Security Information and Event Management (SIEM) in Healthcare

October 26th, 2020

Healthcare Security

Security Information and Event Management (SIEM) in Healthcare

Healthcare is transforming and with complexity and trends that have changed the UK healthcare market significantly in line with the NHS Long Term Plan.

Advances in diagnosing, treating and managing patient’s health, as well as aligning with other supporting services from local council, social care and third-party providers, all lend themselves to patient wellness and health, in a home setting and an element of self-provisioning care.

This digitisation of healthcare brings with it an inevitable increase in cyber attacks for the NHS – as well as patient confidentiality and safety. While there are regulatory controls around data privacy; personal health information (PHI/e-PHI), data breaches are becoming all too common.

There has been an exponential increase in the growing dependence on interconnected devices, digitisation of information for shared care provision and the prevalence of cyber security threats. This means that the NHS is now under increased pressure to fend off these threats, automate compliance and improve patient care – all while controlling costs.

The recent agreement between NHS Digital and Microsoft will lead to improved productivity, enhanced collaboration and importantly strengthen cyber security across healthcare services.

As part of the agreement, M365 will be deployed to as many as 1.2 million staff across NHS organisations including Trusts, CCGs and health Informatics Services, creating a truly joined-up NHS. Staff will be able to communicate more effectively and will have access to the information, applications and services they need, reducing the administrative burden on staff and improving patient safety.

Fiona Bowman

See all posts by Fiona Bowman

What is Security Information and Event Management (SIEM)?

Gartner defines SIEM as “a technology that supports threat detection and security incident response through the real-time collection and historical analysis of security events from a wide variety of event and contextual data sources”

Early detection, rapid response and collaboration to mitigate advanced threats means further significant demands on your Security and IT Teams. Reporting and monitoring your log information is no longer enough and given the digitisation of our networks, you need to capture broader insights, generated at scale, across your whole Trust.

Data aggregation is only one part of your effective SIEM – it needs to go beyond to look for unusual behaviours, system anomalies and other indicators of a security incident.

COVID-19 has seen escalating numbers of sophisticated cyber security attacks, compounded by an increase of remote working practices.

What are the SIEM essentials?

Real-Time Monitoring – the ability to monitor; correlate and act in real-time
Incident Response – alongside your Cyber Security Incident Plans, you need an organised way to address and manage any potential breach as well as post-incident handling in line with robust Business Continuity and Disaster Plans.
User Monitoring – Using controls such as privileged user monitoring to seek out any misuse against aligned frameworks
Threat Intelligence – which recognises abnormal activity, assesses the risk to the Trust and supports the prioritising of responding.
Advanced Threat Detection – tools available to your security professionals in order to monitor, analyse and detect threats across the kill chain.
Advanced Analytics – use of machine learning, to automate analysis of trends, patterns and analysis of any hidden threats.

Why Azure Sentinel?

Azure Sentinel is Microsoft’s cloud-native security information and event management (SIEM) and security orchestration automated response (SOAR) solution all in one!

It brings together the latest in security innovation and advanced AI to provide near real-time intelligent security analytics for a bird’s-eye view over your entire enterprise’s IT estate.

With Azure Sentinel you can consume security related data from almost any source – not just sources inside your Microsoft tenant. This removes the need to manage multiple pieces of complex and costly infrastructure components – whilst providing a cloud platform solution that can easily scale to your needs.

Sentinel uses machine learning and AI models to surface important insights based on data consumed through a wide catalogue of data connectors. This includes native connections to all key Microsoft sources, together with a range of native third-party connectors which includes technologies from AWS, Symantec, Barracuda, Cisco and many others.

The solution analyses in excess of 6.5 trillion signals daily to provide unparalleled threat intelligence. This coupled with the ability to filter millions of signals into meaningful dashboard alerts provides comprehensive hunting and investigative capabilities – enabling you to expedite your response to potential attacks.

Sentinel also integrates with a wide range of systems – providing the option to automate your incident response activities, thereby allowing you to orchestrate your activities in an efficient and effective manner.

Four Key Security Pillars

Put simply. Azure Sentinel enables you to:

Collect
Easily gather data at cloud scale across users, devices, applications and infrastructure both on-premises and across multiple clouds.

Detect
Sentinel recognises previously discovered threats and minimises false positives by using analytics and threat intelligence drawn directly from Microsoft.

Investigate
Artificial intelligence identifies threats and hunts suspicious activities at scale.

Respond
React calmly and quickly to incidents with built-in automation processes and responses.

As most of the enterprises consume more and more cloud services, there is a huge requirement for Cloud-Native SIEM. This is where Azure Sentinel comes in to play and has following advantages:

Easy collection from cloud sources
Effortless infinite scale
Integrated automation capabilities
Continually maintained cloud and on-premise use cases enhanced with Microsoft TI and ML
GitHub community
Microsoft research and ML capabilities
Avoid sending cloud telemetry downstream

Protecting Healthcare

Azure Sentinel is a powerful SIEM fit for the modern technological landscape. It provides a bird’s-eye view of your entire IT estate along with smart analytics supported by advanced artificial intelligence to help detect and respond to threats in near real-time.

Azure Sentinel can integrate seamlessly with your pre-existing Microsoft and non-Microsoft infrastructure, while still providing you the control to customise Sentinel to match your security requirements.

This all contributes toward defending your organisation against the ever-growing cyber security threats of this modern world. Azure Sentinel’s use of automated playbooks can also increase the productivity of IT and support personnel by reducing the amount of trivial and time-consuming remediation tasks required, all while increasing response times to incidents.

Ready to learn more?

To discuss Azure Sentinel and more, contact the Security, Risk and Compliance Team at Phoenix. Just fill in the form to the right, or alternatively you can email us at [email protected] or call us on 01904 562200.

About Phoenix

Phoenix enables digital transformation in the workplace, empowering UK organisations to innovate and transform with cloud and hybrid infrastructures data, AI, security, and collaboration tools. By understanding the individual goals of its customers, Phoenix delivers remarkable, outcome-focused IT solutions and services that allow UK organisations to make a difference to the lives of their employees, service users, and communities.

Phoenix is a signatory on the Race at Work Charter, and a Disability Confident and Living Wage employer. The company is also actively involved in encouraging more women into the IT industry.

How we handle data | Unsubscribe

Recent Blog Posts

04-04-2024 - As we innovate, QR codes are becoming commonplace. From accessing restaurant menus to event tickets, QR codes offer convenience and...... Read more
03-04-2024 - From 15 July 2024, Adobe will no longer be selling Acrobat Standard 2020 and Acrobat Pro 2020 licences in the...... Read more
25-03-2024 - As organisations worldwide become more aware of their environmental impact, the concept of green technology has emerged as a simple...... Read more

Sign Up

Please enter your details below to opt-in for the latest news, events and industry updates from Phoenix.

You currently have JavaScript disabled. This site needs JavaScript enabled in order for it to run correctly. Some functions of the site may not be useable or the site may not look correct until you enable JavaScript.
Please enable JavaScript in your web browser.