Background: Securing Critical Healthcare Operations
As a leading university hospital in South Korea, this institution operates a vast medical complex, serving thousands of doctors, staff, patients, and visitors daily. Utilizing a wide range of medical devices and IT assets, protecting sensitive patient information and ensuring continuous system availability are paramount.
Addressing Evolving Threats and Operational Complexities
The hospital faced challenges securing its highly active network against modern cyber threats that often bypassed traditional defenses. Key concerns included:
- Comprehensive Endpoint Visibility: Real-time insight into all connected devices, from medical equipment to personal mobile devices.
- Advanced Threat Detection: Identifying sophisticated threats like fileless malware or ransomware.
- Rapid Incident Response: Quickly detecting and responding to security incidents without disrupting critical operations.
- Compliance & Data Confidentiality: Adhering to healthcare regulations and maintaining patient data confidentiality.
Solution: Genians EDR – A Natural Extension of Proven NAC
The hospital initially adopted Genian NAC in 2018, establishing a robust network security foundation. After three years of proven success, the hospital further advanced its posture by implementing an Genian Endpoint Detection & Response (EDR) solution in 2021.
To ensure the best fit, the hospital thoroughly evaluated various EDR solutions. Their assessment prioritized operational efficiency and seamless integration with their existing Genian NAC. While many solutions showed specific strengths, Genian EDR’s unique ability to manage both NAC and EDR with a single agent proved a decisive differentiator, unmatched by other vendors. This perfectly aligned with their goals of maximizing efficiency and reducing complexity.
Their existing NAC provided essential capabilities:
- Network Access & Device Control: Blocking unauthorized devices, managing user/IP access, and enforcing software compliance.
- User & IP Management: Integrating with HR DB and Active Directory for user control, managing IP addresses, and supporting BYOD/Guest access.
- Patch & Threat Management: Verifying patches, controlling peripheral devices, and monitoring for excessive traffic.
- Auditing & Encryption: Comprehensive audit trails, Syslog integration, VLAN support, and encrypted communications (Common Criteria certified).
- Device Platform Intelligence (DPI): Providing detailed device classification and contextual information for enhanced network visibility.
Building on this foundation, the hospital chose Genian EDR. This choice was influenced by Genian EDR’s unique design as a plugin to the existing NAC agent, offering critical advantages:
- Rigorous Validation in Testing: Genian EDR successfully addressed issues observed in competitor solutions, notably providing IP-based search (not just computer name) and maintaining full agent functionality even when disconnected from the policy server. Before deployment, it successfully detected and responded to three latest ransomware variants in a crucial validation test.
NAC & EDR Synergy for Unified Control
Genian’s exceptional integration capabilities with the hospital’s existing Genian NAC and SIEM systems truly set it apart.
- Single-Agent Deployment & Operational Ease at Scale:
- One lightweight agent with EDR plugin capabilities now provides comprehensive NAC and EDR functionality, ensuring exceptional system stability and performance across thousands of endpoints, even at scale.
- Leveraged existing NAC deployment for seamless, simplified rollout, operating quietly with low memory usage (as low as 9–12MB) even in low-bandwidth branches.
- This plugin-based integration significantly minimized operational overhead and agent deployment efforts.
- Dynamic Enforcement Through Combined Intelligence:
- Seamless integration allows NAC to enrich endpoint understanding with EDR’s real-time security status and behavioral history.
- NAC’s policy engine can dynamically adjust network access policies based on these precise EDR insights.
- Rapid network-level response: EDR-detected anomalies or threats trigger immediate NAC blocking or quarantine, vital for preventing threat propagation and aiding forensic analysis.
- EDR logs feed directly into SIEM for unified threat visibility and investigation.
Summary: Fortified Healthcare Security, Uninterrupted Patient Care
With Genian NAC successfully deployed since 2018 and Genian EDR added in 2021, the hospital has leveraged Genians’ integrated security solutions for over 7 years of continuous operation. This long-term partnership has provided comprehensive network surveillance and advanced visibility, powered by DPI.
Streamlined Compliance and Unparalleled Availability
Since its deployment, the hospital has experienced no ransomware issues on any endpoint terminals, a testament to Genian EDR’s effectiveness. The solution’s detailed logs allow the hospital’s skilled security team to readily analyze abnormal behaviors on diverse medical devices (e.g., endoscopes, ultrasound, X-ray machines), pinpointing the exact device and activity. Genians enables the hospital to correlate network data into actionable intelligence, supporting regulatory compliance. By simplifying user/device authentication and achieving full integration with existing systems, Genians provides a centralized interface. The hospital now ensures the highest levels of system security, availability, and regulatory compliance, all without disturbing crucial daily operations, ultimately enhancing patient data protection and ensuring uninterrupted care.
