Intelligent CIO Europe Issue 01 | Page 66

CASE STUDY the McAfee SIEM. As a result, we have an infinitely better handle on what is going on in our environment.” The McAfee SIEM proved extremely useful to McGivern during the weekend of the WannaCry outbreak: “Since the SIEM and McAfee ePO console are integrated, I basically looked at the McAfee ePO console on my laptop, reporting to management every few hours from my kitchen table. Without leaving home, I could tell whether, when and where the ransomware had entered our environment and verify that it was blocked each time. My counterparts in neighbouring healthcare organisations on the other hand, struggled to gain the same visibility in their own organisations.” With the McAfee SIEM, out-of-the-box correlation rules handle most of the security team’s needs. It is also easy to customise reports. McGivern cites aspects of user access – who has access to which systems, when access occurred, what was accessed and so on – as a common focus of customised reports. One report that McGivern runs frequently shows all remote access to the Trust’s systems. “With the remote access report, we can tell if any of our suppliers has accessed information during nonstandard hours and, if so, require justification,” cited McGivern as an example of how the report strengthens security. Saving time when investigating potential threats and speeding time to resolution As a result of the impending England NHS sustainability and transformation plan and the subsequent need to exchange more information with other healthcare organisations, the Trust decided to augment threat detection with a McAfee Advanced Threat Defense sandboxing appliance. “We need to ensure that all of the additional incoming traffic is legitimate,” noted McGivern. Now, when McAfee Web Gateway or McAfee Endpoint Security encounters an unknown, potentially malicious file, the file is sent immediately to McAfee Advanced Threat Defense, which uses static and dynamic analysis and sophisticated machine learning to detect threats that use evasion techniques. “McAfee Advanced Threat Defense saves time investigating potential threats and 66 INTELLIGENTCIO WE HAVE A LOT MORE CONFIDENCE IN OUR ENDPOINT PROTECTION NOW. dramatically accelerates time to resolution,” claimed McGivern. “For instance, just today out of the 327 files McAfee Advanced Threat Defense received, it detected 42 malicious files. McAfee Web Gateway blocked them all and McAfee Advanced Threat Defense confirmed that they were indeed malicious. Without McAfee Advanced Threat Defense, we would have had to investigate many of the questionable files manually.” The Trust is currently piloting McAfee Endpoint Threat Defense and Response and its McAfee Active Response capability on a subset of high-risk endpoints. McGivern expects the endpoint detection and response (EDR) technologies will be especially important when new services are added. “If the new service introduces hundreds of new machines, we can’t re- image them all from scratch,” explained McGivern. “We need to be able to quickly pinpoint exactly where a bad file resides and take action immediately.” To prevent leakage of sensitive data in outgoing traffic, the Trust has relied on McAfee Device Control and McAfee Endpoint Encryption for many years. It has also recently added McAfee DLP Endpoint in anticipation of electronic patient records and the sustainability and transformation plan. Praise from Board of Directors The County Durham and Darlington NHS Foundation Trust’s board of directors have been very pleased with the increased level of protection that the integrated McAfee solutions have provided, especially after the Trust escaped unscathed from the WannaCry ransomware attacks and was able to keep the board and upper management continuously apprised of the status of the Trust’s environment, providing reliable information as needed. “We received ardent praise from our board after the WannaCry attack,” recalled McGivern. “I have been very impressed with both the range of products that McAfee provides and the knowledge and expertise of McAfee Professional Services,” continued McGivern. “Change is a fact of life in our industry. With McAfee, we have a high level of confidence and assurance that our information security infrastructure can and will adapt to meet our ever-changing security challenges.” n www.intelligentcio.com