Implemented continuous packet capture to log network data
Seamlessly integrated with existing SOAR and SIEM products
Gained increased visibility and higher fidelity of detection
The Story
Reducing Time to Detect with Limited Staff Using Network Detection and Response Tools
Asante Health is a southern-Oregon-based health care provider, with 200,000 customers and 6,500 employees across six hospitals. With such a wide range, maintaining a strong security posture is a big challenge. It's not just laptops and sensitive data—medical devices are also active on their production networks. These devices are hard to secure because the vendor configuration and installation standards leave Asante with the task of closing the gaps in their security.
The company's initial security control framework didn't have many solutions in place. Like many healthcare businesses, a major threat they were looking to mitigate was ransomware. ExtraHop Reveal(x) network detection and response (NDR) proved to be the final piece to put into their security orchestration automation response (SOAR) architecture.
ExtraHop provided Asante Health the data to make a good determination of whether an alert is a false positive or a legitimate incident based on the behavior of what it sees. The increased visibility and the higher fidelity of detections with Reveal(x) also allowed Asante Health's small security team to pinpoint and disrupt attacks before they could cause any damage.
One member of our team investigated a weird web request that Reveal(x) reported going on in an application. Based on further investigation and research—and doing some testing—we were able to find a serious SQL injection vulnerability in a product we were using. That points out that the tool is valuable for both threat hunting and vulnerability assessment.
Alfonso Powers
Director and Chief Information Security Officer,
Asante Health