St. Luke’s University Health Network Strengthens Zero Trust Security and Reduces Vendor Complexity with Forescout’s 4D Platform
In an era where cyber threats loom large, healthcare organizations are increasingly prioritizing cyber-resilience. St. Luke’s University Health Network has taken significant strides in this direction by enhancing visibility, minimizing risks, and adopting a Zero Trust security framework. This transformation has been facilitated through the implementation of the Forescout 4D Platform, integrated with Microsoft Defender and Azure, allowing for real-time visibility across over 40,000 connected devices.
Enhancing Cybersecurity Posture
St. Luke’s University Health Network has effectively fortified its cybersecurity measures by deploying the Forescout 4D Platform. This platform provides comprehensive visibility across a vast array of Internet of Medical Things (IoMT) devices and network endpoints, aligning with the organization’s Zero Trust strategy. Managing approximately 22,000 IoMT devices and 18,000 endpoints, the healthcare provider previously relied on outdated spreadsheets to track network assets. This method proved inadequate, as vendors could connect new devices without authorization, complicating the maintenance of an accurate view of connected assets and their security status.
The integration of the Forescout platform with Microsoft Security Solutions, including Microsoft Defender, has empowered St. Luke’s to achieve robust asset intelligence across all device types. This capability allows the organization to identify every connected asset, enforce security compliance, and quarantine non-compliant devices when necessary. Furthermore, it enhances visibility across Microsoft Defender and Azure environments, aiding in the pursuit of HITRUST certification.
The Importance of Asset Visibility
David Finkelstein, CISO at St. Luke’s University Health Network, emphasizes the critical nature of asset visibility in managing risk. He notes that understanding the assets connected to the network is essential for establishing risk tolerance and shaping security strategies. In the healthcare sector, this extends beyond traditional IT assets to include medical devices, imaging systems, IV pumps, third-party connections, and even AI-driven systems.
Before implementing the Forescout platform, gaps in visibility led to vendors connecting devices without oversight and assets appearing on the network without proper identification. This lack of visibility hindered the organization’s ability to assess exposure and build a mature Zero Trust or risk management strategy. Continuous asset discovery and inventory are vital; without them, organizations operate with incomplete information.
Risks of Outdated Tracking Methods
Relying on spreadsheets to track IoMT devices and endpoints presents significant risks. Finkelstein points out that spreadsheets create a false sense of confidence. They often become outdated quickly, relying on manual updates and inconsistent data entry from different teams. In a fast-paced healthcare environment, this approach is untenable.
The inconsistencies and potential for manipulation in spreadsheets can lead to operational and security awareness losses. If devices remain unidentified, organizations cannot secure, patch, or monitor them effectively. In healthcare, where many devices are directly linked to patient care, the stakes are particularly high. The need for real-time visibility and automated intelligence is paramount, as static documents quickly become obsolete.
Enforcing Zero Trust with Forescout
The Forescout platform has been instrumental in enabling St. Luke’s to enforce its Zero Trust strategy effectively. It provides continuous visibility and control over both managed and unmanaged assets, allowing for the identification of rogue devices and the automatic enforcement of security policies. This level of automation is crucial in healthcare, where rapid threat evolution can directly impact patient care.
Finkelstein notes the significant scale of segmentation achieved through Forescout. Many healthcare organizations struggle for years to segment departments or carve out specialized networks. However, St. Luke’s has successfully implemented macro segmentation across the enterprise while maintaining granular control at the department and device level. This capability limits lateral movement and allows for quick isolation of issues without disrupting the broader environment.
Impact of Vendor Access Control
The tightening of controls over unauthorized vendor-connected devices has been transformative for St. Luke’s security posture. Finkelstein recalls a time when vendors had unrestricted access, leading to frequent, unmonitored changes that resulted in operational disruptions and financial losses. By changing the mindset and implementing technical controls around access, St. Luke’s has regained full control over its environment. The frequency of downtimes has dramatically decreased from 30-40 per month to just two or three per quarter, with those incidents now primarily due to misconfigurations rather than unauthorized vendor actions.
Strengthening Response Capabilities through Integration
The integration of Forescout with Microsoft Defender and Azure has significantly bolstered St. Luke’s visibility and response capabilities. In today’s cybersecurity landscape, speed is paramount. The ability to quickly identify problems and respond before they escalate is crucial. The combined capabilities of Forescout, Microsoft Defender, and Azure allow for the automation of lower-level security actions, enabling teams to focus on critical areas.
This integration provides context, with Forescout delivering asset intelligence and risk prioritization, while Microsoft Defender and Azure contribute telemetry and endpoint insights. The result is a comprehensive understanding of the environment in real time, facilitating automated investigation and response workflows. If a device becomes non-compliant or exhibits abnormal behavior, the organization can swiftly identify and contain threats.
Streamlining Risk Management
Reducing the risk management toolset from 38 vendors to eight has brought consistency and control to St. Luke’s operations. The organization sought platforms that could integrate and share intelligence, providing a unified operational view. Forescout plays a central role in this strategy, offering visibility into all network-connected devices and enabling the consolidation of controls.
This consolidation has led to a significant reduction in downtime, as changes are now monitored and understood before they impact operations. St. Luke’s can now allocate more resources to proactive risk management and patient safety, rather than merely reacting to incidents.
The advancements made by St. Luke’s University Health Network in cybersecurity underscore the critical importance of visibility, control, and integration in the healthcare sector. As organizations face increasingly sophisticated cyber threats, the adoption of robust security frameworks like Zero Trust, supported by advanced technologies, will be essential for safeguarding patient care and operational integrity.
Source: www.intelligentciso.com
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
