Securing a hospital's IT is a difficult task. From the viewpoint of a cyber-criminal, the data found in a network like this is valuable and can generate good profit once distributed in the underground economy.
Therefore, protecting a hospital from common and targeted cyber threats requires the ability to explore in-depth all components of the IT infrastructures because it is not just about firewall logs and IDS alerts.
ESI INENDI helped one of its customers face this challenging issue by allowing the great diversity of sources of logs to be easily integrated to the investigation process and to be correlated in an efficient way.
Where SIEM and standard correlation tools make the integration of all these data sources a complex or costly operation, INENDI Inspector opens a new way. The visual and intuitive investigation platform of INENDI Inspector offers a natural way to capture correlations between different data sources.
Moving back and forth between the logs of network’s equipment (such as switches) and critical network’s services (such as Active Directory, DNS, DHCP or Radius) is no longer something that needs to be done through a database technology, which usually kills one’s ability to investigate in an intuitive way.
This 360° investigation can be managed very efficiently using INENDI Inspector.
In a hospital which invested in that approach, it was possible to detect major technological issues in the network. As an example, let’s mention a subtle incompatibility between a server-side load balancing technology and a switch technology used to provide HA that was, in the end, causing serious troubles to some important applications hosted by the cluster of servers. Achieving such a correlation a priori would have been very difficult in a SIEM.
This issue also highlighted a security weakness in the way the configurations of the switches were handled. It also pointed out a major design flaw on the VLAN architecture that needed to be fixed quickly.
From these low-level considerations and observations it was then possible to focus the investigation to upper-level features and critical services (as seen and exposed from multiple sources and points of view).
Again, the benefits from this 360° visibility were numerous in all parts of the IT system and were worth the effort.