Author Archives: Marketing

Medical Device Network Security, the prognosis is good

Are networked medical devices secure? We know that a significant number of medical devices have security vulnerabilities, known and unknown. Identifying the known vulnerabilities before a threat infects the device then eventually the network is the role of having a solid cyber security strategy in place. In Australia, the health sector has recorded the highest amount of data breaches since the Mandatory Data Breach regulations came into effect earlier this year.

The reporting tends to ignore the fact that the security of a device does not equate to the security of the system. The chants of self-appointed researchers and some fear-slinging security vendors would have us believe we’re all at risk of remotely controlled death, triggered by smart-phone.

In this article, we explore the current landscape of the network security for medical devices and architecture to ensure a secure environment.

So are medical devices secure?
The likelihood of actual harm from medical device insecurity is of course far removed from the worst case scenarios we read about in often-sensational media reporting or researcher claims. Those of us that actually work with medical systems know this. Nevertheless, vulnerabilities and threats obviously exist and medical devices are high-value targets. A better question perhaps would be “can networked medical devices operate safely and acceptable level risk to patients?”. Addressing this question, of course, is the daily challenge of professionals charged with managing risks on clinical networks.

What makes medical devices so different?
Just as for other waves of cybersecurity hysteria around IoT and Critical Infrastructure sabotage, medical devices are often cited as vulnerable to manipulation into misbehaving or leaking information. It is important to realise as security professionals that biomedical devices have unique needs that don’t always neatly fit into regular security practices. Like other critical infrastructure systems, medical devices and their local ecosystems are commissioned and tested extensively and formally so that they function exactly according to manufacturer specs. Change to these systems becomes complex, risky and expensive.

How then can devices be protected, yet allowed to communicate with all their necessary integration points – local users, remote support, external vendor monitoring systems, head-end servers, cloud-based health record services, other connected health systems?

Enter the modern security-centric network. A modern network security infrastructure can provide increasingly sophisticated protections from known attack vectors and these advances are the main thrust of this post. What’s changed? The loosely connected, hardware-centric, open networks of the past are giving way to Application Programming Interface (API) driven, integrated, software-centric, “zero-trust model” networks of today providing very powerful tools to achieve secure network architectures.

But first, let’s take a look at the external factors driving risk.

The Healthcare Threat Environment

There’s no question medical devices in clinical environments make high-value targets for cyber-criminals, where a breach of security could be both profitable to the attacker, potentially catastrophic to the victim, and very costly to a healthcare delivery organisation’s reputation.
Since the mandatory data breach notification scheme came into effect in Australia on February 22, health service providers have been top of the class when it comes to the number of data breaches reported, importantly though, a large percentage of the reported breaches were the result of either human error or a lack of basic cyber hygiene.

Threats commonly referenced for medical device security include malware infections, targeted attacks and Advanced Persistent Threats (APT’s), Denial of Service (DoS) attacks, theft, unintentional misuse and directly connected devices (e.g. USB devices).

Further complicating the security landscape the increasing integration with cloud-based electronic medical record systems represents the new risk.

Secure Network Architectures
Network Access Control (NAC) has been readily available for many years providing reliable and highly secure protection where it is needed most – at the point of access, the network edge. Pushing strong identity and access control mechanisms to the network edge using protocols like RADIUS and 802.1x, goes a long way to preventing unauthorised access. Use of a comprehensive NAC solution like the Cisco Identity Services Engine (ISE) now allows for extremely flexible deployment models, easily supporting both newer and older legacy devices – a major plus when dealing with a diverse mix of medical device capabilities.

Not only does NAC protect the wired and wireless network edge, it supports the dynamic placement of devices into segregated and isolated sub-networks (zones). Furthermore, the telemetry provided by connection attempts provides excellent visibility of not only the movement and connection state of device assets but the ability to detect unauthorised connection attempts and take action accordingly.

The Medical NAC Ecosystem
A medical grade network ecosystem centred on NAC now enables highly flexible and integrated security to be achieved. Now that a security ‘event bus’ using the likes of Cisco’s pxGrid can be tightly coupled to both the NAC system, the segregation firewalls and beyond that to secure operations platforms like SIEM and automation tools, comprehensive and integrated security is readily achievable.

These abilities go well beyond traditional network segmentation and access control mandated by most standards. Let’s consider some of these. The ability to provide effective micro (device-level) segregation and isolation policy for one. The ability to quarantine unauthorised devices before they can send a malicious packet. The ability to perform real-time behavioural analytics on traffic flows. The ability to link security systems together and share context and behaviour. The ability to respond automatically to abnormal conditions and coordinate countermeasures using API calls.

