Inside Track - getting to know the IT professionals

Editorial Type: Interview Date: 2017-07-01 Views: 3,161 Tags: Networking PDF Version:
Ray Smyth discusses managing IT risk with Darren McKay, IT Service Manager with NHS provider F4 IT (formerly CarePlus)

With NHS security looming large in newspaper headlines, I asked Darren how he protects data and the illusive network boundary. Following a Wireless technology seminar in 2010 he realised that, for the majority, the primary threat focus concerned perimeter defences, but Darren believes that the biggest threat exists within the network. He successfully embarked on a mission to gain ISO/IEC 27001 accreditation: "The process and accreditation are significant components of our successful track record."

Darren explains, "Boundary controls using military grade WatchGuard firewalls and the UTM suite provide us with confidence. There is no room for complacency and we know that Access Lists alone are inadequate; we need to consider the risk that exists inside networks as well as that from the outside. Other Public sector networks, even USB devices move the boundary inside. These risks, if overlooked, can create significant outage."

Public sector partners have visibility of the F4 IT data centres, "and potentially pose our biggest threat because we have no control over their network, devices or access: complacency establishes serious risk."

As those affected by WannaCry now know, updating software is critical. Darren asserts the importance of centrally distributed software updates for data centres and clients, along with endpoint encryption and AV, saying "You simply cannot overlook the basics."

"Cybercrime is the new big threat. I needed intelligent tools to provide real-time network visibility. We deployed Threat Detection and Response (TDR) from WatchGuard so that we can fully monitor file and process activity at our primary and secondary data centres with holistic visibility and, more importantly, control.

"Using this infrastructure insight we can review our WatchGuard Cybercon levels and, using the criteria we set, rely on TDR to manage risk. 27001 process helps to shape this activity, and depending on circumstances TDR can kill a process or quarantine a file as a precaution. We can then make judgements with the threat contained and full control, keeping ahead of emerging threats."

Darren explained that he was reassured when the NHS targeted WannaCry ransomware attack failed. In fact, he identified suspicious network traffic from connected partner networks, advising them that they may be under attack. Using WatchGuard's IPS system, potential threats were isolated instantly at IP level.

Protection of data, especially patient records is non-negotiable for Darren: "A compromised endpoint can be worked around with limited user impact, but a ransomed data centre may be unavailable for weeks." Creating a chain of protection using web filtering to control user access, intrusion prevention, application control, plus gateway, endpoint and data centre AV from different vendors, creates strength in layers.

"Visibility of low level activity that alone does not constitute a threat is one thing, coalescing it into understanding and action, another. Resulting actions may cause slight impact and disruption, but compared to that of a ransomware attack, it is the lesser of two evils."

Technology alone does not protect. It must be layered, structured, policy-based and intelligently applied: poor discipline and comfortable attitudes must be eradicated. Darren's approach illustrates that an effective, dependable defence has to be multilayered, based on good housekeeping with the basics in place and underpinned by intelligence gathering to establish full network control. A mindset that is confident, not complacent, firm but not inflexible and realistic is essential. Darren is clear, "Hard decisions need to be taken to maintain service and prioritise limited resource."

"ISO 27001 is critical. It reassures employees, clients and suppliers by shining a light into the darkest corners of the network. Because it is based on a cycle of continual improvement and review it creates confidence and peace of mind. We will not compromise on security or safety of data for any reason." NC