What You Don't Know Can Hurt You
In the meantime, though, the agentless characteristic of the SecureFusion application suite appealed to Ramadoss for several reasons. It has a minimal impact on the network and, said Ramadoss, it allows him to discover assets he otherwise wouldn't know exist, such as rogue devices and improperly licensed or risky software.
"It goes and pings the box itself and finds standard MAC [media access control] addresses," he said.
SecureFusion also allows Ramadoss to blacklist certain IP ranges (those corresponding to the biomedical devices) to protect the network until he's certain that the process won't impact performance.
Including biomedical equipment in the asset discovery process will be the second phase of the SecureFusion implementation; next, his team will use SecureFusion to identify and remediate security vulnerabilities, followed by policy and process management.
To cost-justify the expenditure, Ramadoss argues that SecureFusion software management tools will help the hospital reduce licensing costs, and that the product itself is less expensive than a battery of point solutions "that are not completely configured."
His trump card, though, is that "I'm staying in business by being HIPAA-compliant."
Do you have a Real-World Road Map you'd like to share with eWEEK? Contact Deb Donston at firstname.lastname@example.org.