Features within the Cisco Medical NAC ecosystem are underpinned by ISE/pxGrid, Stealthwatch and optional elements of Cisco’s Trustsec architecture. Of particular note are features like these:

• Medical device profiling – More than 250 profiles for medical devices out of the box with ability to customise your own. The ability to automatically detect the device type can really boost the flexibility in policy authorisation control and provides excellent visibility into the activity of the device fleet.

• Downloadable Access Lists (dACL) – Layer-3 packet filtering at the edge, including the option for Active Directory integration for per-device/class ACL’s using custom attributes

• Identity PSK – The recently introduced capability to use multiple pre-shared keys on the same WLAN SSID, with the dual benefit of keeping the number of SSID’s low and supporting migrations, key updates and per device/group PSK

• pxGrid – Cisco’s context and event integration publisher/subscriber backbone for Rapid Threat Containment and multi-platform.

• Stealthwatch – The network flow security analytics engine, detecting abnormal network behaviour and attacks

• SIEM integration – Push logs and events into your log repository or SIEM for maximum analytical and troubleshooting value

• API driven automation and response capability – All of the products mentioned have API interfaces that your DevOps or SecOps team can take advantage of to start exploiting full visibility and control of the environment.

 

Using network segmentation to protect devices and medical records from threats requires Medical-Grade NAC. By monitoring behaviours to detect and contain threats, healthcare security can be improved drastically to mitigate risks to the organisation. Putting it all together requires some planning and experience, but the tools available today are vastly improved and proven in the field today. As the saying goes, the whole is now much bigger than the sum of the parts when the parts fit together effectively. This, of course, is just a component of the overall security approach, but as the point of control closest to the medical device, it is a critical one to get right.

Cube Cyber, a Cisco Certified provider based in Brisbane, has been delivering solutions for the healthcare industry since 2015. Contact us today on 1300 085 366 to discuss your next project.

 

 

 

References:

Office of the Australian Information Commissioner
https://www.oaic.gov.au/

US Health Care Breach register
https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

University of San Diego “Cyber Security Threats in 2018”
https://onlinedegrees.sandiego.edu/top-cyber-security-threats/

NIST / NCCoE Infusion Pump Security August 2018
https://www.nccoe.nist.gov/sites/default/files/library/sp1800/hit-wipnist-sp1800-8b.pdf 

 

Large Mining Organisation

This company employs several thousand local contractors at mine camps throughout Southeast Asia and provides WiFi Internet access as part of camp facilities. The client required a solution that would allow them to restrict access to an otherwise open WiFi network and identify and track Internet usage back to an employee identity based on their SAP employee record. The desired outcome was to integrate the Cisco ISE Guest WiFi functionality with the SAP HR database to enable both employees and contractors to login to the WiFi system using their employee ID. The team at Cube developed a customised API integration engine that integrated the Cisco ISE Guest Portal with the organisations’ SAP HR database. The bespoke solution polls the SAP database in near real-time, changes to employee records are extracted, parsed and sent to ISE via the ISE API. ISE guest access accounts are then automatically generated, these are specific to each user and remain valid for a specific amount of time-based on the planned duration of the employees stay at the camp. This unique functionality enabled both employees and contractors secure access to login to the WiFi system using their employee ID. Full operational support, training and documentation were provided post-deployment.

  • Advanced API Program
  • Real-time insights
  • Bespoke system design
  • Network Design

 

Large Global Engineering Company

Improving the security posture of a global engineering firm by implementing security controls for an existing wireless and wired network infrastructure was the primary project objective for Cube Cyber. By implementing a secure network edge across the campus network, the risk of unauthorized devices connecting to unsecured ports could be substantially reduced. Cube Cyber were able to design and implement a solution that enabled the client to leverage some of the more advanced Cisco Identity Services Engine (ISE) features such as device profiling. In addition to the overall reduction in risk, there were additional tangible benefits to the organisation, these include reduced workload on the operational support teams due to the use of automatic device profiling and simplified network onboarding for guests and contractors to connect devices to the network quickly in a high secure manner, simultaneously protecting the corporate network containing sensitive information.

  • Network Architecture and Design
  • Network Access Control
  • Endpoint Management

 

 

Own the Router Own the Traffic – Australian firms targeted by Russian state hackers

 

How resilient is your network security? Following recent tensions between Russia and a number of NATO member countries, Russian state-sponsored cyber actors have begun targeting network infrastructure devices belonging to governments and organisations of countries such as the US, UK and Australia.

