Preventing Lateral Movement
While Gooden and his team rely on zero-trust principles and architecture to protect Seattle Children's clinical and research operations, they know that alone is not enough. With the growing number of zero-day exploits like Log4Shell and supply chain attacks, they also need behavior-based detection to identify and investigate potentially malicious activity within their environment. That's where ExtraHop Reveal(x) comes in.
"ExtraHop learns from the environment, correlating data points across our entire organization. It detects lateral movement and shows us where threat activity is happening anywhere in our infrastructure, regardless of the device, service, or user profile from which it originated," says Gooden. "ExtraHop gives us deep packet inspection, which is critical—especially when it comes to east-west packet movement and anomalous data detection."
Simpler Threat Hunting
Gooden and his team are also moving beyond just detection and response. "We're starting to implement things like active threat hunting," he says. "We're working more closely with our software suppliers to make sure that we understand the behavior associated with their systems and flagging anomalies so that we can collectively be proactive in closing the gaps that let attackers do what they do."
ExtraHop simplifies and streamlines threat hunting for Gooden's team with guided workflows and automated hunting techniques. And because the packet-based data source is nearly impossible for attackers to disable or modify, Reveal(x) accelerates research and validation so Seattle Children's can detect threats proactively to avoid a breach.
Security at the Pace of Innovation
While Gooden and his team spend their days securing Seattle Children's IT estate, they view their role through the lens of the organization's mission.
"We operate in an environment where thousands of children and their families rely on us to provide critical care and to continue to drive towards treatments and cures that improve outcomes and lives. Security must protect that mission without slowing it down," says Gooden.
For Gooden, that means adopting practices and technologies that improve care and accelerate innovation and scientific discovery. This includes cloud-native technologies that can support both on-premises, remote, and cloud environments and provide visibility into highly varied and specialized devices and operating systems.
"When done right, security is the tip of the spear that drives innovation," says Gooden. "When our data is secure, our operations are secure, and our patients are safe, we can focus on the work we're all here to do: saving lives."