Security and IBM QRadar

West Tennessee Healthcare is trusted with the health and wellbeing of more than half a million people living across 9,000 square miles, covering 19 counties in West Tennessee and southeast Missouri. It’s a trust built over more than 70 years by the thousands of compassionate physicians, nurses, and caregivers working in the 90 locations that make up West Tennessee Healthcare.

The Business Challenge:

Healthcare providers are being specifically target for ransomware attacks. As a major healthcare system serving a wide area, West Tennessee Healthcare needed to enhance their security program to stay in front of the threat. As the result of a security controls review, Mainline identified that West Tennessee lacked visibility into end user activity and network traffic and was in need of a security intelligence platform to monitor and investigate security events.

The healthcare system also had a small staff with a shortage of security expertise. West Tennessee had considered other security solutions, such as Splunk, but found them too expensive and complicated.

Identifying, assessing, and managing risks were priorities for West Tennessee. However, with a limited budget and resources, the healthcare system’s key considerations in adopting a solution included cost and reliable performance.

Clayton Phillips, System Vice President & Chief Information Officer at West Tennessee Healthcare, explained that “Being charged with the responsibility of ensuring the confidentiality, integrity, and availability of patient data, coupled with the ever-increasing front-page news stories of healthcare organizations being attacked, I quickly concluded that ‘I need to know what I don’t know.”

The Solution:

IBM QRadar
With IBM QRadar, organizations gain a robust security information and event management (SIEM) solution. QRadar is easy to use and compatible with existing security solutions, smoothly integrating into the current environment. In addition to SIEM functionality, QRadar also provides user behavior analytics (UEBA), as well as integration with vulnerability platforms to prioritize risk-based investigations or threat hunting efforts.

QRadar exceeded West Tennessee’s requirements, providing capabilities that otherwise would have overrun their budget. The analysts now have full visibility of the enterprise via a central dashboard.

Security Assessments
Mainline provided a broad range of security assessments, including a vulnerability assessment, HIPAA compliance assessment, and a controls review. These assessments identified gaps in the client’s security program, highlighting the priorities for the West Tennessee and Mainline architect teams.

Matthew Likes, CISSP and Security Architect at Mainline, noted that “West Tennessee liked working with Mainline because a lot of organizations need to rotate between different providers. With Mainline, they could provide different vendors to give different perspectives from assessments.”

Implementation and Support
Ongoing integration services from Mainline saves the client time and money. Maintaining any SIEM is by no means an easy chore. But by partnering with Mainline to maintain the solution West Tennessee receives support for QRadar, including refreshes, and on-the-job training for their analysts.

The Result:

With QRadar, the healthcare system was able to build a security program using a single platform. They were excited to find that the use cases they needed were available straight out of the box reducing the need for custom searches. The provider even discovered new use cases they hadn’t considered. Now, they can identify threats and risks using modern controls. The healthcare system gained full visibility, even seeing devices on the network they didn’t know existed.

Phillips stated, “First, QRadar has provided value to our business in the area of compliance. Today’s network traffic is generated from routers, switches, desktops, servers, medical devices, and IoT. Logs from these devices are key to demonstrating compliance in times of audits. QRadar has provided us with ‘one-stop shopping’ for log ingesting, massaging, and providing an automatic alert for compliance violations where before these were manual processes.”

He went on to say: “Secondly, the elimination of manual processes has saved time and allowed us to shift resources to focus on other mission-essential activities.”

Mainline has a long-standing relationship with the client, having worked with the organization since 2001, supplying them with technology solutions that have lasted over the years. Phillips summed up the relationship by saying, “I am extremely satisfied with the strategic partnership that has been established with Mainline, which has been in existence for over 10 years. Mainline is a valuable asset that is instrumental in planning, implementing, and delivering ongoing support for our organization.”

“Mainline partnered with our newly developed security team and provided superior subject matter experts not only to implement but also to bring the team up to speed to manage with confidence day-to-day operations. Without reservation, I would recommend Mainline as a partner that will provide exceptional services beyond the purchase order,” Phillips explained.

The healthcare system was able to establish a security program and get more value out of QRadar. Likes added, “The client’s relationship with the Mainline security team has matured and grown tighter since the implementation of the QRadar platform.”

The security staff works closely with the Mainline engineering team providing them with new ways to view network data and how to leverage the data as a supplement to threat intelligence. Now, the client can review network health stats and the flow of network traffic, as well as drill into specifics at the application layer.

As the healthcare system expands, Mainline continues to work with the organization to further develop and mature their security program through additional technology and services offerings.