Medigateand Cisco ISEJoint SecuritySolutionTM
Why NACs Alone Are Not EnoughThe SolutionClinical networks, like any other mission-criticalnetwork, require high security standards. NetworkAccess Control (NAC) products are a central partof a comprehensive security solution, ensuringauthorized access to network resources by usersand devices. Like in many other industries, healthcareorganizations need to manage authorization levels forusers and devices, control authentication processesand manage use of network resources. NACs providereal-time information about connected endpoints, andthe ability to set dedicated access policies and takeaction against suspicious devices and activities.Cisco ISE with Medigate’s industry’s first and leadingdedicated medical device security platform. Medigatefuses the knowledge and understanding of medicalworkflow and device identity and protocols withits networking expertise to provide full visibility ofconnected medical devices as well as analyze networktraffic to detect anomalous behavior.However, in clinical environments, a NACrequires more detailed medical deviceinformation.First, because medical devices are not designed to benetwork-managed, NACs are not able to present thenecessary detailed information on many connecteddevices, resulting in highly limited network visibility.Furthermore, for similar reasons, NACs cannotperform posture enforcement on medical devices,e.g. verifying updated software versions.Second, setting efficient access policies formedical devices through NACs require an intimateunderstanding of clinical workflows, devicefunctionality, as well as numerous vendors andproprietary protocols. Only with such understandingcan administrators create the granular policies andaccess rules needed to protect the network.Third, while NACs enable preventative actions suchas device quarantining, they require clear triggers asto when and why they should take such action. Thesetriggers require detailed device profiling and behavioranalytics that NACs alone cannot offer.In addition, NACs also operate actively to support theirvisibility capacities, which may present challenges ina clinical environment. Actively scanning a device tobetter identify it, could potentially lead to complianceissues with manufacturers’ policies.Medigate has partnered with Cisco to integrate itsdedicated medical devices security platform withthe Cisco Identity Services Engine (ISE) to providea more comprehensive access control solution forclinical networks. Organizations can now leverage theirexisting ISE infrastructure with Medigate’s capabilitiesto gain greater visibility into their connected medicaldevices, benefit from sophisticated behavior analyticsto detect threats, and take immediate action throughthe Cisco ISE enforcement mechanisms.The joint solution combines the strengths of both theCisco ISE and Medigate platforms. Cisco ISE providesindustry-leading access control capabilities, includinggranting network visibility of IT devices, enforcing highlycustomizable access policies and facilitating swiftaction against unsafe devices. Medigate powers CiscoISE with its detailed understanding of medical devicesand their protocols to create more accurate deviceprofiles, enabling deeper visibility into all connectedmedical devices and more granular access policies.Additionally, the joint solution utilizes informationobtained through the Cisco ISE to detect anomalousbehavior and trigger alerts that can be converted toactive actions in the network, executed by ISE.Use Case: False NAC IdentificationsNACs identify the connected device’s vendorbased primarily on the MAC address of theirnetwork adapters. However, many medicaldevices vendors use network adaptersproduced by a different vendor. Consequently,they are falsely identified by NACs according totheir network adapter vendor, rather than theirtrue vendor. In contrast, Medigate’s applianceanalyzes each device’s communicationprotocol using DPI techniques, yieldingmore accurate and more informative deviceidentifications, integrated into the ISEdashboard.
