CASE STUDY
the McAfee SIEM. As a result, we have an
infinitely better handle on what is going on
in our environment.”
The McAfee SIEM proved extremely useful
to McGivern during the weekend of the
WannaCry outbreak: “Since the SIEM and
McAfee ePO console are integrated, I
basically looked at the McAfee ePO console
on my laptop, reporting to management
every few hours from my kitchen table.
Without leaving home, I could tell whether,
when and where the ransomware had
entered our environment and verify that it
was blocked each time. My counterparts in
neighbouring healthcare organisations on
the other hand, struggled to gain the same
visibility in their own organisations.”
With the McAfee SIEM, out-of-the-box
correlation rules handle most of the security
team’s needs. It is also easy to customise
reports. McGivern cites aspects of user access
– who has access to which systems, when
access occurred, what was accessed and
so on – as a common focus of customised
reports. One report that McGivern runs
frequently shows all remote access to the
Trust’s systems. “With the remote access
report, we can tell if any of our suppliers has
accessed information during nonstandard
hours and, if so, require justification,” cited
McGivern as an example of how the report
strengthens security.
Saving time when investigating
potential threats and speeding time
to resolution
As a result of the impending England NHS
sustainability and transformation plan
and the subsequent need to exchange
more information with other healthcare
organisations, the Trust decided to augment
threat detection with a McAfee Advanced
Threat Defense sandboxing appliance. “We
need to ensure that all of the additional
incoming traffic is legitimate,” noted
McGivern. Now, when McAfee Web Gateway
or McAfee Endpoint Security encounters an
unknown, potentially malicious file, the file is
sent immediately to McAfee Advanced Threat
Defense, which uses static and dynamic
analysis and sophisticated machine learning
to detect threats that use evasion techniques.
“McAfee Advanced Threat Defense saves
time investigating potential threats and
66
INTELLIGENTCIO
WE HAVE A LOT MORE CONFIDENCE IN
OUR ENDPOINT PROTECTION NOW.
dramatically accelerates time to resolution,”
claimed McGivern. “For instance, just today
out of the 327 files McAfee Advanced Threat
Defense received, it detected 42 malicious
files. McAfee Web Gateway blocked them
all and McAfee Advanced Threat Defense
confirmed that they were indeed malicious.
Without McAfee Advanced Threat Defense,
we would have had to investigate many of
the questionable files manually.”
The Trust is currently piloting McAfee
Endpoint Threat Defense and Response
and its McAfee Active Response capability
on a subset of high-risk endpoints.
McGivern expects the endpoint detection
and response (EDR) technologies will be
especially important when new services
are added. “If the new service introduces
hundreds of new machines, we can’t re-
image them all from scratch,” explained
McGivern. “We need to be able to quickly
pinpoint exactly where a bad file resides
and take action immediately.”
To prevent leakage of sensitive data in
outgoing traffic, the Trust has relied on
McAfee Device Control and McAfee Endpoint
Encryption for many years. It has also recently
added McAfee DLP Endpoint in anticipation
of electronic patient records and the
sustainability and transformation plan.
Praise from Board of Directors
The County Durham and Darlington NHS
Foundation Trust’s board of directors have
been very pleased with the increased level
of protection that the integrated McAfee
solutions have provided, especially after
the Trust escaped unscathed from the
WannaCry ransomware attacks and was able
to keep the board and upper management
continuously apprised of the status of the
Trust’s environment, providing reliable
information as needed. “We received ardent
praise from our board after the WannaCry
attack,” recalled McGivern.
“I have been very impressed with both the
range of products that McAfee provides
and the knowledge and expertise of McAfee
Professional Services,” continued McGivern.
“Change is a fact of life in our industry. With
McAfee, we have a high level of confidence
and assurance that our information security
infrastructure can and will adapt to meet our
ever-changing security challenges.” n
www.intelligentcio.com