Asset Visibility, Agentless Segmentation and HITRUST CSF Compliance
Healthcare providers seeking streamlined solutions to their regulatory compliance requirements often look to comprehensive frameworks like HITRUST Cybersecurity Framework (CSF) to establish a credible cyber defense to reduce disruptive risks to the business. This framework is very specific on the minimal capabilities organizations must implement continually to address mandates such as HIPAA, and manage their cybersecurity program.
HITRUST CSF delivers a prescriptive cybersecurity standard for HIPAA Compliance
We often say you cannot secure what you cannot see. Without a solid understanding of the assets on your OT/ICS network, you cannot develop and implement a strategy to manage risk and ensure reliable operations.
According to “A SANS 2021 Survey: OT/ICS Cybersecurity”, over 78% of organizations admit that they do not have a complete inventory of the control system devices running in their industrial environments
These organizations cannot depend on manual and isolated processes to gather the active inventory of OT assets. Many we have seen in the RFI tracked assets in Excel spreadsheets or “active” workflow diagrams to keep track of assets purchased and assigned during the annual facility walk-down.
It’s critical to have the autonomous and continuous visibility that learns and updates asset inventory of real-time truth in monitored and segmented environments. Though not limited to the healthcare vertical, we will use this HITRUST CSF as a compliance guideline and example to discuss how Airgap can help for asset visibility into operational technology (OT) assets in healthcare and medical manufacturing facilities.
The HITRUST CSF is the flagship cybersecurity framework overseen by the HITRUST Alliance. Initially designed for healthcare security, it has developed into a comprehensive solution with a built-in mapping infrastructure designed to streamline compliance across all other frameworks.
Operational Technology (OT) and HealthCare
Operational Technology (OT) can be defined as the network-connected devices that monitor or control processes and events associated with industrial equipment. Examples of OT devices are SCADA systems, CNC machinery, PLCs, and a whole host of other scientific and engineering equipment.
With these devices in mind, OT has found a rapidly evolving home in the healthcare and life science industries. The increased use of OT devices within such critically important fields has made the incorporation of OT cybersecurity much more important.
OT cybersecurity includes the processes that involve the discovery, monitoring, and remediation of network-connected OT devices affected by unusual behavior.
Airgap Addressing OT Security Challenges
There are four major areas where the Airgap Zero Trust Isolation platform can help organizations achieve compliance with HITRUST CSF and reduce the risks associated with Electronic Protected Health Information (ePHI):
Agentless Network Protection
Ransomware Kill Switch
HITRUST CSF domain 8 (Network Protection) includes all aspects of perimeter and internal network security, such as network-based application-level firewalls and intrusion detection systems, DDOS protection, and IP reputation filtering.
HITRUST CSF Network Protection domain requires organizations to implement the following controls:
Enforcing access control security policies at the gateway level.
Filtering traffic between internal networks.
Blocking unauthorized access.
Maintaining segregation between internal wired, internal wireless, and external network segments (e.g., the Internet), including DMZs.
Restricting user’s access using a deny-by-default and allow-by-exception policy at managed interfaces according to the access control policy and the requirements of its business applications.
Controlling routing between security gateways, whether used between internal and external networks or between internal networks (VLANs).
Installing antivirus and anti-spyware software on all endpoint operating systems and conducting periodic scans of the systems to identify and remove unauthorized software.
Installing network-based malware detection solutions for server environments in addition to host-based software.
HITRUST CSF Control Reference:
01.m Segregation in Networks
01.n Network Connection Control
01.o Network Routing Control
09.m Network Controls
09.j Controls Against Malicious Code
With the Airgap Zero Trust Isolation platform, an organization can fulfill these control requirements and improve their network defenses with the following features:
Agentless and Zero Trust Network Protection: Ringfence IP endpoints and provide visibility & control for all lateral traffic
Application Protection: Protect high-value assets by enforcing “just-in-time-access” using SSO & MFA
Ransomware Kill Switch: Rapid incident response that surgically stops ransomware in its tracks by locking down infected endpoints
Endpoint Protection: Airgap integration through Cloud-based management API with leading EDR/XDR solutions such as CrowdStrike and SentinelOne etc. Crowdstrike Falcon Zero Trust Assessment (ZTA) leverages a Zero Trust isolation platform and monitors over 120 unique endpoint settings – including sensor health, applied CrowdStrike policies, and native operating system (OS) security settings – to deliver key partners a risk score that uniquely leverages this context to build powerful and granular endpoint-to-enterprise security policies.
Airgap’s Agentless Segmentation platform provides the following:
Agentless Zero Trust Segmentation, which reduces the operational time and cost of deployment
Lateral Threat Movement Prevention with zero false positive lateral threat detection and prevention
Ransomware Kill Switch for rapid incident response
Increased endpoint visibility and granular control
The Need in an OT Asset Monitoring Solution
A good asset monitoring and control solution simply cannot be agent-based when it comes to OT and ICS. Airgap’s agentless segmentation delivers instant visibility into all IP-based devices across IT/OT/IoMT/IIOT and does all the heavy lifting of tracking categories, states, versions, and mapping communications between assets to present real-time observability of all assets in use with security policy compliance.
This allows organizations to validate asset lifecycles and further performance real-time and autonomous grouping with agentless segmentation (or micro-segmentation) policies without any tangled mess on hidden rogue assets.
If you would like to test drive or see a demo on the Airgap Agentless Segmentation solution, please contact [email protected]
About Airgap Networks
Security experts know that network segmentation is the best defense against evolving cyber threats. However, available segmentation solutions either require agents to be installed everywhere or upgrade networking hardware with proprietary implementations. Airgap is the only vendor that offers agentless network segmentation and autonomous policy controls through a patented and innovative approach that enables isolation at every layer and down to every device. All this means malware is immediately blocked from traversing the network, even within the same VLAN or same subnet - a unique protection not offered by any other solution.
Additionally, a typical organization takes hours or days to detect and respond to ransomware attacks and often resort to a draconian approach of shutting down the entire network during a cyber event resulting in operational impact. Therefore, Airgap built a specialized ransomware kill switch that surgically stops ransomware propagation without operational impact.
Finally, enterprises often enable direct access to high value assets over vulnerable protocols such as Windows RDP. Airgap’s identity-based access control provides strong Zero-Trust safeguards as layer of protection to secure high value assets against cyber threats.
Airgap’s patented solution is custom designed to reduce enterprise attack surface and protect high value assets in Manufacturing, Healthcare, Retail, and Critical Infrastructure verticals where a compromise of core operational system can disrupt mission-critical processes. Airgap Security Platform is the easiest to implement and manage and it is currently deployed across many large multinational customers.