Executive Summary
Continued rapid growth at Children’s Mercy Kansas City created connected asset inventory and security management challenges. Security leadership explored the IoT cybersecurity solution market looking for answers. Claroty outperformed competitors during the evaluation phase and was selected. Claroty's experience with specialized devices used in neonatology and referenceable, operationalized examples of key integrations sought by Children’s Mercy proved to be meaningful.
Claroty, which is hosted on Amazon Web Services (AWS), quickly delivered a dynamic, risk-scored inventory of connected assets and an accurate correlation of known vulnerabilities to existing devices. Auto-generated remediation instruction-sets were also provided and assigned to staff members with relevant experience. As a result of this early win, Children’s Mercy leadership was able to identify other outdated processes, eliminate them and reassign staff to more meaningful activities. Finally, as the system’s Cisco ISE project had been limited to traditional IT devices already under management, leadership was able to accelerate the completion of project phases targeting unmanaged medical devices.
Challenges
Children’s Mercy has a diverse and growing inventory of specialized connected medical assets.
It wanted to accelerate its Cisco ISE deployment (to cover unmanaged medical devices).
Staff is experienced, but the collaboration between BioMed, Clinical Engineering and Security lacked a common data foundation.
Solution
Claroty's ability to risk score inventory and correlate existing threats to potentially impacted devices established early project momentum and motivated leadership to push forward future phases of its Cisco ISE implementation. Auto-generated security policy baselines provided by Claroty reignited the project. Here’s a quick summary:
ISE Device Profile Integration—Claroty sends device profiles to ISE that are automatically updated as changes occur.
ISE SGTs for Segmentation—Device-specific security policies were also auto-generated and delivered to ISE. Leadership viewed this capability as game-changing.
ISE SGTs for Enforcement—Leadership combined devicespecific profiles with device-specific security policy (i.e. gained an understanding of the communications between groups of devices to apply SGTs) to close its enforcement loop.
Results
Asset visibility-based objectives were achieved. Security leadership at Children’s Mercy demonstrated its understanding of Claroty's ISE integration (i.e., the ISE project was re-started, completed ahead of schedule and under budget). Many outdated, manual workflows spanning asset management and security were quickly eliminated by leadership. This resulted in an overall morale boost as crossfunctional staff were freed-up to pursue more valuable work and collaborate more effectively. Much of the project’s overall success is credited to leadership’s enlightened view of enterprise information security practice.
And with Claroty being hosted on AWS, Children’s Mercy Kansas City also leverages AWS Services providing the inherent scalability of AWS, encrypted connections between on-premise networks and AWS, along with the ease of integration into the AWS landscape.
