With the rise of IoT devices and the IP-ification of medical equipment, coupled with frequent intrusion incidents, strict internal network security and control management is necessary.

The Challenges of Network Visualization and Security Management in Today's Healthcare OT Networks
- Frequent incidents of internal network intrusion
- IP-ification of information service equipment (printers, VoIP, check-in machines, etc.)
- Proliferation of mobile devices (BYOD)
- Rise of IoT devices
- Fundamental problems with Ethernet networks

802.1X NAC & IPAM internal network security and control management system with strict layered defense

✓ Centralized monitoring and management of medical and terminal devices
◼ Centralized monitoring and management of medical and terminal devices without the need to install agent software, with antivirus, KB compliance updates, and illegal device IP/MAC network connections to reduce management and operation costs.
✓ Maintenance of intelligent medical equipment
◼ Collect equipment signals and solve the problem of unmonitored medical equipment. When equipment anomalies occur, analyze the operation status of the equipment and provide service management references to assist the user unit in equipment maintenance and update suggestions, so that the hospital can have efficient medical equipment services at all times.
✓ Real-time alert messages for abnormal events
◼ When abnormalities occur in the intelligent medical communication network equipment, lines, and services, notifications are sent through the alert mechanism (see figure below).

✓ Control of IP and MAC distribution and network event behavior flow analysis
◼ IP and MAC distribution are the first level of control for auditing devices connected to the network. Customization is used to determine whether the device is legal and whether it has permission to access the network. Abnormal traffic and behavior are identified through network flow analysis, and security issues can be dealt with in real time.
✓ Preserve historical data for report analysis
◼ Preserve device and line data, record historical data and alert events, and automatically generate scheduled distributed reports to meet management and auditing requirements.
✓ Provide a visual network topology map
◼ Establish a maintenance network topology map and dashboard, fully grasp the internal network device information, provide compliance checks, and simplify the daily management of blocking and alerting for regulations and policies.

MDR Endpoint Security Managed Defense Service

● Automatically detects, tracks, alerts, and handles events, combined with EDR to provide comprehensive cybersecurity defense against ransomware and protect confidential information, and analyze the root cause of cybersecurity alerts.
● The managed detection and response (MDR) service provides experienced cybersecurity experts and 24x7 real-time threat monitoring and threat hunting functions to relieve the shortage of cybersecurity talents. It also uses technologies such as big data and artificial intelligence to automatically detect anomalies faster in medical workstations, application servers, and other environments.

Malicious Threat Recognition and Analysis Platform

● Flexible deployment, with resident EDR mode and rapid screening mode for data in the country, encrypted protection during transmission, and even full landing.
● Multi-dimensional defense against ransomware, WebShell, APT backdoors, and intranet infiltration.
● Memory forensics capability
● APT threat model, discovering "unknown" malicious programs
● Detection and prevention of encryption ransomware threats
● Remote emergency response - cleaning up malicious programs, isolating endpoint networks, and remote forensic analysis

Physical Isolation of IT and OT Dual Networks

● To cope with constantly evolving network attack techniques, solve cybersecurity problems from the perspective of physical network isolation, and adopt the approach of dual network physical isolation to separate the IT operations network and the OT medical (medical equipment) device network. Even if they are attacked and invaded, sensitive data will not leak due to the connection of IT/OT networks, and hackers' spread and infection outbreaks can be effectively blocked.
● Through the new generation of firewalls for internal and external network dual isolation, firewalls can be placed at connecting endpoints, between servers, between endpoints and servers, and between endpoints of different units, and packet scanning and analysis can be performed to achieve zone-by-zone area protection.
● The multi-factor authentication mechanism uses the feature of dynamically changing OTP passwords to effectively solve the problem of account and password theft, ensuring that network data is not leaked and user identity is recognized. It not only strengthens the authentication strength but also greatly improves the visibility of network activities and realizes the cybersecurity upgrade of remote secure connections.

Vulnerability Assessment and Patch Protection Security Check Service

● Regularly conduct vulnerability scanning or inspection of the operating system, network services, system or network service settings, account password settings, and management methods, and perform vulnerability analysis to perform operating system patches and defense recommendations.

Cybersecurity Health Check Service

● VA-Vulnerability Scanning
● PT-Penetration Testing

Vulnerability and Penetration Scanning Service

● Use automated scanning software tools to detect vulnerabilities in operating systems and software systems, and complete corrections at lower costs in a shorter time. However, the drawback is that only existing security vulnerabilities can be detected, and no repair recommendations can be provided for the latest cybersecurity vulnerabilities.

Fortify Static Code Analyzer and WebInspect Dynamic Application Testing tools analysis services:

● Conduct testing and analysis to identify security vulnerabilities and information security gaps in the code or website, and produce reports that pinpoint the specific lines of code where the problems occur. This enables security or development personnel to quickly remediate any security weaknesses.
● Able to identify and verify high-risk information security vulnerabilities in applications that are executed in development, quality assurance (QA), or production environments, thus preventing malicious software.
● Enhance enterprise information security and reduce project maintenance costs.

Features:

● Early detection of security vulnerabilities in application source code during the development process, providing sufficient time for remediation.
● Identify the root cause of the code vulnerabilities.
● Prioritize the severity and importance of application vulnerabilities.
● Support 30 programming languages and over 700 vulnerability categories.
● Support mobile application source code development vulnerability testing.

✓ Take inventory of medical equipment and assets, and label them accordingly to import into the ISMS system. Conduct information security risk assessments on the assets inventoried using relevant risk assessment methodologies. The ISMS (Information Security Management System) platform is utilized to automatically identify vulnerabilities in the software and hardware assets, ensuring potential weaknesses (CVE) in critical information systems are monitored. The notification platform system is used to automatically identify vulnerabilities in software assets, facilitating the execution of software asset inventories to ensure potential weaknesses (CVE) in critical medical equipment information systems are monitored. The advantages are as follows:

● No need to incur additional costs to manage paper-based forms and asset management.
● No need to waste time and manpower on audits and risk assessments.
● No need to worry about when to execute periodic and non-periodic ISMS tasks."