Customer Stories

MAO

Based in Montgomery, Alabama, Medical Advocacy & Outreach (MAO) is a nonprofit medical institute providing HIV, Hepatitis C, and diabetic care. MAO began in 1987 as a volunteer organization. Today, its services span 28 Alabama counties. In 2011, MAO launched the Alabama e-Health Telemedicine Initiative, delivering HIV-specific care, pharmacy consultations, mental health counseling, and social services, a pharmacy and dental clinic opened in 2017. The organization continues to look for ways to improve Healthcare options in their coverage areas.

Starting With a Clean Slate

When Benjamin Urquhart joined MAO as Division Manager of Information Technology, he found that the network and security infrastructure was not able to support the organization’s rapid growth. For several years, MAO had relied on third parties for network management and security services. An anti-malware product installed on the endpoints was not enough to meet compliance requirements, and other security measures were not current.

“As a medical provider, HIPAA compliance and data privacy concerns are critical, especially when working with HIV cases, which have stricter regulations,” said Urquhart. “We decided to bring our network and security management in house for more control and better protection. It was time for a clean slate.”

Urquhart had experience with Check Point solutions in the past. Before he approached MAO senior management and the Board of Directors to explain why the organization needed enterprise-level security and technology, he launched a small proof of concept deployment of Check Point Security Appliances and R80 Cyber Security Management.

Crystal-clear Visibility

The Check Point security logs with analysis and reporting found thousands of botnet connections, malware, and other malicious threats coming in and going out of the network. With SmartEvent providing crystal-clear visibility into cyber attacks, it was easy to see how serious the threats were.

“I expected to see these kinds of threats, but even I was surprised at the volumes,” said Urquhart. “The Check Point solutions gave me hard data about how much visibility we lacked and where we were at risk.”

The data was also compelling to the Board and senior managers, who approved a significant security and technology initiative to not only support the organization’s growth, but also provide compliance ready security. Urquhart deployed the Check Point Security Appliances over one weekend to secure the clinics as quickly as possible. Check Point SandBlast Agent with Threat Emulation and anti-ransomware now defends end-user systems against zero-day threats, bot communications with command-and control servers, and other advanced attacks. Check Point Anti-Malware efficiently detects malware with a single scan, while Check Point Compliance continuously monitors security infrastructure, gateways, technologies, policies and configuration settings all in real time to ensure compliance
requirements.

U.S. Public Health Services Provider

As a leading West Coast provider of emergency health services, this organization has over two million patients and runs over 90 locations, with two major trauma and rehabilitation centers. The organization provides critical, life-saving services in emergency cases.

Protecting Patients

Being a large-scale healthcare provider, the organization is responsible for securing its patients’ highly sensitive data. Information such as patients’ medical information, social security numbers, and personal addresses makes the organization a prime target for malicious actors. Entry of any bad actor could have disastrous results for patients and the hospital including identity theft, insurance fraud, data manipulation leading to mistreatment and more.

With important medical devices that require internet connectivity, it is
absolutely crucial that the organizations’ network is protected. If an attack compromises connectivity, downtime to life-saving devices could result in serious repercussions to patients receiving emergency care. This could lead to delays in treatments, patients getting sicker or even death.

To ensure patients receive the emergency services they need, the organization needed a solution that would not just detect advanced threats to its network, but ultimately prevent them from coming in.

“I believe in the Check Point product, SandBlast, because we believe in
prevention and not just monitoring. So we use it in line, and it works really well,” said the Information Security Manager at the Public Health Service Provider.

Advanced Threat Prevention

To protect its network, the health services provider chose Check Point
SandBlast with Zero-Day Protection. The organization uses Check Point
Firewall IPS, App Control, Anti-Bot, and Anti-Spam capabilities, as well as Threat Emulation and Threat Extraction technologies. Check Point’s unique CPU-level exploit detection capability enables Threat Emulation to block malware designed to bypass regular sandboxing technologies, ensuring security against advanced threats such as WannaCry.

With Check Point SandBlast, the organization has been able to prevent
countless attacks through email and web thanks to the Threat Emulation technologies. According to the organization’s Information Security team, event logs show that CPU-level evasion detection has been highly effective in catching malware.

The team also found Threat Extraction to be highly useful.

“Threat Extraction was very promising, as we could deliver a cleansed
document while the file actually gets checked in the background to see if it’s malicious,” said the Information Security Manager.

This company is an independent, not-for-profit organization that has provided health care services in its state for more than 30 years. When it experienced a growing number of cyber-attacks, it quickly moved to add another layer of security.

