” he added. “There might be thousands of firewall rules where the network is assisting with security and many vendors’ products need to be integrated and networked together.”
Verification lets organizations look at the data flowing through the IT system. Instead of looking at the way the system is being used, organizations can see how the system could be used.
IT administrators can examine forwarding tables, access control policies, and network structure. From there, administrators can figure out if a certain use case is possible, regardless if it’s ever been done before.
“Verification is more truly predictive because it’s saying, ‘I can have mathematical confidence in what could happen in the future, even if it’s completely unexpected relative to what’s happened in the past,’” explained Godfrey. “This is important because attackers are doing the unexpected and they often know your network better than you do.”
Verification gives organizations assurance of what could happen based on data collected from the network. Entities don’t need to wait for a certain network weakness to be exposed before protecting it.
“Traffic monitoring is the traditional technique that looks at data that’s flowed through the network recently, or in the past, and extrapolate from it,” Godfrey concluded. “Verification is giving this assurance on everything that could happen in the future, regardless of whether it’s similar to what’s happened before or not.”
Adopting a proactive approach to network security is the only way healthcare organizations can successfully defend against evolving cyberattacks. Network verification is one way entities can have a more active role in their security.
Finding network weaknesses before the cyberattackers do, and fortifying against those weaknesses, will help organizations protect themselves from many cyberattacks.