Referenz Story - F4 IT

Managing Risk in the National Health Service

Challenge

The UK’s National Health Service (NHS) security made the headlines in 2017 when the WannaCry and Petya ransomware attacks took cyber crime to a new scale, never seen before. Some 200,000 organisations were affected in over 150 countries and in the UK, it was the NHS that felt the full force of the attack across 48 health trusts in England. But while many IT departments were frantically trying to mitigate the impact of the ransomware attacks on a Friday afternoon in May, the team at Care Plus Group in North East Lincolnshire were looking forward to the weekend.

F4 IT is part of Care Plus Group and currently supports 14 organisations and over 2,000 staff. Their clients provide a wide range of services from community nursing and adult social care, to end-of-life support and mental health services. Darren McKay, who heads up F4 IT, has always put protecting data and securing the network boundary at the top of his list of priorities. Darren believes that while the primary threat focusses on perimeter defences, there are equal concerns that exist within the network – and to help him address these threats, he chooses WatchGuard.

"Boundary controls using military-grade WatchGuard firewalls and the WatchGuard Security Suite provide us with confidence. There is no room for complacency and we need to consider the risks that exist inside networks as well as those beyond the perimeter."

Solution

F4 IT manages two datacentres to provide full resilience and complete security failover. Each datacentre is protected by a WatchGuard M4600 Firebox, while some 20+ remote sites each have a WatchGuard M200 appliance.

As those affected by WannaCry now know, updating software is critical and Darren asserts the importance of centrally distributed software updates for datacentres and clients, along with endpoint encryption and AV, saying, "You simply cannot overlook the basics." To this end, F4 IT clients, benefit from the WatchGuard Total Security Suite, which includes all the traditional network security services such as IPS, GAV, URL filtering, application control, and reputation enabled defence, along with advanced malware protection, data loss protection, endpoint and network threat correlation and the ability to act against threats using the WatchGuard Dimension network visibility platform.

"We need intelligent tools to provide real-time network visibility and with Threat Detection and Response (TDR) from WatchGuard, we can fully monitor file and process activity at our primary and secondary datacentres with holistic visibility and, more importantly, control,” says Darren. "With this insight and level of control, we can manage risk. Our ISO27001 process helps to shape this activity and depending on circumstances, TDR can kill a process or quarantine a file as a precaution. We can then make judgements with the threat contained and fully controlled, keeping ahead of emerging threats."

Results

These protective measures were put to the test with WannaCry and passed with flying colours. In fact, Darren and his team identified suspicious network traffic from connected partner networks, advising them that they may be under attack. Using the WatchGuard IPS system, potential threats were isolated instantly at the IP level. Protection of data, especially patient records, is non-negotiable for Darren: "A compromised endpoint can be worked around with limited user impact, but a ransomed data centre may be unavailable for weeks. Creating a chain of protection using best-of-breed web filtering to control user access, intrusion prevention, application control, plus gateway, endpoint and data centre AV gives us defence in depth.”

“But technology alone does not protect. It must be layered, structured, policy-based and intelligently applied. An effective, dependable defence must be multi-layered, based on good housekeeping with the basics in place and underpinned by intelligence gathering to establish full network control.” Darren is clear, "Hard decisions need to be taken to maintain services and prioritise limited resources, but we will not compromise on security or safety of data for any reason."

F4 IT is now providing IT and support services to a wide range of other public and private sector organisations and relies on WatchGuard to deliver the same levels of security and protection. Darren and his team continually work with WatchGuard to make sure they are getting the most out of their appliances and look to add new services from Total Security Suite as they are available.

“WatchGuard helps us to stay one step ahead and avoid the unpleasant and costly consequences of another major attack such as WannaCry,” says Darren. “But we can never be complacent. Advanced technology is critical, but it needs to be matched with a mindset that is confident and firm, but not inflexible.”