Protecting Patient Data

 Like other organizations in the health care sector, insurance companies have experienced intensified cyber-attacks within the past 12 to 18 months. Patient care data and financial data are at stake, so the company took decisive steps early in 2015 to boost its defenses. Over time, it had acquired multiple point solutions, each with its own set of capabilities. Now the company wanted to add layers of security and new features to close some gaps, such as improving Data Loss Prevention (DLP) coverage.

“We were seeing high volumes of zero-day and other advanced threats,” said the Chief Executive Security Officer (CISO) for the company. “We needed to increase our capabilities and reduce our security infrastructure support and maintenance burden at the same time.”

The company had multiple, separate firewalls for web filtering, content filtering, and Intrusion Prevention System (IPS) protection. As the CISO and his team evaluated their options, they looked at Palo Alto Networks, F5, FireEye, and several niche solutions. However, none of them offered the unique combination of comprehensive features, high scalability, centralized threat visibility, and low IT overhead that they wanted.

“We have a small team supporting a large number of technologies and programs,” the CISO said. “It was important to simplify as much as possible so that we can focus on strategic security projects instead of multiple, point solutions.

Proof of Protection

 After conducting a proof-of-concept evaluation with one other vendor, the company chose Check Point’s SandBlast Zero-Day Protection solution. Check Point SandBlast protects networks from even the most sophisticated malware and zero-day threats, using Threat Emulation sandboxing and Threat Extraction technologies.

“Check Point met our requirements of being able to consolidate capabilities into one solution,” the CISO said. “We also liked the fact that we can deploy it on premises for more control.”

The health insurance company migrated to SandBlast over several months to avoid disrupting its existing environment. It gained consolidated Check Point firewall, IPS, Virtual Private Network (VPN), DLP, zero-day protection, web filtering, and anti-bot protection capabilities in a single, easily manageable solution.

A leading regional hospital in the Northeastern U.S. offers a variety of clinical services, from cardiology, critical care, and oncology, and surgical procedures to fitness, wellness, and education programs. The hospital is proud to be accredited by the Joint Commission, and has received a variety of awards, including recognition by the American Nurses Credentialing Center.

“We are a community-based hospital with about 100 beds, and are highly rated, with numerous certifications and awards,” says the healthcare provider’s IT security engineer.

Protect Patient Data in an Evolving Threat Landscape

Like most healthcare providers, the hospital relies on its network to support its most important patient services and business operations. Maintaining maximum security is a top priority. Approximately 1,200 users depend on the network, and the facility is dedicated to complying with the Health Insurance Portability and Accountability Act (HIPAA) and other industry regulations.

“We send and receive a lot of sensitive information through our network and firewall, including payment processing with our business partners,” says the IT engineer. “We have concerns about data being breached, patient security, and our own security for our employees and files.”

The hospital’s IT team stays educated on the security landscape, and zero-day malware has emerged as a major threat over the past few years. According to the 2016 Check Point Security Report, the number of unknown malware downloaded per hour in 2015 was nine times greater than the previous year. The stakes are high, since even a brief security lapse could compromise business systems or even impact healthcare services.

“Our patient systems are generally separate from our patient care systems, but we are still in a connected environment,” says the engineer. “If a threat gets through, there is the potential that it could impact large parts of the network.”

The technology team understands that effective security needs to protect the network not only from external threats, but from issues that originate inside the hospital as well.

“One of our biggest worries is about what happens internally,” says the IT engineer. “A problem could arise from something as simple as a user bringing in an infected file on a thumb drive. Research has shown that oftentimes employee behavior can increase risk.”

Preventing New and Unknown Attacks Before They Strike

The hospital has employed Check Point security solutions for years, and depends on redundant 12400 Appliances to provide complete, high availability protection against evolving threats.

To help the organization complement its firewall and IPS solutions, Check Point recommended the cloud-based SandBlast Threat Emulation Service. This convenient, zero-day sandboxing solution not only offers the protection the healthcare provider requires, but is simple to set up and manage.

“I like the cloud-based service because Check Point can take care of it and keep the environment up to date better than we can,” says the IT engineer. “That eliminates the worry of having to maintain OS upgrades, patches, and other updates. And we can still configure the rules, so we can control it the way we want to and use it the way we want to.”

The Check Point SandBlast Threat Emulation service lets the hospital discover and stop new threats and zero-day attacks using emulation in a virtual sandbox. The solution focuses on email attachments and file downloads, and works smoothly without impacting the hospital’s existing environment.

“Our SandBlast Threat Emulation runs in the cloud, and I have to say it’s fast,” says the engineer. “It examines about 1500 files a day, and you would think that there would be a delay, but we tested it, and the performance is fine.”

