In my prior blog, I walked through the 101 of Zero Trust and what that means for healthcare delivery organizations. The context is sometimes taken for granted so I thought it was important to get the basics down first. What many security professionals have told me as well is that zero trust is becoming table stakes and everyone says it. They add that what’s important is to demonstrate how to action zero trust and make it real-life applicable. Let me begin with how to do that through Device-Centric Risk Management (DCRM) .
Achieving Zero Trust Gradually with CyberMDX DCRM
CyberMDX Device-Centric Risk Management (DCRM) is a layered approach to cyber security that protects each device, driving remediation and mitigation directly on your medical and IoT devices. Zero Trust is one of the prominent tools in the DCRM toolbar. Utilizing a combination of on-device, on-network, and on-perimeter mitigations and remediation actions, DCRM secures patient safety, data confidentiality, and care delivery.
Good cybersecurity is not an ‘all or nothing’ game. People might think of it in such way when it comes to implementing Zero Trust models, which could make the project seem impossibly daunting, and to be avoided altogether.
DCRM enables implementation of Zero Trust in gradual way by providing the workflow to answer two fundamental questions:
- Which device group should I handle next (from risk perspective)
- What can I do – all remediation and mitigation options including the Zero Trust allow-list policies.
The “crawl, walk, run” approach enabled by DCRM offers sage guidance. Start with a small well-defined scope, operate in a monitoring and evaluation mode for a reasonable period, move gradually to an enactment mode, inform the process with experience and feedback, and then move to expansion mode.
5 Steps to Achieve Zero Trust on Your Clinical Networks
- Map – We start with identification and classification of the assets. We then group them into meaningful groups for scalability, identify the groups that could utilize network authentication (such as 802.1x authentication) and map the trust relationship between the groups. DCRM further allows prioritizing the groups to take actions on according to the current vulnerability and risk posture
- Plan – We identify the policy enforcing solutions and the enforcing points to maximize the Zero Trust value. The policy enforcing solutions may include perimeter firewalls, internal segmentation firewalls, NAC systems and distributed firewalls. Each solution might have a different coverage, which depends on where it is implemented, and where is the enforcing point. Understanding the limitations and coverage of each solution is essential for maximizing the impact. Various technologies such as TrustSec or dACL (downloadable/dynamic ACL) should be considered.
- Define – We define custom-made allowlist policies per device group, according to the plan. The allowlist policies may be stricter (restricting specific IP addresses/Subnets/SGTs) or more robust, according to the mobility of the devices, the complexity of the policies, the risk posture and the desired security requirement.
- Validate – We validate the allowlist policies by applying the policies to the enforcing solutions in monitoring mode, meaning violations of the policies are logged, but no actual enforcement is done. This is an essential step in approving the policies and moving to the last step which is having them enforced.
- Enforce & Monitor – Once the policies pass the validation phase, we are ready to deploy them. Yet, applying the policies is not a ‘implement once, run forever’, as situation is rather dynamic - new devices join the network, new software version might be installed - and might be impacted by the enforced policy.
CyberMDX enables Zero Trust efforts by providing automation across the board, from the discovery and mapping of connected devices and interactions, the prioritization of device groups, proposing the allowlist policies based on their baseline, and orchestrating the push of policies into the enforcing solutions. In addition, CyberMDX helps with detection the dynamics involved with new devices that get on board, or new software versions detected.
An allowlist policy for the GE CT Scanners group
DCRM - More Than Just Zero Trust
Zero Trust is a great approach to cybersecurity for hospitals and in general, but it is certainly not enough on its own. Any strategy that relies on it alone, will fall short. Zero Trust has limitations – it can reduce the chance of an attack but not entirely eliminate it. It is also not always a viable option due to complexities of the communication, the long setup time required to validate it, and its resource-intensiveness.
DCRM has more than just Zero Trust to offer – as it enables a more tangible network mitigation process - a blocklist-based mitigation. Some organizations are not yet ready to implement micro-segmentation, but are in need of immediate mitigation that provides resilience to some worm-able vulnerability, without going through the process that is required to approve an allowlist policy. In addition, all on-device actions, including patching vulnerabilities, adding an anti-virus solution, or changing a default password add their part to gain something more comprehensive and complete, more tangible and with shorter time to value.
For More Information:
If you want to learn more, below are several sources for your reference.
- Blog – Zero Trust 101: What It Is and What It Means for Hospitals
- Webinar – Device-Centric Risk Management (DCRM): 5 Use Cases for Streamlining Vulnerability Remediation and Mitigation
- Case Study – CyberMDX Brings Device-Centric Insights Across 60+ Models to Englewood Health
- Brochure – CyberMDX Healthcare Security Suite