Transcript
so that we're not causing a lot of noise for users that don't necessarily need to see certain information to do their jobs. So if we dive in here and we want to look at the device overview, we're going to be spending most of the time today talking or bouncing back and forth between this device and this risk tab, but this provides us that visual representation of the variety of devices within our environment. Again, whether we're talking about fleet devices in the healthcare realm, building management controllers, things as innocuous as printers and scanning machines, just showing again that variety of devices that make up the modern healthcare environment. Now, if I dive into medical devices here, we can begin to look at what this profile looks like. So what is this asset data table looking like? What are the IP and MAC addresses that we're picking up? Where are the bulk of manufacturers, model numbers, what are the operating systems in this environment? All of these different things that help us create this profile of devices on the network. Individually, however, we can start to pick up 100 plus assets on these, or 100 plus profile points on these devices to help, again, build that complete foundation for those downstream compensated controls and cybersecurity controls that we can put around these devices to ensure that they can still perform their function. So if I want to dive in here to a specific device, I'm going to pick an MRI machine for a moment. Yeah, we'll just do this first from the Siemens Magnetime. So going back to the slide that I showed, you can see here, this is that device's attribute table. So we've got these custom labels. Who are the assigned departments or users? Does this device have an associated MDS2 file? And then really digging into that information that's either discovered or determined based off that packet information. So what is its IP, its MAC address? Who is the manufacturer, the model number, the firmware version? Is it a mobile device or a static device? What is the guest network? I'm sorry, what is the VLAN that it's on? If it's integrated with a CMMS, what is that CMMS's serial number? All of these different things that help us, again, build that platform, build that foundation of further downstream controls. Things like understanding its risk and vulnerability fully contextualized to this healthcare environment. So of course, because this device is involved with patient care, it's always going to be a severe device. So perhaps we can't lower the risk in that vein, but maybe we can look at the device vulnerabilities for the network risk profile to help understand, again, what compensating controls we can put around this device in order to make it sit within a more acceptable tolerance of risk in the environment. So if I come in here to the risk simulator, I can pull this up and I can say, well, you know what? I can't change the severity of this device, but what I can do is I can put an optimized ACL around it and I can see what impact that is going to have on my risk score. Now, where this risk score comes from, I will show you in a few minutes, but we can start to play with, okay, we've tailored this risks tolerance profile to our unique network. What are the things that I can do to make sure these devices fit within that network risk? Something like the operating system, for example. This is not something you can necessarily control in your environment. The manufacturer probably will not come out and put a new operating system on your device, but you can put something like an optimized ACL around it to ensure that it can only perform its optimized function or only performance clinical function, rather. All in all, Medicaid, of course, has many recommendations for things you can do to lower this risk score to a low category, and we'll dig into those a little bit further down the road. Other things that we will provide are insights on this device, so is it sending information back to the manufacturer? Really important, when does this device store health information? These are devices that, depending on your regulatory environment, you may need to pay extra close attention to. We can look at, again, what switches is this on? What are the policies that are wrapped around it? And then what do these policies look like when you look at the device communication profile? So we're looking at here what this device communicates with throughout the network and which of these communications would be in or out of policy, depending on how that policy is constructed. One other thing that is very, very useful in terms of visibility is providing the utilization profile of this device. So we can see here that, based on the hospital's utilization parameters, this device is only used about half the time, typically operates between 7 a.m. and 8 a.m. However, it's used about 11 hours a day. We can start to look at what these blocks look like in terms of its scheduling. How many examinations does this device do per day? What does the profile look like in terms of examinations over time? Because this is a scanning device, what body parts is it scanning? So really just building that very, very complete device profile of exactly what is this device? How is it communicating in my network? How am I using it so that I can then use this information to start driving better decisions from a security standpoint, from an operational efficiency standpoint, from a financial standpoint? You have all of the information that you need to go and make these decisions.
