Healthcare org eases compliance with network monitoring

North Western Deanery implements SecureVue from eIQ Networks for network security and configuration management, streamlining compliance in the process.

All medical data tends to be highly sensitive, and data relating to doctors is no less so. North Western Deanery (NWD), the body responsible for all medical training and career development in the North West of England, bears a heavy responsibility for protecting information about more than 3,000 doctors and dentists, especially since it also has a direct link into the NHS's Connecting for Health network.

Systems are accessed by NWD staff, the doctors and dentists themselves and by other NHS organisations, either via a local area network, or by a specially customised SSL VPN.

"A data security breach could potentially put in danger the personal and sensitive information of both the data stored on our internal systems, information about trainee doctors, and also the information stored on the Connecting for Health Network servers," says John Leigh, head of IT at the NWD.

As a small IT department, it is important for us to see the whole network through a single view point and be able to troubleshoot issues quickly and easily
John Leigh
Head of ITNWD
So when the organisation began reorganizing its networks last year, it undertook a review to ensure security was maintained. As Leigh says, the Connecting for Health network (formerly known as NHS Net) is "possibly one of the most secure networks with rigorous security policies that every organisation connecting to it must comply with." That means he has to conduct regular security reviews to ensure the security of the data held on the Connecting for Health network and the Deanery's own internal systems.

The regime is very strict. As part of compliance, for example, the NHS requires notification of any change in configuration to a firewall that interfaces to the NHS.

With a small team of just three people, Leigh had a major task on his hands to make the network changes and also maintain a close watch on events that might have security implications. "Compliance reporting was a laborious manual process of collecting and reporting on controls," he says.

He decided to try and automate the process of managing the network traffic, as well as trying to streamline the task of spotting possible security threats. "We looked at MOM [Microsoft Operations Manager] , SMS [Systems Management Server] and knew that we would need an SIM (security incident management) solution as well," he says. "But before we looked at any specific SIM solutions we decided on SecureVue from eIQ Networks because it did the network monitoring and config management all in one package, nothing else does that."

Installation recommendations

The implementation began last autumn with a proof of concept system running on a small server. "As we gathered more and more information the system became slower. I would not recommend installing this software on anything smaller than Dual core, 2GB RAM, 150GB disk," he says, adding that the implementation for both the proof of concept and production systems went quite smoothly: "SecureVue is agentless so required minimal network configuration."

He says the effect has been dramatic. "We were not just looking for a security monitoring solution," he says. "We needed a complete package that would alert and report on other aspects of our network such as CPU usage of the servers, up/down status of our network infrastructure, and so on. As a small IT department, it is important for us to see the whole network through a single view point and be able to troubleshoot issues quickly and easily."

He says that setting up the correct policies and the corresponding reports on SecureVue took a few weeks to achieve, but now the real benefits are coming through. "Our compliance regulations are constantly changing and updating our policies to reflect the changes in our controls is now relatively simple."

The system collects log data from devices across the network, and enables Leigh and his team to view events, and pinpoint any anomalous network behaviour through a single screen.

"As SecureVue is able to monitor everything on our network all of the time, we are able to see security events as well as their impact on the network," he says. And while it might have taken a lot of manual work to prepare his compliance report for the NHS, that information is now readily available. "Having all of the information in one place also allows us to report on our IT compliance with the rigorous Connecting for Health network regulations at the push of a button," Leigh says.

By constantly collecting information from laptops, servers, routers, firewalls, intrusion prevention systems and everything else on the network, SecureVue also allows NWD to trace the effects of security events right back to their root cause, and thus provides complete accountability of who did what, and when.

For instance, the system can take regular snapshots of the configuration and asset information of particular devices. If something then goes wrong with one of them, such as a firewall, NWD can compare the snapshot of the firewall with its configuration 10 minutes before to see what had been changed, who made the change and who authorised it.

The Network Behaviour Anomaly Detection module in the Secure Vue system is also able to set a benchmark of normal behaviour and then send out alerts when behaviour deviates from the norm.

Staffing considerations

Leigh says the Deanery copes with "a phenomenal amount of IT activity" with very few people, and says that SecureVue now allows him and his team to make sure that the right people have the right information when they need it. "This has greatly lifted the burden of time management on our IT staff, especially the longer serving members of the team who no longer need to be relied on for troubleshooting simple issues," he says.

"In addition, we have easily set up and scheduled regular management level reports that are emailed at set times to the business managers. These reports range from IT compliance as a whole, user activity reports to specific department heads and very technical network review reports to me. By automating this process, many of our management staff have already saved hours of time by not having to request or deliver these reports on an ad hoc basis."

Leigh seems pretty happy with the system and says the only thing he'd like is for eIQ to push out its updates automatically. "If we purchase an update package, SecureVue is able to track the updates and alert on devices that have not been updated. It seems a natural step for them to be able to push the updates," he says.

Read more on Network security management