LogRhythm outlines the healthcare opportunity for SIEM
Security intelligence and analytics vendor LogRhythm is urging local resellers to up their focus on the security market - now - and consider the opportunities presented by the healthcare sector, with both markets currently seeing high growth in IT spend.
Bill Taylor, LogRhythm Asia Pacific and Japan vice president, says while security spend has traditionally accounted for around two to three percent of enterprise IT budgets, that number is soaring.
“I can tell you going forward it will be five times that amount,” Taylor says.
“In terms of the commercial world they will have to spend between 10% and 15% of their annual IT budgets to protect themselves and their organisations.
“That’s an opportunity for resellers to capitalise on the security trend and that rapid movement. It’s seeing huge growth and it’s happening now so get in, get on board now, get your people trained up and get into the security business.”
Healthcare too, is seeing increasing demand for security as attacks on the sector increase, and Taylor says there is real scope for automation within the sector.
“Healthcare systems aren’t in great shape across the world and have suffered from being quite old in a lot of cases.
“A lot of tools, a lot of pieces of equipment have got very basic software on there from the mid-90s and quite often it’s not patched and leaves patients and patient records exposed to these nefarious threat actors who want to use it for financial gain or political gain.”
While patching those systems can be problematic - with many of the products, tools and software used no longer supported, he says patching them ‘to as up-to-date as possible’ is a start point.
“But on a broader front, having a series of tools that can automate a lot of this is going to be the real answer,” he adds.
“If you’re building a security operations business to protect you, you need to look at the fundamental things that are going to take care of you.
“And the first thing to do is to make sure everything is patched and up to date as much as you can and then implement a security intelligence platform to allow you to monitor and measure your baseline from what it was to what it should be and what it should be going forward.”
He says the key is having software which will monitor all the devices and provide the ability to review them and see what they’re up to and where they’re at.
“It’s impossible to do it on your own and you do need help. You need actionable threat intel, things like what are the indicators compromised, what are the changes to the external threat environment and how does that affect you internally and then things some analysis looking for some context around the incidents, the events, the threats, the campaigns, the history and how it is related to attacks you have seen or been aware of.
“It’s really having the intelligence to react and respond accordingly and take that to the executive and say these are the issues we’re facing.”
Taylor admits the healthcare sector traditionally hasn’t spent big on IT security, but says a base level of software can be ‘reasonably inexpensive’ and provide reporting, alerting and some automation to remediation.
“Having that is really important because it is impossible to read the hundreds of millions of logs and data coming out of all these devices, plus their own IT infrastructure, and their own email systems. It’s impossible.
“We recommend they have a suite of software that will automate their baseline for 90% of the environment and deal with 10%. Whereas at the moment they’re probably dealing with 50%. Really it’s making the start, stepping onto the ladder and then building thereafter,” he says.
“Having a breach is significantly more damaging than spending $50,000 or $80,000 on a fairly sophisticated security intelligence system,” he adds.
Taylor says increasingly LogRhythm is seeing resellers turning to the MSSP model to deliver the vendor’s security intelligence and analytics - something smaller healthcare organisations can harness those offerings. Larger healthcare organisations will however, need to complement it with internal, on-premise solutions as well.
“We’ve got quite small organisations that were traditional resellers of less than 20 people and they’ve kicked off an MSSP arrangement, so they’ve invested in a SOC and run our software and some other tools as well and offer that service to clients.
“Every month we get at least a couple of companies wanting to do this. So that’s new for us in the last 18 months seeing companies with this business model. And maybe they provided some consultancy services before, or they’re a traditional reseller or partner and have decided to take a slightly new tack on that security perspective and go on.
“You can also bundle that with an off-premise solution and an on-premise solution, so you can say we offer an MSSP offering to you for $x month, but at the same time if the customer would prefer to buy their own security operations centre or set up there own, then the reseller can offer that on premises as well.”