Case Studies

Case Study: Managed Threat Detection

Healthcare providers must manage both patient health and credential data. They have also seen the introduction of many new health devices that connect to a hospital‘s networks but don’t have the traditional defenses of business systems. The healthcare industry continues to see new attacks impacting hospitals and health providers including ransomware and destructive malware, which impacts access to patient data. With the regulations, including HIPAA, these attacks were costly both because of the impact of the attack and the impact of the breach of compliance. In October 2018, Anthem was fined $16 million in a record HIPAA settlement for a data breach. Anthem was held responsible for cyber attacks that stole the protected health information of close to 79 million people.

Recently a regional hospital that sees almost 200,000 patients a year engaged BluVector to deliver a managed threat detection solution. As a regional hospital resources are at a premium and for this provider, helping augment the existing security team was critical as they were challenged to pass compliance-required penetration testing​. Consumed with chasing false positives, the team decided to deploy BluVector® Cortex™ as a managed service.

Solution

BluVector, deployed as a managed service, provides this regional hospital with an AI-driven network security platform to detect fileless and file-based threats. Delivered with 24×7 management from highly skilled threat analysts, the solution is enabling the existing security team to focus on what matters most – responding to legitimate security attacks.

Components of the managed service include:

  • Network traffic analysis and metadata logging
  • AI-based detection of content-based zero day and polymorphic threats
  • Fileless network threat detection
  • Rules-based detection of known network-based threats
  • Alert prioritization (Hunt Score Determination)
  • Threat hunting workbench
  • PCAP and offline file analysis
  • Connectors framework (integration of 3rd-party tools including common hunting tools, SIEMs, firewalls, endpoints)
  • High severity product maintenance
  • System configuration management
  • Proactive system updates and upgrades
  • Proactive product tuning and retraining
  • 24×7 monitoring and event adjudication
  • 24×7 high priority alert escalation

The Result

  1. The hospital passed its compliance-required penetration testing
  2. The hospital maintained 24×7 security without requiring additional personnel, resulting in a higher level of cyber-readiness for less cost​
  3. In the first 30 days, BluVector discovered existing compromised hosts and detected multiple file-based attacks which were quickly highlighted for resolution​
Interested in learning about BluVector?Contact Us >