The U.K. and the U.S. have blamed Russian hackers for a campaign aimed at taking control of routers inside government, critical infrastructure, internet service providers and within small and home offices. The warning came in a joint announcement from British intelligence, the National Security Council (NSC), the DHS and the FBI.

Specifically, these attacks are targeting devices such as Wide Area Network (WAN) routers that tend to reside on the external or outside of firewalls.

But how? In order to infiltrate these devices, hackers are using compromised routers to conduct spoofing (i.e., man-in-the-middle) activity to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations.

So, if such major organisations are being proven to be vulnerable, this then raises the question ‘how can I ensure my small-scale business data is protected?’ To answer this question, let’s first take a look at some common network security vulnerabilities.

Network vulnerabilities

Network devices such as external routers are easy targets, so if not correctly secured and hardened, they can provide attackers with an excellent point at which they can access your data. Once installed, many network devices are not maintained at the same security level as other general-purpose desktops and servers. In addition to this, the following factors can also contribute to the vulnerability of network devices:

  • Few network devices-especially SOHO and residential-class routers are subject to the same level of integrity-maintenance as devices located at head-office, these maintenance activities would include regular patching and software updates.
  • Manufacturers build and distribute these network devices with exploitable services, which are enabled for ease of installation, operation, and maintenance.
  • Owners and operators of network devices do not change vendor default settings or security harden them for operations.
  • ISPs do not replace equipment on a customer’s property when that equipment is no longer supported by the manufacturer or vendor.
  • Owners and operators often overlook network devices when they investigate, examine for intruders, and restore general-purpose hosts after cyber intrusions.

So how can you protect your business?

Protecting your business from hackers and malicious attacks don’t need to be stressful or even costly. In order to protect your data and safeguard your networks, our team recommend some general mitigation techniques that can be employed to ensure your external devices such as Internet routers are correctly hardened and not an easy target.

  • Do not allow unencrypted plaintext management protocols (e.g. Telnet) to enter an organization from the Internet. When encrypted protocols such as SSH, HTTPS, or TLS are not possible, management activities from outside the organization should be done through an encrypted Virtual Private Network (VPN) where both ends are mutually authenticated.
  • Do not allow Internet access to the management interface of any network device. The best practice is to block Internet-sourced access to the device management interface and restrict device management to an internal trusted and whitelisted host or LAN. If access to the management interface cannot be restricted to an internal trusted network, restrict remote management access via encrypted VPN capability where both ends are mutually authenticated. Whitelist the network or host from which the VPN connection is allowed and deny all others.
  • Disable legacy unencrypted protocols such as Telnet and SNMPv1 or v2c. Where possible, use modern encrypted protocols such as SSHv2 and SNMPv3. Harden the encrypted protocols based on current best security practice. Where possible, replace legacy devices that cannot be configured to use modern protocols.
  • Immediately change default passwords and enforce a strong password policy. Do not reuse the same password across multiple devices. Where possible, avoid legacy password-based authentication, and implement two-factor authentication based on public-private keys.

As an initial step, the team at Cube Cyber can remotely scan your external network infrastructure to ensure a basic level of security is in place and insecure protocols and services are identified where in use. We will also recommend ways to secure and harden your external infrastructure to ensure your business assets are protected and your peace of mind restored.

For more information about securing your network to mitigate risk and prevent data breaches, have a chat with the experts at Cube Cyber today on 1300 085 366 or online via this link.

Cisco Advanced Security Architecture Partner

How safe is your business data? With the rapid and continuing increase in digital transformation, the ways in which we need to protect our information assets has seen an undeniable shift. Although we’re all aware of this change, implementing strategies to safeguard digital assets is complex and requires more than simply purchasing the latest security widget or application. To really ensure the safety of your important data and business reputation, you’ll generally need the assistance of a highly qualified team of professionals with the knowledge and expertise to ensure every aspect of your business is protected, to implement risk mitigation techniques and to provide solid rectification processes should your cybersecurity be threatened. But how do you know which cybersecurity provider to trust? The short answer: find one that is certified.

What is the Cisco Advanced Architecture Specialisation Program?

The Cisco Advanced Architecture Specialisation program identifies highly specialised partners that can work with customers to design and implement Cisco most advanced technology solutions.

