MDV Deployment Detects, Blocks Targeted Threats Embedded in SSL Data without Sacrificing Performance

One business of Medical Data Vision (MDV) is enabling the healthcare community to leverage clinical big data to revolutionize data-driven medicine. To protect its systems and massive data assets from cyberthreats, the company chose F5® SSL Orchestrator™ running on F5® BIG-IP® Platform to augment its primary anti-threat appliance. The combination detects and blocks even attacks obfuscated in SSL streams, and it does it without sacrificing performance. The deployment is now an essential element of the company’s business infrastructure and contributes to maintaining a major competitive advantage: the painstakingly built trust of customers.

Background

Effectively leveraging clinical data is a critical to improving the quality of health and medical care. Analyzing clinical big data promises to advance the development of new drugs and help doctors diagnose and treat disease better, and estimates anticipate a market worth some ¥800 billion by 2025. Another issue Japan’s healthcare industry faces is enhancing efficiency: a good 70 percent of hospitals and clinics operate in the red, a situation exacerbated by the ministry of health’s implementation of a new remuneration scheme {known as Diagnosis Procedure Combination/Per-Diem Payment System (DCP/PDPS)} that seeks to cap payments from insurers to care providers by paying fixed fees based on ailment and treatment rather than the traditional payment-per-visit scheme.

Established in August 2003 to help bring about a data-driven revolution in medicine, MDV is in the business of addressing challenges like these through two pillar categories, data network services and data analysis services. The former entails providing business systems for clinics and hospitals and amassing anonymized clinical data, and the latter analyzes the collected data and provides the results. And demonstrating its commitment to working proactively to further expand the business of putting data to work, in 2016 the company also launched a monitoring solution called CADA-BOX that lets patients track some of their medical data themselves under the banner of “putting treatment data in the patient’s hands.”

Business Challenges

Enterprises that seek to put clinical data to work in these ways are still a rarity. MDV’s databases contained data on 20.8 million patients at the end of November 2017, a practically unsurpassable head start on competitors. Achievements like this are awing markets, too, and MDV was listed in the First Section of the Tokyo Stock Exchange in November 2016.

But all this success helped highlight a major business challenge: bolstering and ensuring the security of in-house systems. “Even though the data is anatomized, we handle clinical data, so security is a backbone of our business systems and we have to focus intensely on maintaining it,” says Senior Manager and Sakura DB Division Chief Yukihiro Watanabe. Explaining that MDV was already certified for information security management systems and had single sign-on and other defenses in place to ensure against unauthorized accesses, he continued: “The threat of targeted cyberattacks is an ever-growing one that forces us to always stay a step ahead. We decided to deploy a system that would provide even more robust security than ever.”

One of the things Watanabe and his team explored was ways to visualize and block data being sent to an attacker’s site from malware-infected devices and servers inside the company. MDV deployed FireEye NX to solve this. But the company still needed a solution to deal with a compound issue: a recent trend in targeted attacks is to hide payloads in SSL data, and decrypting and encrypting SSL streams tends to negatively impact overall system performance.

Solution

To address the SSL processing challenge, Tokyo Electron Devices (TED), MDV’s FireEye NX deployment partner, recommended combining BIG-IP platform with FireEye NX and running SSL Orchestrator to handle SSL processing. MDV decided to do so by situating BIG-IP platform ahead of its firewall and running it in in-line mode. Outbound SSL data transmissions are decrypted and passed to FireEye NX, inspected, and then SSL-encrypted again before being sent on their way. “Using SSL Orchestrator to do SSL processing on BIG-IP Centralized Management lets us visualize and block traffic from threats ensconced in SSL streams without having to worry about sacrificing performance,” says Watanabe. “Another deciding factor for us was that F5 partnered in October 2015 with FireEye, which gave us further confidence in our choice.”

TED did the equipment installation and set-up work, and before the deployment it built a validation platform in-house and verified proper operation in an actual physical environment. “TED’s engineers actively participated in the undertaking with dedication suggesting that they thought of themselves as MDV employees. And now that the system is up and running, they ready to help us resolve any new issues that might crop up,” says Watanabe.

Benefits

Early detection of and responses to even targeted attacks

The pairing of FireEye NX with SSL Orchestrator on the BIG-IP platform enables rapid detection of threats in SSL data bound for command-and-control servers that the firewall alone could not catch. Since the total blocking of targeted attacks is close to impossible, the system can identify in downstream data any malware that may make it past initial defenses so it can be dealt with early and promptly. And to maximize on this benefit, MDV is organizing an in-house computer security incident response team.

Accumulated logs can be leveraged in digital foraging

The BIG-IP applications can acquire and amass communications logs and send them to external administration systems. MDV says that, down the road, it might start leveraging log data it has accumulated in digital foraging when security incidents occur.

Stronger accountability and customer trust

The ability to respond early and rapidly to targeted attacks in conducive to maintaining the confidence and trust that MDV has painstakingly built with hospitals and clinics: “The security system setup we’ve deployed is an indispensable part of MDV’s infrastructure from business-development and business-continuity perspectives as well,” says Watanabe. “It contributes significantly to growing business through a virtuous cycle by enhancing the trust between us and customers, which It contributes significantly to growing business through a virtuous cycle by enhancing the trust between us and customers, which in turn enhances our strength in data because customers entrust more of it to us.”

logo
Challenges
  • Augment primary anti-threat appliance with SSL inspection
  • De- and encrypt SSL data without sacrificing performance

Benefits
  • Detects and blocks threats hidden in SSL streams
  • De- and encrypts SSL data without sacrificing performance
  • Enhances security of backbone systems
  • Helps maintain competitive advantage
Products