Connected medical devices help clinicians deliver faster, higher quality care, but they also create an attack surface that most healthcare delivery organisations (HDOs) are not prepared to protect. These devices lack inherent security controls, they cannot easily receive software updates, and they are not seen nor managed by traditional security products. All of this puts sensitive data, day-to-day facility operations, and patient health at risk.
Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged medical and IoT devices. The Armis platform discovers every device (managed, unmanaged and medical) on and off the network and analyses behaviour to identify risks, such as ransomware spread, and can quarantine devices, medical or otherwise, thereby protecting critical patient information and systems from attacks in real-time.
“Armis, which is cloud-based, agentless, and integrates easily with existing network and security products, passively monitors wired and wireless traffic on a network and in a medical facility’s airspace to identify every device and to understand their behaviours without disruption. The Armis Risk Engine then analyses this data and uses device profiles and characteristics from the Armis Device Knowledgebase to identify each device, assess their risks, detect threats, and quarantine suspicious malicious devices automatically,” said Andre Kannemeyer, CTO at Duxbury Networking, suppliers of Armis solutions in South Africa.
Armis discovers and classifies every medical device, as well as regular managed and unmanaged devices, in the medical environment. It can even identify off-network devices using Wi-Fi, Bluetooth, and other IoT protocols in the environment – a capability no other security product offers without additional hardware.
“In addition to discovering and classifying a device, Armis calculates its risk score based on factors like vulnerabilities, known attack patterns, and the behaviours observed of each device on your network. This risk score helps your security team understand your attack surface and meet regulatory requirements to identify and prioritise vulnerabilities,” said Kannemeyer.
In addition, device usage and location are critical to the bottom line of any healthcare organisation. “You need to know where they are, how much they are used, or if they are sitting idle. Armis tracks each device, its IP and where it is on the network. It will even let you know if they move between floors or buildings. It also sees traffic and associates use of each device for utilisation reporting, helping you get the best return on investment for your medical assets,” added Kannemeyer.
Armis is also a valuable tool in the related field of pharmaceutical and life sciences cyber-security, where three areas of the business lack robust security controls because the devices in these areas are not visible to traditional security tools.
· R&D labs. These are hotbeds of innovation. Researchers and scientists have the latitude to use the instruments and applications that they want to use, often without prior review by the security team. As a result, the security team cannot adequately monitor or secure these instruments.
· Manufacturing labs. Validation requirements, outdated devices, old software applications, and the general sensitivity of the manufacturing lab environment make traditional, agent-based security systems difficult to apply. In addition, known software vulnerabilities in these labs are rarely patched because downtime is too costly to the business.
· The enterprise. Common devices such as IP video cameras, HVAC systems and smart TVs connect to the enterprise network on a daily basis. All of these Enterprise ‘IoT’ devices are vulnerable to attack, but patching them is difficult and they cannot be secured or monitored by onboard agents.
“Each of these areas are blind spots for your security team, putting you at greater risk for cyber-attack. The impact could be very serious:
· An attack on lab equipment can lead to delays in product development and manufacturing, potentially causing substantial monetary losses.
· An attack on research computers can lead to theft of intellectual property and lost strategic advantage.
“The Armis agentless device security platform allows security teams in the pharmaceutical and life sciences industries to properly secure all connected devices and computing resources—without any disruption to the business. Armis requires no agents or additional hardware to deploy, so it can be up and running in minimal time,” said Kannemeyer.
Armis provides the following security benefits:
· Visibility. Within minutes of being deployed, Armis shows you things in your environment that were previously unknown and invisible, such as connected devices that do not have security agents installed. Armis discovers and classifies every managed, unmanaged, and IoT device in your laboratory and manufacturing environment including connected laboratory instruments, automation equipment, thermostats, locks, lighting, HVAC controls and personal smartphones.
· Proactive risk mitigation. Armis generates a risk score for each device based on factors like software vulnerabilities, known attack patterns, and the behaviours of each device on your network. It compares real-time device activity to established, ‘known-good’ baselines that are stored in the Armis Device Knowledgebase. When a device in your environment operates outside of its known-good profile, Armis issues an alert or triggers automated incident response.
· Automated incident response. When Armis detects a threat in your environment, such as a misbehaving device, Armis can alert your security team and trigger automated action to stop the attack. Through integration with your switches and wireless LAN controllers (WLC), as well as your existing network control points like firewalls and network access control (NAC) systems, Armis can restrict access or quarantine suspicious or malicious devices.
“For security professionals in large organisations within various market sectors looking to protect their company from the ever-expanding threat landscape introduced by unmanaged devices that can’t take an agent, Armis provides the leading agentless device security platform purpose-built to protect the world unmanaged and IoT devices, providing real-time and continuous asset inventory, risk management, detection and response,” said Kannemeyer.