For any perceived threat, either real or potential, the organisation receives notifications virtually real-time. Payne says he has received hundreds of alerts since implementation, but in only one occurrence did he need to take action. A warning about a type of Trojan virus recommended that his team scan the internal systems to make sure nothing got through the defences. It was more of a precaution rather than anything, he explains. We found nothing. They assured us that it has been caught but because of the nature of the virus, they wanted us to take some additional action.
The team also receives updates reporting on information such as the tracking of suspicious activities and detailing the type of attacks such as denial of service, through the vendors DeepSight system. This provides early warning and actionable information about relevant potential attacks, including prioritisation of events according to the threat they pose to Healthes network. The actionable information includes a list of recommended tasks to Payne and his team. For a particular type of virus activity, specific tools will be suggested to the network team to run.
Quality over price
Another useful data provided in the reports are the attempts made to gain access through secured ports. Typically in our environment we only have one open port, and thats pretty much the secured port access into the environment, Payne says. If we see people trying to get access into the secured ports, it is typically an indication that someone is trying to get into the system.
The resulting action would be to backtrack where the attempt occurred from and if required, law enforcement agencies would be engaged to identify the location of attacks.
Payne feels that the security system offers a good delineation of responsibility. I would say more than 95 per cent is dealt with on the perimeter by Symantec. The remaining five per cent is actually general maintenance that we do, like regular virus scans, regular port access, security scans and so on.
With the outsourcing of information security, Payne estimates that he can save on the costs of hiring three to four experts to run the same activities. However, the real value comes from the security offered by the system, he claims. The quality of service and preventative strategies mean I am not going to be compromised. I mean, can you imagine if an Olympic athletes personal health record was disclosed on the Internet? he says.
Test to sell
One key aspect of the information Payne likes to sell to prospecting buyers is how the Healthe Me system passed a penetration test with flying colours. He engaged vendor Verisign to conduct 180 different types of hacks ranging from denial of service to security penetration from 49 countries, without notifying when the attacks would occur. Vendors Symantec and Verizon were not told of the attacks either, adds Payne.
Sign up for Computerworld eNewsletters.