The Cisco Advanced Security Architecture Specialisation acknowledges organisations who have achieved comprehensive and specialised knowledge providing solutions used to detect and mitigate cyber security threats. Continually setting the industry standard for cybersecurity, Cisco provides partners with comprehensive training and upskilling required to enhance sales, design and technical knowledge in addition to validation of this knowledge through annual recertification and arbitrary auditing.

 

Why should you choose a certified cyber security provider?

When installing complex business security systems, design, deployment and maintenance must be completed with absolute precision to ensure seamless integration with your environment, which is why using a certified partner is so essential.

As all partners are required to undergo rigorous training and strict assessment in order to obtain their certification, and are required to re-certify on a yearly basis, you can be confident that they have the most advanced skills and knowledge to deploy and manage Cisco’s industry-leading systems.

Moreover, through undertaking continuous retraining and upskilling, Cisco’s partners are always at the forefront of systems and technological advances. For this reason, Cisco partners are better equipped to provide customised cybersecurity solutions to align with technical and other business requirements.

For many businesses, having an in-house IT team isn’t feasible for many reasons ranging from practicality to affordability and beyond. Engaging an outsourced Cisco partner allows you to be confident that you’ll receive the most up-to-date advice and support by an industry leading professional.

Cisco Australia’s Cyber Security Partner Specialist, Anthony Miller said “In today’s world where cyber threats can go undetected in a customer network for over 100 days, it is vital that organisations use specialised Partners such as Cube Cyber who have undergone significant training around Cisco’s security solutions. These partners bring unique abilities to be able to build out security solutions that leverage the integrations Cisco has built throughout our product set. In addition, leveraging Cisco’s Threat Research arm (TALOS) who has over 250 threat researchers and blocking 20 billion threats daily, TALOS is the co-ordination point for all Cisco’s Security Products. Cisco’s TALOS provides you access to the richest set of threat intelligence in the world. So, if we see something malicious anywhere in the world, we can block everywhere – see once, block everywhere.”

 

What should you expect from a cybersecurity provider?

When approaching cybersecurity providers, you want to ensure they’re equipped to provide and maintain the best possible solution for your individual business needs. As such, you should expect your potential provider to have a strong reputation in the industry paired with a multitude of experience in design, implementation and support of security systems that safeguard business information and reputation. To achieve this, they should be able to demonstrate a blended technology portfolio that utilises products and systems from industry leading security providers.

Cube Cyber

Through rigorous training and certification, Cube Cyber has attained the status of Advanced Security Architecture Specialisation from Cisco. This specialisation identifies Cube Cyber as having satisfied Cisco’s stringent requirements to design, sell and deploy complex Cisco security solutions. Through achieving such a high level of certification, Cube Cyber has demonstrated our ability to deliver sophisticated solutions through superior sales capabilities, technological knowledge and service offerings. Our portfolio of previous works demonstrates our superior expertise and proven track record on complex cybersecurity projects whilst always maintaining a best-for-business attitude. Our clients depend on our team to understand their individual challenges and provide recommendations for the most appropriate and secure cybersecurity solutions for their unique needs.

Cube Cyber Cisco Specialisations

Through attaining a Cisco Advanced Security Architecture partner status, Cube Cyber are certified to deliver the following products and services from Cisco:

Advanced Malware Protection (AMP)

Endpoint Security & VPN Security Clients

Network Visibility and Enforcement using Identity Services Engine

Next Generation Firewalls

Next Generation Intrusion Detection and Prevention Systems

Cloud Security, Web Security & Email Security

Security Management

 

Don’t leave your data security to chance! If you’re ready to take control of your vital business information, get in touch with the experts at Cube Cyber and organise your complimentary cybersecurity assessment today on 1300 085 366.

 

Cube Cyber is now an accredited Tufin Gold Partner.

Tufin is the market leader of award-winning Security Policy Orchestration solutions, Tufin automatically designs, provisions, analyses and audits network security configuration changes – from the application layer down to the network layer – accurately

Tufin provides enterprises with the ability to streamline the management of security policies across both on-premise and off-premise Cloud environments

www.tufin.com

Cube Cyber is now Cisco ATP ISE Accredited

Cube Cyber has met the rigorous Cisco certification requirements to become a qualified Authorised Technology Provider (ATP) – Identity Services Engine Partner. This qualification helps ensure that the Cube Cyber sales and support team are prepared to properly sell, design, install, and support the ATP program specific technology and products.

Cube Cybersecurity and the Cisco account management team will continue working together to develop and enhance mutual capabilities to support our customers.
s