Claroty, the cyber-physical systems (CPS) protection company, has officially announced the launch of a new Advanced Anomaly Threat Detection (ATD) Module, which is designed to help healthcare organizations identify assess, and prioritize threats posed upon connected medical devices, IoT, and building management systems (BMS). Set to become available on Medigate Platform from Claroty, the solution comes decked up with signature-based detection capabilities where you can basically improve threat detection, analysis, and response based on known signatures and Indicators of Compromise (IoCs). This signature content can also be used for investigation purposes, all while giving you the option to enable or disable it at your discretion. Next up, we must get into the model’s custom communication alerts that are there to keep you updated on device communication patterns throughout a given network, something which can eventually make it possible for you to spot abnormal behavior and traffic across connected devices. Examples relaying the same involve a BMS communicating with a guest network, or an IoMT device using an unsecured protocol. Having referred to alerts, Claroty’s new model also provides you with device change notifications. Here, the idea is to pinpoint significant device changes within healthcare environments for further investigation, This can include an instance of when device reappears after being offline for a significant period, experiences a significant change in risk profiling, or undergoes a network status change.
Then, there is also an element of MITRE ATT&CK for Enterprise threat mapping which contextualizes remediation information through mapping alerts documenting various tactics and techniques within the MITRE ATT&CK framework. Such a mechanism means responders are better positioned to understand the goals of malicious actors. This information they can use for more swiftly and appropriately responses, as well as for achieving a streamlined process.
“Healthcare Delivery Organizations have been facing an uphill battle for years, with the threat of the next ransomware attack always looming. Cyberattacks against clinical devices and OT assets in HDOs have real-world consequences to providing patient care,” said Grant Geyer, chief product officer at Claroty. “The capabilities offered within the Advanced ATD Module help healthcare organizations take a critical step toward achieving full visibility, with in-depth understanding and transparent view of the greatest threats against them. When clinical workflows and patient care are involved, there is no room for blind spots.”
The development in question provides an interesting follow-up to Claroty’s 2023 Global Healthcare Cybersecurity Study, which claimed that more than 78% of healthcare organizations experienced at least one cybersecurity incident over the last year, with over 60% of these incidents boasting a moderate or severe impact on patient care delivery. Another detail it follows up on is rooted in US Department of Health and Human Services’ recently published Healthcare and Public Health (HPH) Cybersecurity Performance Goals (CPGs). The stated goals, to put it simply, include a measure specifically for detecting and responding against relevant threats and tactics, techniques, and procedures (TTP) so to “ensure organizational awareness of and ability to detect relevant threats and TTPs at endpoints.” It is also geared towards ensuring that “organizations are able to secure entry and exit points to its network with endpoint protection.”