Keith Bromley
Sr. Manager, Product Marketing at Ixia

The Benefits of Deploying Network Visibility for Healthcare

September 22, 2016 by Keith Bromley

Everything is becoming “connected” these days. For healthcare providers, this includes patient monitoring, asset tracking, electronic health records, communications, vendor software-as-a-service solutions, and pretty much everything else. What happens if any one of these areas malfunction, or if a security breach occurs? Do you have the immediate response capabilities you need? IT needs to be equipped to prevent as many outage scenarios as possible. Not just in these areas, but all areas. Just like in medical emergency and trauma situations—minutes matter.

The answer for IT is a network visibility solution. But what do we mean by visibility? Visibility is defined by Webster as the “capability of being readily noticed” or “the degree of clearness”. In regards to network and application visibility, we are talking about removing blind spots that are hiding the ability to readily see (or quantify) the performance of the network and/or the applications running over the network. This visibility is what enables IT to quickly isolate security threats and resolve performance issues; ultimately ensuring the best possible end user experience.

A Visibility Architecture then is the end-to-end infrastructure which enables physical and virtual network, application, and security visibility. This includes taps, packet brokers, monitoring tools, and other equipment. While it is possible to connect visibility components piecemeal by fighting one fire after another as they occur, this won’t give you a cohesive strategy. That practice only leads to unnecessary complexity and far higher costs. The basis of a visibility architecture starts with creating a plan. Instead of just adding components as you need them at sporadic intervals (i.e. crisis points), step back and take a larger view of where you are and what you want to achieve. This one simple act will save you time, money and energy in the long run.

The next question though is what are the direct benefits of a visibility architecture? A visibility architecture enables you do the four following activities:

  • Strengthen network security
  • Decrease mean time to repair
  • Reduce network complexity
  • Acquire valuable network insight

Strengthening network security

Visibility is extremely important for network security. You can’t defend against what you can’t see and there are so many intrusion points like patient electronic health records (EHR), patient portals, BYOD, and Wi-Fi. If your network is attacked, or breached, how will you know? A DDoS attack will usually impact website performance. But other than that, how will you “see” a security attack? This is actually a common problem. The 2015 Trustwave Global Security Report stated that 81% of compromised victims did not detect the breach themselves—they had no idea this had happened. The report also went on to say that the median number of days from initial intrusion to detection was 86 days. So, most companies never detected the breach on their own (they had to be told by law enforcement, a supplier, customer, or someone else) and it took almost 3 months after the breach for that someone else to notify them. With financial and corporate reputations on the line, you can’t afford any HIPAA or FTC violations.

Visibility architectures can help out in several areas here. The first is by strengthening your inline security tool deployment. Bypass switches and network packet brokers allow you to increase uptime while deploying security tools like IPS’ and firewalls inline. In addition, you can deploy them in redundant and high availability scenarios to further decrease any chances of downtime. Another solution is to install an address filtering appliance to eliminate traffic to/from known bad IP addresses. A third solution is to deploy application intelligence specifically to find any rogue applications running on your network. This solution allows you to use existing, or create new, signatures for the healthcare applications that you use. Once this is done, you can scan your network, especially critical portions, to determine what applications are/are not running on your network. From there you can investigate any rogue applications. An additional item to consider is role-based access for your visibility equipment. This gives you another layer of security and minimizes the chances that your monitoring configurations will be changed.

Decreasing mean time to repair

Decreasing, and hopefully, eliminating network downtime is paramount to healthcare providers now. With so much emphasis on improving / maintaining standard of care, reducing patient wait times, in-room patient monitoring activities, physician access to patient records, and the need to write electronic prescriptions, organization cannot tolerate network downtime. With proper visibility into your network, you can capture the data you need to prevent costly outages. When a problem does occur, you will see faster resolution times. A visibility architecture gives you a coherent way and access to the data you need to triangulate on problem spots as fast as possible.  Ixia’s visibility solutions have generated an up to 80% reduction in their mean time to repair performance due to implementing a proper visibility architecture. See this case study for an example.

The first part of a visibility solution is to deploy an NPB. The NPB will let you filter monitoring data so that you only give your monitoring tools the data they need, i.e. they don’t have to sift through useless data that just consumes times and doesn’t provide value. In addition, a good NPB allows you to create “floating filters”. These are typically data filters that have been present to look for certain types of data for specific debug tools like logging tools, data recorders, sniffers, performance monitoring, etc. While the filter is connected to the tool, it is not connected to the network so it just sits there idle. Then when it is needed for debug purposes, the filter can be connected by an engineer in lightning fast time (usually less than a minute) to start the debug process of a network problem.

Reducing network complexity

Reducing complexity is another key consideration. New initiatives can often seem like they are exacerbating the complexity issue, rather than simplifying it. For instance, making sure that HL-7 applications are interacting correctly, access and connectivity to record and review EHR, storing and updating content and patient access to patient portals, the Internet of Things, BYOD, and even virtual machine technology that was installed to cut costs are making the network more complex than ever.

However, visibility technology can help offset the new healthcare-related network challenges to reduce complexity. A properly chosen NPB should have the ability to support automation functionality. This typically involves a RESTful interface that can be used to support communications between the NPB and other systems, like orchestration and network management systems (NMS). A second solution is to deploy virtual taps to remove the visibility limitations inherent within a virtual server. The virtual tap allows you to see all inter- and intra-VM traffic so that you can collect data for performance trending and inspect for any VM-optimized malware (like Crisis). A third capability to look for is an intuitive GUI for the NPB capability. An intuitive but powerful interface can be a critical lifesaver when hospital networks are merged. This type of interface takes the complexity out of programming filters and understanding the deployment of network tools.

Acquiring valuable network insight

The final goal of a visibility architecture is to be able to capture data that will give you insight into network performance. For instance, network data can tell you which applications or network segments are running slowly (before your internal users tell you). You can even run proactive monitoring applications to test network segments and applications to check that they are working normally or see what kinds of problems they are having. Application intelligence can also help in this area. Depending upon your needs, it can be quite useful as you can collect the following information:  the types of applications running on your network, the bandwidth each application is consuming, the geolocation of application usage, device types and browsers in use on your network, and the ability to filter data to monitoring tools based upon the application type. You can also perform SSL decryption at this layer. These capabilities give you quick access to information about your network and help to maximize the efficiency of your tools. This insight gives the data you need to better dimension your network equipment, optimize traffic routes, and maximize your capital expenditures (CAPEX).

When thinking about your network, ask yourself these questions. If you can’t see the threat, how are you going to respond to it? For network problems, where should you start your troubleshooting efforts? Once you start this investigation, there are lots of resources available from Ixia. Start here and investigate the IxVision whitepaper that describes what a visibility architecture is and how to construct one.