On October 1st, the opening of the Affordable Care Act (ACA) healthcare exchanges, and the many glitches and outages they suffered, provided an opportunity for the tech press to get in on the Obamacare action, reporting on the level of preparedness (or lack thereof) demonstrated by the various state and federal websites comprising the exchanges.
Despite the furor, neither the reporters nor the experts with whom they spoke seemed especially surprised by the problems. When new technologies are rolled out on a large scale, there are bound to be glitches, as recently experienced by Apple's iOS 7 and the online version of Grand Theft Auto V. All of these problems cause headaches for consumers, but when it comes to the healthcare exchanges, there is a great deal more at stake.
While the media and consumers might be willing to forgive website slowdowns and crashes, the lack of preparedness and insight into the problems happening with the IT environment underscores a scarier, more insidious issue: If the healthcare exchanges can't ensure performance and availability, are they really prepared guarantee the security of patient information and ensure regulatory compliance on such a massive scale? Persistent advanced threats, zero-day attacks, and even security issues as basic as a stolen laptop can put private patient information at risk. Protecting that data will be of paramount importance as more and more patient information goes digital.
Pervasive Monitoring: Ensuring Compliance and Security When Prevention Is FutileIn his May 2013 report titled Prevention Is Futile in 2020: Protect Information Via Pervasive Monitoring and Collective Intelligence, VP and Gartner Fellow Neil MacDonald wrote: "Part of the answer to the seemingly insurmountable problem of how to identify attacks without signature-based mechanisms lies in pervasive monitoring to identify meaningful deviations from normal behavior to infer malicious intent. If you assume systems will be compromised with advanced targeted threats, then information security efforts need to shift to detailed, pervasive and context-aware monitoring to detect these threats."
The ExtraHop compliance and security solution delivers continuous, real-time auditing and anomaly detection across the entire application delivery chain, analyzing all wire data, including encrypted traffic, to deliver visibility and intelligence that mitigates risk and helps ensure compliance with both internal policies and regulations such as HIPAA, PCI DSS, and SOX. This pervasive, context-aware monitoring delivers correlated, cross-tier visibility and anomaly detection that complements intrusion prevention (IPS), intrusion detection (IDS), and security information and event management (SIEM) systems.
With context-aware monitoring from ExtraHop, IT teams can:
- Identify and investigate potential SQL injection attacks by analyzing queries in real time.
- Audit data flows in to and out of the IT environment: how much data and how often.
- Baseline performance and track changes that could indicate a DoS attack (in cases when activity spikes) or misconfiguration or malware (when activity is too slow).
- Monitor unauthorized access to applications according to group policy.
- Track access to sensitive data stored on specific storage partitions.
- Support compliance efforts with audit logs of all unauthorized access attempts and other reports.
Wire Data Analysis Provides Context for IT Security
Learn about the ExtraHop compliance and security solution for healthcare. Download the datasheet.Whether it's patient data traversing the networks of the healthcare exchanges, or credit card information being used for e-commerce, for IT administrators tasked with protecting consumer information, the ability to see in real-time how all systems are communicating over the wire is essential—now more than ever. Real-time wire data analysis provides the context that IT teams need to protect against threats that exploit vulnerabilities in the system, or that try to break in with brute force. With ExtraHop, IT and security organizations can benchmark typical behavior, including records access, allowing them to clearly delineate the parameters of "normal" activity. Persistent visibility allows teams to easily spot anomalies occurring in the system, and leverage traditional security systems to evaluate and defend against the threat. Try our free, interactive online demo to see the power of wire data for yourself.