Maximizing Healthcare Security with NDR: Best Practices and Buying Tips

Discover how this new NDR technology can help secure your network

NDR vs. MDR

Which Do We Really Need?
Brian Thomas, Product Marketing Manager
Aug 28, 2024
Blog

Healthcare organizations need cybersecurity protection—but they want to stay smart and efficient, avoiding unnecessary additional headcount. With CISA enhancing security compliance guidelines to include detection and response capabilities, it’s not surprising when healthcare organizations outsource to Managed Detection and Response (MDR) services. 

The key difference between MDR and Network Detection and Response: MDR is a service, while NDR is a tool. When you’ve got an MDR, you’re essentially outsourcing key security functions to third party experts who can use various tools to detect and respond to attacks—but they’re only as capable as the tools they’re empowered with

Defense in depth requires using the right tools for every layer. That’s where NDR (Network Detection & Response) comes in—with defense in depth at the network layer that goes beyond what an MDR can provide.

The TL;DR: MDR services typically use EDR tools, which monitor laptops and desktops, not IoT devices or the network. NDR is a must-have in the healthcare environment because of all the blind spots left by the EDR technologies used by MDR providers.

Wait…My MDR Provider Isn’t Using NDR?

Probably not. 

MDR isn’t a specific software tool or platform, but instead a service offering. Security experts working for MDRs work for multiple clients, providing monitoring and incident response 24/7. No more trouble staffing the night shift—that kind of availability is worth a lot.

The vast majority of MDR providers keep their focus on endpoints. Their security experts are trained on understanding threats indicated by EDR tools, then triaging and responding to those threats before they turn into breaches.

For some operating environments, the EDR-based approach offers good coverage: in a typical corporate office, for instance, the vast majority of the attack surface consists of laptops, desktops, and servers. In healthcare, they’re also important…but a huge additional attack surface remains uncovered by EDR.

We’re talking here about IoT devices—and modern healthcare has them everywhere. Think thousands of infusion pumps. Surgical robots. Implantable devices. Those are endpoints, too—but because they don’t use typical operating system software like Windows, MacOS, or Linux, they’re totally invisible to EDR solutions.

That’s where NDR comes in.

By identifying anomalous behavior in the network layer, NDR (especially when using a tool specifically designed for healthcare needs) illuminates threats and allows rapid response while MDR services would still be in the dark.

Hidden Attack Surfaces: JekyllBot:5 And the Limits of MDR

Smart hospital robots were designed to improve healthcare by automating transportation and distribution of supplies. But what if a threat actor commandeered one of these robots—stopping them from reaching their intended destination, or even intentionally interfering with hospital operations?

Cynerio discovered exactly this issue with Aethon TUG robots. The vulnerabilities, which we called JekyllBot:5, could potentially have allowed an attacker to execute arbitrary commands using the robot—anything from taking unauthorized photos to accessing restricted areas, or even injecting malware in an administrator portal browser to expand the attack laterally.

That’s exactly the kind of attack MDR providers will miss—and it’s not their fault, just outside the scope of what their tools were meant to monitor.

How NDR Sees Beyond MDR

More than half of connections on a typical hospital network come from connected IoT devices—sometimes far more than half. NDR sees behavior at the network layer, and identifies when network traffic is behaving unusually.

With specialized healthcare-oriented NDR tools, you can empower your security team or MDR with deeper insights and capabilities, including:

  • Wider coverage: See across your entire network, including the many devices based on IoT firmware and small operating systems invisible to the EDR tools MDRs use.
  • Automated enforcement: Create policies for network behavior and automatically block traffic from sources that have begun to indicate a possible attack in progress.
  • Deep healthcare security insights: Purpose-built healthcare NDRs know what traffic in a healthcare environment is supposed to look like and can rapidly detect indicators of compromise before attackers move laterally.

Just remember—MDRs are great for taking some of the burden off your security teams, but they don’t represent a complete security solution that covers all sources of risk.

If your MDR doesn’t yet have NDR capabilities, you can also talk to your MDR representative about offering these services, or ask whether they would manage an NDR solution that you purchased for your organization.

Talk to Cynerio today to learn how NDR built for healthcare can keep your entire network environment—and your patients, staff, and providers—protected.

read next

NDR vs. XDR

Brian Thomas, Product Marketing Manager
Sep 12, 2024

NDR vs. EDR For Healthcare

Brian Thomas, Product Marketing Manager
Aug 8, 2024
Go Back to Blog

Keep your finger on the pulse of Healthcare IoT security

Get Your Free Pass to HIMSS21

August 9 -13, Las Vegas

HOW? Easy! If you are a Healthcare IT Executive and you book a 30-minute call with us before July 30th, you get a free pass (valued at $1295)

Book a Call

*Please note that there is limited pass availability

Product
Healthcare Cybersecurity PlatformPatient Data SecurityNetwork Detection + ResponseComplete Asset VisibilityMedical Device SecurityCynerioLive
Resources
BlogDatasheetsWhite PapersUse CasesPartnershipsInfographicsMediaVideosWebinars
Company
About UsLeadershipPress ReleasesCareersContact Us
Partners
ResellersDistributorsTechnology & Alliance PartnersMSSPReferral Partners
Follow us
Facebook
LinkedIn
X
© Copyrights Cynerio 2024
Privacy Policy