Comparison MatrixGeneralCapabilityMedigateCisco ISEJoint Solution BenefitAnalyze medical devices' designatedprotocols and network protocolsYesNoClinical visibility integrated into ISEDeployment lengthShortLongAdding Medigate’s appliance to anexisting Cisco ISE infrastructure is fastand simple.Deployment complexitySimpleComplexAuthenticate corporatedevices on the networkNoYesA comprehensive suite of network andsecurity management capabilitiesTrigger third-party actions(vulnerability scan, mobile devicemanagement onboarding, etc.)NoYesA comprehensive suite of network andsecurity management capabilitiesCapabilityMedigateCisco ISEJoint Solution BenefitIdentify connected medical devicesand provide detailed device information(make, model, OS, VLAN, port, etc.)StrongWeakEnhancing Cisco ISE devicemanagement capabilities with moredetailed medical devices identificationsDisplay medical device applicationversions and flag patching alertsYesNoEnhancing Cisco ISE devicemanagement capabilities with moredetailed medical devices identificationsIdentify connected IT devices anddisplay standard IT application versionsand flag patching alertsNoYesManage both standard IT and medicaldevicesDiscover medical devices behind serialadapter or gatewayYesNoEnhanced device network discoverycapabilitiesPresent granular real-time medicaldevice inventory statusStrongWeakReal-time device status capabilities withaccurate device informationPresent historical data (network activity,IP history) of device behavior over timeYesYesLarger depth and breadth of historicaldata for medical devicesVisibility
DetectionCapabilityMedigateCisco ISEJoint Solution BenefitNetwork-based anomaly detectionYesNoNetwork detection abilities yielding acomprehensive security solutionClinically-based anomaly detectionYesNoAbility to detect deviations fromdevices’ intended use, e.g. protocolusage, network connections, andexternal communicationsPresent historical alerts data forsecurity reviewYesNoAbility to track devices’ behavior overtimeGenerate dedicated medical devicesrisk score based on medical devicesstandards, clinical parameters and moreYesNoAbility to prioritize and manage devicerisksCapabilityMedigateCisco ISEJoint Solution BenefitFacilitates desirable clinic networksecurity practices based on dataanalysisYesNoAnalysis of medical devices activitiesgenerates policy settings executed byCisco ISE.Enforce access policies for device anduser profilesNoYesMore accurate and granular policyenforcementQuarantine devices or limit access tospecific VLANs or network resourcesNoYesNetwork traffic analysis generateshighly accurate alerts of suspiciousdevice activity, handled by Cisco ISE.Assign devices to specific networkzones (ACLs, VLANs, etc.)NoYesMedical device identification facilitatesefficient network zone allocationthrough Cisco ISEAutomates prevention activities initiatedby customized alerts (Optional)NoYesNetwork analysis triggers preventativeactions executed by Cisco ISE, byadministrator demand.Prevention
How It Works1. Medigate – ISE Integrationa. Medigate’s physical appliance is easily deployed in the network.b. Medigate’s appliance is connected to ISE through Cisco pxGrid (Platform ExchangeGrid), a platform that allows data sharing and connectivity between ISE and CiscoSecurity Technical Alliance solutions.c. Through pxGrid, Medigate’s appliance retrieves the relevant session information topopulate its database and sets optimized criteria for on-going data collection.2. Enhanced Network Visibilitya. After collecting network traffic, Medigate discovers and fingerprints connectedmedical devices using deep packet inspection (DPI) techniques.b. Medigate’s appliance feeds new device identifications into the ISE dashboard,updating its devices inventory with granular device information, thus setting veryaccurate profiles of devices.c. Administrators can then create and enforce specific device policies through ISEbased on the precise device discovery an identification.3. Detection and Preventiona. Medigate’s appliance analyzes network traffic to monitor network behaviors,examining network and device protocols and drawing on clinical understanding ofdevices’ behavior.b. Medigate’s appliance identifies anomalous behaviors and alerts administrators withprecise incident information.c. Administrators can take immediate action against suspicious devices through avariety of ISE mechanisms. Medigate’s appliance can also be configured to takeautomatic action in pre-defined events.
Medigate - Cisco ISE Solution Architecture Example
co n t a c t @ m e d i g a t e . i ow w w. m e d i g a t e . i o
the Cisco ISE enforcement mechanisms. The joint solution combines the strengths of both the Cisco ISE and Medigate platforms. Cisco ISE provides industry-leading access control capabilities, including granting network visibility of IT devices, enforcing highly customizable access polic