Next-Generation Prevention, Protection, and Performance

For additional protection against external threats, the regional hospital also relies on the Check Point IPS Software Blade, which combines with the other capabilities on the 12400 Appliances to deliver proactive, best-of-breed security. Its advanced monitoring provides deep insight into attacks, their targets, and their sources.

Simple, Complete Security Management

The healthcare provider has a small technology organization, and making the most of its limited resources is important. The Check Point solution includes central unified management that gives the IT team complete control over their entire security environment from a single, intuitive dashboard.

One of the world’s largest medical diagnostics companies, this business provides laboratory and radiology services to medical practitioners, hospitals, community health services, and their patients. It currently employs more than 20,000 employees in its operations around the world.

With continued growth derived through global mergers and acquisitions, the company realized that many of its newly acquired companies were working with disparate security infrastructures, often including old or even nonexistent firewall technology. With Check Point, it is able to:

• Standardize all locations to a single vendor
• Eliminate administrative burden associated with operating a multi-vendor security solution
• Consolidate security technologies
• Simplify network security deployments

Check Point appliances provide robust, cost-effective protection

The company standardized on Check Point appliances to provide robust and highly scalable network security throughout its globally dispersed network. The appliances serve as core firewalls, as well as the company’s main interface and border into its partner hospitals, which can have upwards of a 1000 devices that connect into the company’s radiology imaging and pathology infrastructure with real-time patient care communication. “The Check Point 4200 appliances deliver exceptional stability, security, and price performance in an extensible package that can grow with us over time.” Additionally, the company connects its medical equipment located throughout its laboratories to the network. These devices run on both Microsoft and Linux operating systems and as a result, just like any PC, are susceptible malware and other threats. To ensure the security of the corporate network, the company leverages Check Point UTM-1 Edge devices at each laboratory location.

Software Blade Architecture consolidates technologies, improves security

The Check Point Software Blade Architecture gives the company the ability consolidate multiple technologies, such as Firewall, IPS, URL Filtering and more, on a single device and provides it with the ability add new layers of protection as its business needs change and evolve. With more than 50 gateways and over 20 million events per day, technologies such as the Check Point Identity Awareness and SmartEvent Software Blades are critical in helping the company pinpoint users and machines when security issues arise. “We’re able to look at events, easily find out who the user is, and determine if further investigation is required. This saves us a couple hours a day by having the ability to make informed decisions upfront.” In addition the company has begun using the Check Point URL Filtering Software Blade at one of its branch locations which has entirely replaced the need for its expensive and cumbersome proxy server. With this success, the company now plans to roll out the solution across its global infrastructure.

Centralized management simplifies administration

To manage its large distributed Check Point environment, the company leverages the Check Point Multi-domain Security Management solution with SmartEvent, SmartView Tracker, and SmartWorkflow Software Blades. Together, the management solution provides the company with a complete view into its network security universe from a single console. “We’re able to manage our entire infrastructure with just two administrators. Having this level of central management keeps our labor costs very low; it’s fantastic!”

Overseas travelers and workers don’t need to count on the universal distress code when they’re hooked up with International SOS. The world’s most comprehensive medical and security assistance company, International SOS is in the business of helping people.

The company provides services to leading multinational corporations, insurers, financial institutions, and government organizations, with more than 6,100 corporations and 60 million members worldwide. It has more than 3,700 employees, a global network of 24/7 alarm centers in 28 cities, 22 wholly owned international clinics, and a fleet of 10 dedicated air ambulances. Its employees speak 77 languages and are spread over remote site operations in more than 60 countries. More than a third of its employees are professional medical specialists such as doctors, nurses, medics, pharmacists, and aero-medical specialists.

International SOS used appliances to help secure communications, but found them to be unwieldy in emergencies and remote locations. At the same time, most firewall and VPN security solutions demand a great deal of patience and knowledge to set up, and receive only secondary focus in the remote field locations where medical and physical security emergencies must take precedence. Further, not every solution can be managed from a single console, and requires much attention from IT administrators. From the cost perspective, most appliances and other security solutions carry a high cost of ownership unnecessarily burdening a company. And finding local technical administration talents in remote locations, especially for specialized appliances, can be a problem.

International SOS migrated its hardware appliances to a centralized management Intel-based server running Check Point SecurePlatform™ with FireWall-1® and VPN-1® Pro™, coupled with Check Point ClusterXL®. SecuRemote® was installed on remote PC clients for International SOS’s emergency medical and physical security teams on assignments or in remote branch locations. ACE Authentication from RSA Security, a Check Point OPSEC (Open Platform for Security) partner, was installed on the PCs. There are a total of 35 VPN nodes.