In my experience, I've found that if a business in the Healthcare sector has a box of bandages in their inventory, they have medical devices connected to the network... and as soon as a medical device connects to the network, the landscape changes significantly as far as the rules for security, scanning, managing, and asset management.
Hopefully most of us already know that the fancy technology in our automobiles is neither secure nor rock-solid stable (auto-pilot? no thank you), and a lot of us probably know that our $20 smart-bulbs and thermostats aren't very secure or stable either... unfortunately, the same goes for medical devices.
You have to be careful when you are using an application to scan medical devices or networks to perform any action (inventory, vulnerability scan, etc.) because one seemingly innocent scan can cause trouble and take something offline or make something malfunction... potentially leading to a risk to patients, up to and including death.
Medigate: The passive approach for medical devices and networks.
Medigate is the leading cloud-based healthcare oriented security and discovery application in the market, and it understands the importance of treating medical devices and networks with delicate kid-gloves. (https://claroty.com/healthcare-cybersecurity/medigate)
Medigate primarily sits back and receives network packets from a 'Passive Listener' (such as GigaMon) and figures out exactly what a device is by inspecting every packet sent to it - versus going out and scanning things to see what things are (Active Scanning).
Example of Inspection of a TCP network packet: (Quiz on this diagram later)
Medigate primarily focuses on Medical Devices and has a vast repository of device information, and it sends parts of what it inspects to it's cloud services for further classification - It knows device Type, Device Name, Make, Model, Serial Number, Firmware, Vulnerabilities, Risk Score, Ramifications if compromised, device utilization, and much more (generally for medical devices)... just by listening/inspecting the network traffic.
Since Medigate receives all packets from the network from a listener, if a device is online and sending traffic over a managed network, Medigate has an asset record of it... creating a very comprehensive and accurate inventory.
What's the Catch if Medigate is so perfect?
Indeed, Medigate has a comprehensive asset inventory - but its not the easiest to get data from.. and has limited information as far as hardware and software. It's API only returns 45 columns or so of hardware information for devices - no software, and no real details. The GUI is so difficult to get data from, that users have reached out to me to get access to the SQL database that I imported the device data from the API to, rather than use the GUI. Plus, there are tons of use cases where the users, well, need more information than Medigate can provide. This is where Lansweeper comes in.
In comes Lansweeper - the perfect partner if you, well, DON'T sweep the LAN and Tap Into that Medigate API
Lansweeper is an 'Active' scanning solution - but you can't just go around sweepin' the LAN and scanning stuff when medical devices are involved - - but, you need that yummy detailed information on assets! Well, you can get the general asset information from Medigate's API, to perform targeted scanning without scanning the network!
CONCLUSION: Medigate + Lansweeper Provides a Detailed, Comprehensive, and Accurate Inventory for Healthcare. So there you go - Medigate's comprehensive asset inventory, coupled with Lansweeper's extensive, detailed, targeted scanning - resulting in scanning the entire network, minus medical devices.
ENCORE: Wait - There's more!
Bonus Points: Make an API Call and grab only Medical Devices, and import them via ETL into Lansweeper's Asset Inventory - a medical device record, without scanning!
DOUBLE ENCORE: (We have to play 'FreeBird')
If your company utilizes Medigate, Zill Labs can implement Lansweeper to provide this 'Creative IT Solution' - and also provide professional, Dynamic* Executive reports (Just press Refresh!)
Comments