IDS and IPS Buyers Guide: Cisco offers integration to prevent intrusion attacks from reaching medical devices, old and new
In a typically short-staffed healthcare IT environment integration and automation are two key components to look for when purchasing a modern intrusion detection and prevention solution. Cisco believes its solution provides just that.
Probably what keeps healthcare security specialists up at night most often are the huge number of older medical devices that cannot be patched or taken offline.
“Many are built atop outdated operating systems like Windows XP, where the original manufacturer did not provide a way to update or patch these systems,” says Steve Caimi, Cybersecurity Specialist, U.S. Public Sector at Cisco.
When Cisco’s IDS and IPS detects a threat that could compromise a medical device its automated system signals Cisco’s Identity Services Engine and Cisco TrustSec to update the network segmentation policy and quarantine the system of origin, thus preventing the attack from reaching the device.
Greg Young, a research vice president at Gartner says that in most cases healthcare has the same security requirements of any business but a notable exception is the need to deploy IPS in front of medical devices as a "pre-patch shield" for operating systems in devices that can’t be patched or taken offline.
Another layer of medical device protection is found in the integrated design of Cisco’s IDS solution that becomes one part of its overall cyber security defenses, including but not limited to network access control and network-based segmentation.
Through its recent purchase of Sourcefire, Cisco now also offers Snort, a rules-based open source network intrusion system. It analyzes traffic and performs packet logging on IP networks in real-time. The open source solution is also designed to detect buffer overflows, stealth port scans, CGI attack, SMB probes, OS fingerprinting attempts among other things.
Pricing Model: Firepower NGIPS (Next Generation IPS) and NGFW (Next Generation Firewall) appliances use a software subscription model for Threat (IPS), URL Filtering, and Advanced Malware Protection (AMP). Available separately or in combinations and available in 1-, 3-, and 5-year terms. In addition, Cisco has maintenance/support contracts for the appliances.
Read our reviews of leading security specialists latest tools:
Helpful advice on planning your purchase of IDS and IPS tools:
- How to know if your intrusion detection and prevention solution meets HIPAA compliance rules
- 3 key factors to plan your budget for an intrusion protection system
- What to watch: IDS and IPS features to consider when comparing different vendors products