PALO ALTO NETWORKS IGNITE — On Day 2 of Ignite 2022, Palo Alto Networks focused on the importance of medical device security to stop the barrage of cyberattacks on health care organizations that are putting patients’ lives in jeopardy.

Anand Oswal, Palo Alto Networks’ senior vice president of products, network security, gave a briefing on medical IoT security during this week’s Ignite 2022 conference in Las Vegas.

Last week, Palo Alto Networks announced Medical IoT Security, a comprehensive zero trust security solution for medical devices. It enables health care organizations to deploy and manage new connected technologies. Zero trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust by continuously verifying every user and device.

Palo Alto’s Anand Oswal

Oswal said health care providers around the world are reimagining patient experience with the use of smart medical devices. These devices are providing breakthrough improvements in patient outcomes. However, they an introduce new threat vectors and become vulnerable assets.

Connected Devices Bring Greater Risk

With connected devices, health care organizations are enhancing patient experience, improving patient outcomes, increasing efficiencies and reducing costs, Oswal said.

All these connected devices bring greater risk, he said. From 2020 to 2021, there was a 200% increase in cyberattacks on health care organizations. At the same time, there’s been a massive increase in devices coming to health care. And by 2030, 1.3 billion additional devices will be coming to health care.

“As a result of these attacks, patient data is compromised, hospital operations are halted and patients’ lives are at risk,” Oswal said.

Some 83% of imaging systems are powered by end-of-life operating systems, he said. Seventy-five percent of infusion pumps have unpatched vulnerabilities. Furthermore, 72% of health care organizations have a mix of IT and medical devices within the same network.

“Vending machines are on same network as medical ER devices,” Oswal said.

You Can’t Protect What You Can’t See

A common instinct when attacked is to shut down and isolate, but that’s not possible with critical infrastructure like health care, Oswal said.

“Why’s it so hard securing medical IoT?” he said. “If you can’t see it on the network, you can’t do anything about it. You’re telling me I have a leak in my house, but not where, what my home warranty is, etc. That’s not good enough.”

Adopting a zero trust approach to securing medical devices is critical, Oswal said.

“Secondly, it’s important to proactively manage your medical devices and simplify compliance,” he said. “Third, simplify security operations and reduce total cost of ownership (TCO).”

Zero trust means knowing and understanding what is connected on your network, and reducing risk with least privilege access controls, while continuously monitoring to block known and unknown threats.

“Know how and when your critical medical devices are being used,” Oswal said. “Safely onboard, optimize and retire your devices. And know your compliance.”

What’s Driving SASE, ZTNA 2.0 Adoption

Palo Alto’s Kumar Ramachandran

During another Ignite 2022 briefing, Kumar Ramachandran, Palo Alto Networks senior vice president of product and go to market, talked about what’s driving adoption of secure access service edge (SASE) and zero trust network access (ZTNA) 2.0. ZTNA 2.0 combines least-privileged access with continuous trust verification, and ongoing security inspection to protect all users, devices, apps and data everywhere.

What’s driving adoption of SASE and ZTNA 2.0 is hybrid work and hybrid cloud, he said. 

“We’ve seen a decade or two’s worth of IT transformation get compressed in the last two years,” Ramachandran said. “If you think about it … how we used to build IT and network security infrastructure for the last three decades was mostly branches. People coming to work in a certain location, driving traffic toward a data center, apply security crossing and network crossing, and then from there the traffic goes …

… to an application data center or even an application in the cloud. This is how organizations were thinking about their security and network infrastructure.”

Every Application from Everywhere

The world has clearly moved away from that as users want every application from everywhere, Ramachandran said.

“It’s no longer a small set of branches going to a data center,” he said. “It’s tens if not hundreds to thousands of users accessing all of the applications, my internet, my SaaS, my cloud, my data center, access to everything that’s available to me. So if you look at it, what really happens is the surface area actually explodes. So what needs to happen is that surface area has to be protected. The user experience has to be delightful. And then the operations have to become simple. Those are the three big things people are trying to do.”

Securing this new model while delivering optimum user experience and not creating a heavy burden on IT is what’s driving SASE and ZTNA 2.0, Ramachandran said.

The Importance of Automation in Cybersecurity

Yoni Leitersdorf is CEO and founder of Indeni, a security infrastructure automation platform.

“We work with Palo Alto Networks customers and they deploy our software to automate a lot of their day-to-day operations with the firewall infrastructure itself,” he said. “So what that means is they deploy Palo Alto Networks firewalls and also devices made by other vendors. Usually they have an operations team that is responsible for keeping those devices up and running, and correctly configured, making sure that VPNs are working and that the licenses are correct, and integration with Active Directory is working, all those things. And it’s very hard for them to stay on top of everything. And other systems today have no real visibility into that.”

Indeni’s Yoni Leitersdorf

Indeni built a platform that is intimately familiar with Palo Alto Networks firewalls, Leitersdorf said. It knows exactly what kind of configuration mistakes people make and what performance issues they run into.

“Our platform will identify those,” he said. “We’ll automatically execute a triage flow and we’ll tell the operators what they need to do to fix it. And also, our platform can automatically fix it if they’ll let it do it.”

Automation Takes Away Mundane Tasks

Automation takes away the mundane tasks in cybersecurity, Leitersdorf said.

“So if you think about about the burnout of these people, their burned out because they’re flooded with information, and then the tasks they end up doing are very boring and very repetitive,” he said. “Day in and day out, they come into an eight-hour shift or a 12-hour shift, and they’re just doing the same things every single day and they don’t want to do it anymore.”

Automation removes everything that doesn’t require a human being, Leitersdorf said. It then presents the conclusion of those tasks to a human. Therefore, you reduce the “noise” by 80-90%.

“Your software says OK, I’ve done all this analysis, and I’ve figured out all these different data points,” he said. “This is the bottom line. You can use this bottom line or if you want, I’ll even do it for you. Just give me the OK. By doing that, you’re allowing these people to focus on much more interesting things. They can focus on rolling out a new feature. For example, there’s DNS security in Palo Alto Networks. So now I can roll out this new DNS security feature because all the the basics of getting the firewall operating is already done and everything’s good. And so that really helps them find a lot more interest and also helps the organization, because the organization can now see a lot more value of what they invested in.”

Automation in cybersecurity is rapidly growing and is “really taking over the market,” Leitersdorf said.