Indeni Helps Trinity Health Keep Firewalls, And Humans, Healthy
Trinity Health is one of the largest multi-institutional Catholic health care delivery systems in the nation, serving diverse communities that include more than 30 million people across 22 states. Trinity Health includes 94 hospitals, as well as 109 continuing care locations that include PACE programs, senior living facilities, and home care and hospice services. Its continuing care programs provide nearly 2.5 million visits annually. Based in Livonia, Michigan, and with annual operating revenues of $18.3 billion and assets of $26.2 billion, the organization returns $1.1 billion to its communities annually in the form of charity care and other community benefit programs.
To secure Trinity Health’s network, the team has chosen to deploy a “defense in-depth” approach, with multiple layers of firewalls, intrusion prevention systems (IPS) and other technologies. The network operations team has chosen to deploy Check Point for firewall protection, and Palo Alto Networks for IPS. The team is 12 strong, supporting hundreds of security devices. Staying on top of the health and performance of these devices, and ensuring uninterrupted access to critical health data, has been a big challenge. To resolve it, the team at Trinity Health has chosen to leverage Indeni’s Crowd-sourced Automation Platform.
Priority #1: Problem Removal
To ensure a smooth operation of Trinity Health’s 94 hospitals and thousands of medical devices, the security team focuses on identification and removal of problematic firewalls and their configurations. This includes:
- Tracking Check Point and Palo Alto Networks health. Identifying if a device is experiencing, or about to experience, an issue that may result in an outage.
- Ensuring traffic requirements are met. Continuously tracking the performance of all devices to identify potential bottlenecks caused by overloaded firewalls.
- Quickly identifying and troubleshooting specific issues. Sometimes, very specific issues may impact the traffic of one application, or a certain functionality employees at Trinity Health depend on. The team is interested in identifying such issues as quick as possible and reducing mean time to repair.
“We are increasingly looking for ways to find performance issues. For any of the gear we’re operating, we want to make sure it’s operating efficiently. Through Indeni we are looking for ways to reduce the mean time to repair and get to quicker issue resolution.”
Indeni Helps Ensure Firewalls Operate As Intended
Indeni had been on Trinity Health’s team’s radar for a while. They were first introduced to the technology as a software that can help them run their Check Point firewalls more efficiently. The monitoring team was focusing solely on node up / node down, while the security team needed a more granular view of each of the firewalls. Specifically, they were looking to get more visibility into identifying common issues and confirming best practices are in place.
In addition, with the additional visibility provided by Indeni, the Trinity team was able to devise a seven-point check. This is a set of configurations and checks that need to be validated across the full deployment to ensure all devices have certain basic configurations set the same. Indeni automates the verification of the seven-point check across all devices, 24/7, saving the team a lot of time and potential grief.
Identifying a Network Issue Through Indeni’s Visibility Into Palo Alto Networks Wildfire Connectivity
For a while, Indeni had been notifying the Trinity Health security team of issues some Palo Alto Networks firewalls had in communicating with the Wildfire service. At the same time, a few users that are on non standard machines started complaining about issues. The times when Wildfire communication wasn’t working seemed to correlate with those users’ complaints.
The team set up another test from a separate server and started watching that test and Indeni’s tracking of Wildfire connectivity at the same time. This was important as the issue was odd and sporadic, requiring more data to pinpoint it. With Indeni’s help, the team was able to isolate the issue to a specific application with traffic handled by a dedicated proxy.
How is life without Indeni?
Without Indeni, all 12 firewall administrators were manually responsible for checking device health across two separate firewall vendors. If there was a problem with an application such as Skype, which is a primary source of customer facing calls, it would be quickly escalated to the firewall team to diagnose. Trinity’s networking team had visibility into node up and node down with Riverbed as their packet capture tool, but were unable to see if they had issues due to best practices not being in place.