For Kirk Davis, Director of Information Security at Vidant Health, tough days at work feature security events big and small. One especially tough day was when the North Carolina not-for-profit healthcare company was attacked by a Cryptowall Trojan that was able to encrypt half a million files before his team could respond. Soon enough, these tough days began to get in the in the way of his desired work — helping improve clinical workflows that would better patient care.
And since his time was being poorly spent cleaning up after these attacks, Davis wanted to find a way to become both proactive and efficient. He noted, “how fast we consolidate events and alerts and get actionable information can be the critical difference between very positive and very negative outcomes.” Knowing he needed to eliminate the amount of noise within Vidant Health’s security environment to create positive outcomes, Davis decided to survey the market for a cohesive, automated security system.
After an extensive search, Davis and the Vidant Health team selected Intel Security to act as the backbone behind their patient-centered business and to help them grow. To accomplish this feat, they selected the Intel Security SIEM solution, McAfee Enterprise Security Manager, and its McAfee Advanced Correlation Engine, as well as McAfee Advanced Threat Defense and McAfee Threat Intelligence Exchange.
First leveraging the McAfee Data Exchange Layer, the McAfee Threat Intelligence Exchange combines internal and external threat information sources to instantly share this data with all of the organization’s other connected security solutions. Vidant Health then uses McAfee’s SIEM and Advanced Correlation Engine to identify and score threat events in real time.
The healthcare company soon saw a drastic change with this newly interconnected system, as Davis says, “within days of deployment we were ingesting Netflow information from a wide range of sources, sharing context and threat intelligence, and picking up an amazing amount of actionable data”. And since Vidant Health deployed McAfee Advanced Threat Defense and McAfee Threat Intelligence Exchange, they also started catching malware of all variants, including the particularly effective Cryptowall kind.
Besides catching these larger threats, Davis and his team more importantly got to fix “patient zero”, the first infected device, by finally being able to quarantine and treat it. In fact, Davis plans on using this technique on all future infected devices– isolating them immediately and pushing out remediation via the McAfee ePO central console.
And since his Intel Security system is automated, the platform leaves room to accomplish bigger and better goals, as Davis notes, it “allows us to not worry about the things that can best be handled by computers and focus on the things we do best…we have been freed up to add value in other areas where it supports the business.”
In addition to freeing up time and other valuable resources, the Intel Security interconnected system also frees up funds, as spending less time on remediation leads to costs savings. Davis even asserted, “I would say that McAfee Threat Intelligence Exchange and McAfee Advanced Threat Defense paid for themselves within the first six months.”
And though saving funds and sharing threat intelligence among all devices secures and strengthens Vidant Health now, Davis knows that adaptability will remain pertinent when combating threats in the future. He states, “moving forward, we will be focused much more keenly on ensuring that we have an environment that can learn and automatically remediate threats when they do happen. Without a doubt, the most valuable aspect of the Intel Security SIEM and integrated framework is its adaptability and flexibility.” This adaptable framework, along with the McAfee ePO software acting as the backbone of this entire system, makes the Intel Security system not only keep pace with Davis’ business but also adapt to its ever-changing needs.
This flexibility was one of the many factors that made Vidant Health feel like they had a found a great business partner in Intel Security– one that understands how every dollar spent ends up on a patient’s bill and has to translate into value, ultimately, for their patients. A business partner, they also noted, that has created a competitive advantage for them as an organization.
With that advantage, Vidant Health has been able to accomplish their ultimate goal – keeping people healthy. Davis adds that now “my team dedicates itself every day to doing whatever we can do to improve the health of the 1.4 million people we serve here in eastern North Carolina. It’s a great feeling to know that what we have accomplished through our partnership with Intel Security has supported us in that objective.”