22 Aug Three Reasons SOAR is Needed to Secure Healthcare IoT Medical Devices
By Tom Young, Executive Vice President of Worldwide Sales
In his published research, “Evolving IoT Security Risks Demand New Approaches from Healthcare Delivery Organizations,” ID G00355342, Gartner Analyst, Gregg Pessin, provides key insights into the profound impact Internet of Things (IoT) medical devices have on security along with recommendations to address the growing risk.
Some of Gregg’s key insights include:
- Medical IoT devices change the state of the digital environment and generate tremendous amounts of data that needs to be managed
- Most IoT devices are unattended, which create easily avoidable vulnerabilities that lead to cyber risk where these devices support machine-to-machine (M2M) connectivity
- While trusted machine-to-machine (M2M) connectivity is possible with newer IoT devices, most legacy devices don’t support it, creating gaps in visibility and automation
Based on these insights, and the rest of his research note, Gregg also provides great recommendations for Healthcare Delivery Organizations (HDOs) to manage their growing IoT cyber risk. Here’s a high-level summary of Gregg’s recommendations:
- Define a holistic device security strategy to address identity/credentials, as well as real-time visibility and control
- Consider leveraging cloud-based IoT device management platforms to address the challenges of managing this data at scale
- Take a blended approach to modeling IoT risks using other strategies for managing security risks, such as mobile and cloud
- Add behavioral monitoring to existing IoT devices in order to identify potential threats
While these recommendations appear to suggest that a holistic approach is taken to identify and limit IoT risk, they, unfortunately, fail to address the most difficult challenge – operationalizing IoT risk management. In other words, after developing a strategy, establishing a management and monitoring infrastructure and modeling behavior to flag anomalies, then what?
First, the process of identifying IoT medical devices for visibility and control is a challenge in and of itself. Many devices were never built to be online, or if they were, they weren’t built with the security and controls necessary to reduce risk in today’s threat landscape. Specialized tools are needed to identify the network traffic of the medical device, down to the vendor, make and model, such as CyberMDX, because that information is needed to address containment and remediation.
Second, the legacy nature of these devices makes the blended approach challenging, especially in cloud environments. Much of the infrastructure needed to support legacy devices isn’t available on a modern SaaS platform and would require a private cloud or on-premise deployment. Specialized tools for cross-public/private workload visibility, such as Caveonics, are needed to incorporate visibility and control of these device platforms with core IT workloads.
Finally, it is not possible to automatically manage or remediate medical IoT devices with machine-to-machine (M2M) communications. In addition, a large number of these devices are remotely managed by the OEM vendor, not the HDO. Still, other devices actually require FDA approval before they can be updated, changed or patched. Because these devices are actively used to deliver patient care, it is important that the security processes needed to identify, protect, detect, contain and remediate cyber risks are well-defined, flexible and incorporate both human and automated actions. In other words, these processes should be instantiated and executed within a Security Orchestration, Automation and Response (SOAR, as defined by Gartner) software platform. The benefits of SOAR include consistent execution of complex workflows comprised of human AND machine-driven actions, as well as an auditable system of record for all these processes, which provides the basis for analytics and improvement.
So, while Gregg’s research shines light on many critical components of a successful IoT security strategy and management, the recommendations are missing the one that HDOs should investigate and invest in to close the loop on all of the complex processes needed. Security Orchestration, Automation and Response (SOAR) platforms codify these processes so HDOs can properly operationalize all the technologies associated with healthcare IoT management, visibility and control to protect and mitigate cyber risks.
White Paper: Reduce Phishing in the SOC
White Paper: Addressing Analyst Fatigue In The SOC
Ebook: Stop Drowning In Security Alerts
Syncurity’s award-winning IR Flow Security Operations and Incident Response Platform
IR Flow Product Overview Datasheet (pdf)