On November 20, 2023, the Cybersecurity Infrastructure and Security Agency (CISA) issued guidance for healthcare delivery organizations (HDOs) struggling to secure their data and systems against a growing and pernicious onslaught of attacks from threat actors across the globe. The purpose of CISA’s Mitigation Guide: Healthcare and Public Health (HPH) Sector is to articulate “best practices to combat pervasive cyber threats affecting the Healthcare and Public Health (HPH) Sector.”
In our second blog in this series we covered how Ordr supports best practices around Mitigation Strategy #2: Identity Management and Device Security, including the value of gaining real-time visibility into device details. In our final of the three-part series, we look at CISA’s third Mitigation Strategy: Vulnerability, Patch, and Configuration Management to learn the focus areas CISA has called out and how Ordr helps healthcare organizations successfully address these challenges.
As it turns out, Ordr’s approach to cyber asset security, and our investments in data-based innovation means we’ve solved many of cybersecurity’s hardest problems, allowing our customers to create and execute strategies that address some of the most vexing challenges faced by healthcare organizations. By enabling healthcare (and any other!) organizations to See all assets in real-time including network connections and communications, Know the vulnerabilities, threats, and risks of each asset, and Secure every asset with automated policies to stop active attacks and proactively reduce the attack surface, our customers can better meet the goals CISA has identified.
“The process involves proactively scanning devices and systems for vulnerabilities or technology flaws that threat actors could exploit.”
CISA says that, to meet the goals of Mitigation Strategy #3 means “proactively scanning devices and systems for vulnerabilities or technology flaws that threat actors could exploit.” That is squarely in Ordr’s wheelhouse.
Our Ordr Data Lake–containing a library of millions of individual device profiles and access to extensive threat intelligence libraries–enables advanced analytics and maps vulnerabilities from information in the National Vulnerability Database and manufacturer databases. Using these resources, security teams can identify vulnerabilities and other critical information like product recalls, FDA restrictions, and weaknesses like outdated operating systems; weak, default, or no passwords; and other details essential for proper management and protection. Our passive vulnerability scanning approach does not impact sensitive medical devices.
When it comes to vulnerability management, security teams need to consider the entire lifecycle process.
Ordr identifies devices with vulnerabilities and risks like obsolete operating systems, and unpatched or unauthorized software. We can also see which devices require attention because they contain protected health information (PHI), have recalls, or display risky communications and anomalous behavior. Then, Ordr applies a real-time risk score to each asset that helps the organization prioritize remediation and mitigation efforts, enabling optimized lifecycle vulnerability management with existing tools. This includes integration with existing workflows, as well as dynamic policy creation to segment assets that cannot be patched.
Because the Ordr Software Inventory Collector automatically gathers software details directly from assets it provides a real-time software bill-of-materials (SBOM) for both managed and unmanaged devices. That allows organizations to identify endpoint detection and response (EDR), mobile device management (MDM), disk encryption, and other elements that support the organization’s security standards before they are allowed onto the network by network access management solutions. That means the organization’s change management solution has a reliable and secure configuration to start with.
While the CISA Mitigation Guide: Healthcare and Public Health (HPH) Sector is intended as a framework for improving the security of every healthcare organization, every enterprise requires a unique application of the strategies and principles outlined in the Guide. That means gaining a complete inventory of every cyber asset and understanding its configuration details and operation. Ordr has the technology and healthcare-specific domain expertise to help improve the security posture and adopt a Zero Trust approach to cybersecurity.
The challenge may seem overwhelming, but with the right resources it can be done, and easier than you might think–and Ordr can help. To get started, download our new white paper, Mapping Ordr Capabilities to CISA Mitigation Guide: Healthcare and Public Health (HPH) Sector, then contact us with your questions.
*** This is a Security Bloggers Network syndicated blog from Ordr Blog - Ordr authored by Wes Wright. Read the original post at: https://ordr.net/blog/cisa-mitigation-guide-for-healthcare-organizations-part-three/