With 25,000 employees, 13 hospitals, over 90 clinics and upwards of 120 pharmacies across Eastern Wisconsin, Aurora Health Care is the second-largest private employer in the state. Of course, one key to maintaining such a large organization is keeping it secure.
"One of the things about having a network of our size is trying to get a handle on it," says Aurora's lead security architect Dan Lukas.
StealthWatch, a network monitoring system from Atlanta-based Lancope, Inc., has been brought in to protect the network against zero-day attacks, viruses and Trojans. Before deciding to implement the system, Aurora had nothing similar in place to keep vigil over its nearly 1,000 applications.
Lukas says he was impressed that StealthWatch took advantage of Aurora's already existing router and traffic infrastructure, making it a wise investment. "We didn't have to try to reinvent the wheel," he says, "or try to put all these devices out there that could be — management-wise — a pain, both physically and cost-wise."
StealthWatch allows the organization to get a vision of what is going on on its network all the way through, says Lukas. Having this capability is particularly important for an organization such as Aurora, as the healthcare system runs quite a bit of vendor and legacy equipment that it "doesn't always know about from a security standpoint."
Aurora did a StealthWatch pilot for a couple of months, during which time it discovered several infected hosts and third-party equipment. Through the Lancope pilot, the organization found "different medical devices infected with things sending traffic," Lukas says.
After the trial ended and Aurora remediated the unmanaged devices, the company bought the product. It was "pretty easy to see stuff going out to the Internet, because those are choke points," he says, but finding out what was happening internally, without loading monitoring software onto more devices, was Aurora's main reason for deploying StealthWatch.