Seattle Children's and ExtraHop Reveal(x)—Protecting More Than Data
Complete visibility to detect lateral movement
Faster threat and anomalous data detection
Security that enables scientific innovation and specialized care
ExtraHop Reveal(x) is a critical tool to help us protect data in transit and at rest. We have to see and understand how data is moving from point to point so we can quickly identify unusual or problematic patterns.
CISO, Seattle Children's Hospital
Security to Protect Quality of Care
A Fast-Changing Threat Landscape
Effectively securing a large-scale, complex, and highly regulated IT environment like Seattle Children's is compounded by an increasingly sophisticated cyberattack landscape.
"We see this every day," says Gooden. "Attackers aren't looking for a quick hit—they want to get in to learn where your data lives and how to get to it without drawing attention to themselves. So they go low and slow as they incrementally figure out how to get to our data. Ten years ago, the firewall was the thing that blocked everything. Today a firewall is nothing."
To defend against advanced attacks, Gooden led the implementation of a zero-trust framework at Seattle Children's. But even in an environment where all access is based on least privilege and must be validated, attackers increasingly use trusted software as a point of entry onto the network, leaving a defensive gap.
Trust Nothing, See Everything
Preventing Lateral Movement
While Gooden and his team rely on zero-trust principles and architecture to protect Seattle Children's clinical and research operations, they know that alone is not enough. With the growing number of zero-day exploits like Log4Shell and supply chain attacks, they also need behavior-based detection to identify and investigate potentially malicious activity within their environment. That's where ExtraHop Reveal(x) comes in.
"ExtraHop learns from the environment, correlating data points across our entire organization. It detects lateral movement and shows us where threat activity is happening anywhere in our infrastructure, regardless of the device, service, or user profile from which it originated," says Gooden. "ExtraHop gives us deep packet inspection, which is critical—especially when it comes to east-west packet movement and anomalous data detection."
Simpler Threat Hunting
Gooden and his team are also moving beyond just detection and response. "We're starting to implement things like active threat hunting," he says. "We're working more closely with our software suppliers to make sure that we understand the behavior associated with their systems and flagging anomalies so that we can collectively be proactive in closing the gaps that let attackers do what they do."
ExtraHop simplifies and streamlines threat hunting for Gooden's team with guided workflows and automated hunting techniques. And because the packet-based data source is nearly impossible for attackers to disable or modify, Reveal(x) accelerates research and validation so Seattle Children's can detect threats proactively to avoid a breach.
Security at the Pace of Innovation
While Gooden and his team spend their days securing Seattle Children's IT estate, they view their role through the lens of the organization's mission.
"We operate in an environment where thousands of children and their families rely on us to provide critical care and to continue to drive towards treatments and cures that improve outcomes and lives. Security must protect that mission without slowing it down," says Gooden.
For Gooden, that means adopting practices and technologies that improve care and accelerate innovation and scientific discovery. This includes cloud-native technologies that can support both on-premises, remote, and cloud environments and provide visibility into highly varied and specialized devices and operating systems.
"When done right, security is the tip of the spear that drives innovation," says Gooden. "When our data is secure, our operations are secure, and our patients are safe, we can focus on the work we're all here to do: saving lives."