Network Management: how leaders can secure the network and minimize impact on attacks

Network management is crucial to care delivery. Critical systems (EHR, ERP, RCM, medical devices, etc.) are accessible through a computer network. From the users’ perspective, the net effect of a network attack is similar to …

Network management is crucial to care delivery.

Critical systems (EHR, ERP, RCM, medical devices, etc.) are accessible through a computer network. From the users’ perspective, the net effect of a network attack is similar to a ransomware attack. These critical systems are not available to them when the network is down. 

This article is the sixth in a series where each article discusses adopting a specific HICP practice for small-medium organizations. Previously, we discussed email protectionendpoint protectionaccess management, data protection, and asset management.

Health Industry Cybersecurity Practices (HICP) document includes practices on network management to minimize exposure and impact of attacks.

Looking at HICP requirements for network management

HICP described network management practices for small (S) and medium (M) organizations that include:

  • Network segmentation (S & M)
  • Physical security & guest access (S & M)
  • Intrusion Prevention System (S & M)
  • Network Profiles and Firewalls (M)
  • Web Proxy Protection (M)

For large organizations, additional practices are:

  • Monitoring for Command and Control (C2) traffic
  • Anomalous Network Monitoring and Analytics
  • Network Based Sandboxing / Malware Execution
  • Network Access Control

These methods help minimize the risk from one unsafe endpoint to other endpoints on the network.

Product selection criteria

Small and medium organizations tend to have no (or limited) IT staff. Product selection criteria need to consider these factors. This segment is also price sensitive. Their goal is typically to have a good enough solution for the job at a sustainable price point. They would also be likely to hire contractors or Managed Service Providers (MSPs).

MSPs use Spiceworks and Reddit as unfiltered forum to exchange experience and observation with one another. In 2019, Spiceworks surveyed 489 small, medium, and enterprise decision-makers about their existing network security appliance. The top 3 are Cisco, SonicWall, and Cisco Meraki [1].

Cisco is popular among enterprises (57%), medium (39%), and small businesses (25%). From the opposite spectrum, SonicWall is popular among small businesses (31%), medium (20%), and enterprises (6%).

Looking at these three top players, we can apply the cost and operational efficiency criteria to help us decide. From a cost-efficiency perspective, Cisco targets enterprise customers, so it does not fit well with small organizations that are price sensitive. This factor leaves us with either SonicWall or Cisco Meraki.

From an operational-efficiency perspective, it is important to go with centralized and cloud-based management. Traditionally, SonicWALL is an on-premise-based solution. They have built a cloud-based management solution called Network Security Manager (NSM), but initial feedback from a few MSPs shows room for improvement [2]. Cisco Meraki, on the other hand, has been cloud-based managed for several years.

Besides operational and cost, vendor consolidation and scaling are also important factors to consider. Working with a fewer number of vendors simplifies operation and technical support. Anticipating growth, we might need to scale the solution to include adjacent networking solutions like Wi-Fi, routers, switches, etc. Besides security appliances, Cisco Meraki also has access points, switches, sensors, and cameras [3]. These options allow a single vendor for networking infrastructure and scaling for future needs.

With these considerations, let’s look at Cisco Meraki in more detail.

Looking at Cisco Meraki MX68W with Advanced Security license

For a small organization (1 FTE with 3 support staff), the Cisco Meraki MX68W appliance with an Advanced Security license subscription will be able to meet most of the HICP practice requirements.

The appliance comes with 10 ports for wired LAN connection and wireless access points. The MX68W handles up to 50 users with a maximum stateful firewall throughput of 300 Mbps [4].

It’s worth checking and matching the speed given by your Internet Service Provider. For higher throughput, Meraki provides MX75 that can go up to 1 Gbps stateful firewall throughput (at a higher price point), and you would need to purchase a separate wireless access point. 

Let’s briefly map this license with HICP requirements:

  • Network Segmentation: Segmentation by VLAN, Group policy per VLAN, Layer 3, 7, and geography-based firewall rules.
  • Guest Access: Guest SSID and firewall rules
  • Web Proxy Protection: Content and web search filtering, YouTube Content Restriction, and Cisco Advanced Malware Protection (AMP).
  • Intrusion Prevention: Cisco SNORT
  • NAC: Splash page, 802.1x with access policies per VLAN to control network access. However, it does not support evaluating anti-virus, patch level, etc. 
  • DNS Protection: As an additional feature, it supports Cisco Umbrella integration for DNS filtering (licensed separately).
  • Sandboxing: Cisco Umbrella’s Secure Internet Gateway (SIG) Essentials package, 500 samples/day [5]

Looking at the cost for Meraki MX68W & Advanced Security subscription license

There are two cost components involved, the hardware and software license. 

Cisco Meraki enforced licensing so that the appliance will no longer function when the license expires. Cisco Meraki issues license on a per device, per year basis. 

In return, this licensing agreement covers 24×7 enterprise phone support, lifetime warranty on the hardware, RMA/device replacement free of charge, free firmware/software updates and upgrades. 

Self-provisioning hardware, automatic firmware updates, and cloud-based management ease the burden of deploying and maintaining a network. Automatic firmware and software upgrade is essential for vulnerability management and compliance purposes.

For a clinic with no IT staff on-site, this would be the least friction option to take. 

Projected cost for adopting HICP practices so far for 1 FTE Physician + 3 support staff: $ 5,296 (1st year) & $2,272 (subsequent years)

Conclusion

Network management practice is critical to limit exposure and minimize potential impact. 

It is challenging for small organizations to maintain network security practices with no IT staff on-site. Therefore, the design should leverage cloud-based and centralized management to optimize features, operational efficiency, and cost. 

Cisco Meraki MX68W, with its Advanced Security license, allows small organizations to adopt most of the network management practices as described by HICP.

References

  1. https://www.spiceworks.com/marketing/network-security/pdf-report/
  2. https://www.reddit.com/r/msp/comments/l6690f/sonicwall_nsm_is_it_worth_it/gy3txz9/?utm_source=share&utm_medium=web2x&context=3
  3. https://meraki.cisco.com/product-catalog
  4. https://meraki.cisco.com/product-collateral/mx-family-datasheet/?file
  5. https://www.cisco.com/c/dam/global/en_sg/solutions/small-business/pdfs/cisco-umbrella-brochure.pdf

Leave a Comment