Addressing Endpoint Security Threats for Your Health System


Bill Russell / David Maddox / Tina Thorstenson / Vik Nagjee

About this guest...

Share Now...

Share on linkedin
Share on twitter
Share on facebook
Share on email

Show Sponsor(s)

January 6, 2021: There used to be so many tools to fight cyber terrorism and cyber attacks. It was a nightmare. Increased complexity opens the door for human error. What is the industry trying to do around security today? What’s working? What’s not working? David Maddox of Saint Luke’s, Tina Thorstenson of CrowdStrike and Vik Nagjee at Sirius discuss their mission to stop breaches. What are the challenges of securing end point devices? The solution cannot interrupt the objective. It cannot stop patient care. It cannot get in the way. It has to justify the investment. It simply HAS to work. 

Key Points:

  • Zero trust framework [00:09:00] 
  • How do I protect the end points while still keeping everything inside safe and balanced? [00:10:45] 
  • The difference between signature-based analysis and behavioral analysis 
  • CrowdStrike’s Next Gen solution [00:18:15] 
  • CrowStrike helps organizations respond in 1, 10, 60. A minute to detect an issue, 10 minutes to triage it and 60 minutes to remediate it. [00:20:05] 
  • CrowdStrike
  • Sirius 
  • Saint Luke’s Health System

Addressing Endpoint Security Threats for Your Health System

Episode 348: Transcript – January 6, 2021

This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

[00:00:00] Bill Russell: [00:00:00] Welcome to this week in health IT solutions showcase where we explore solutions to challenges we face in health IT. Today, we’re going to take a look at responding quickly to endpoint threats. We’re going to do that with CrowdStrike. We’re also going to talk to a CISO for St. Luke’s out of the Kansas city area.

[00:00:22] And we have a returning guest, a security expert, and a director of healthcare for serious Vik Nagjee. So we’re looking forward to [00:00:30] that conversation. My name is Bill Russell, former healthcare CIO for a 16 hospital system and creator of this week in health IT a channel dedicated to keeping health IT staff current and engaged. 

[00:00:40] A quick note, we launched a new podcast Today in Health IT where we look at one story every weekday morning, check it out. You can just subscribe. It’s a different channel altogether. You go to wherever you subscribe to podcasts and you can go ahead and subscribe. It’s called today in health. It we’re going to be releasing five episodes. Just this week, Monday [00:01:00] through Friday, and we’ll do it again next week. So looking forward to that. We also have a new schedule for our podcast for 2021. Monday, we’re going to do news, Wednesday influence or solution showcase, and Friday we’re going to do our influence interviews. Be sure to check back for more great content now onto today’s show. 

[00:01:19] Today, we get really pragmatic on how to address the endpoint security threats. And we have three great guests with us. We have David Maddox, the Chief Information Security Officer with Saint Luke’s. [00:01:30] That’s St. Luke’s out of the Midwest, out of the Kansas city area. We have Tina Thorstenson. Is that correct? Tina? 

[00:01:39] Tina Thorstenson: [00:01:39] You got it. That’s it 

[00:01:40] Bill Russell: [00:01:40] Cybersecurity strategist with CrowdStrike and Vik Nagjee who is returning, who has been a guest on the show before a Director of Healthcare with Sirius. Welcome to the show. I’m looking forward to this conversation. It’s going to be a lot of fun. There’s a lot going on in cybersecurity. daughter just came home from [00:02:00] college and I, we were just talking about cybersecurity. And I know this is kind of weird. My daughter is 20 years old and we’re talking cybersecurity. That probably tells you more about me than it does about her.

[00:02:13] But, and she was saying, well, during the pandemic cyber terrorism and cyber attacks really have gone down. But that really isn’t the case is it? I mean, we’ve, we’ve seen a significant amount of activity over the last six to nine months. [00:02:30] 

[00:02:30]Tina Thorstenson: [00:02:30] We absolutely have. And at CrowdStrike we keep track of the adversary activity. We track more than 140 different actors. And we’ve seen more activity in the first half of 2020 than all the 2019 alone. And it’s just continued to go up. 

[00:02:48] Bill Russell: [00:02:48] Yeah. And we just have new information, new, new threats. We obviously, we just had this solar winds, announcements this week and a lot of activity going on there. All right. So what, [00:03:00] we’re going to talk specifically about endpoint security and endpoint threats. And David, I’m really glad you’re on the show. We are going to talk about what St Luke’s has decided to do, but before we go there, give us a little background on your health system. how big is your health system, and what’s your area?

[00:03:20] David Maddox: [00:03:20] Well, absolutely. And, thanks for having me. participate in this discussion. St. Luke’s is a health system that includes, 18 [00:03:30] hospitals and campuses across the Kansas city region. So we’re in, Western, Missouri and Eastern Kansas, a 64 County area that encompasses our service area. We’re particularly proud to say that we’re one of the nation’s top 25 cardiology and heart surgery programs.

[00:03:52] We’re also the nation’s leading stroke reversal program dedicated to preventing strokes and treating strokes. We’re really proud of some of those [00:04:00] accomplishments. We’re the region’s only treatment center for advanced breast cancer. And we also have a nationally recognized children’s behavioral health center.

[00:04:09] So we’re really busy. Needless to say, and we’re very proud of what we do,and the services we provide to the greater Kansas city area. And my team is particularly proud of the services we provide to the clinicians and the physicians to ensure that their, health care environment is safe and [00:04:30] secure, and we provide the services that our neighbors within the community expect from us. So we’re pretty big, not really big, but big enough to really be a major contributor to our community. And we’re really proud of that services. 

[00:04:47] Bill Russell: [00:04:47] So David’s give us a little, since we’re going to talk about endpoint security, number of endpoint devices, number of staff that you have total across the system and how big is the it organization?

[00:05:00] [00:05:00] David Maddox: [00:05:00] So let’s start with devices. We have about 15,000 devices that we’re tracking and managing on a daily basis. Our staff is about 13,000 employees. The IT staff is about 400. And the security staff is about 20 individuals. So, we compare to folks we benchmark ourselves against, we’re probably a little bit smaller from a staffing perspective but we leverage technology and services like CrowdStrike to help augment [00:05:30] our service offerings. And we’re pretty good at what we do. 

[00:05:35] Bill Russell: [00:05:35] That’s fantastic. So here’s what I’d like to do for this. I’d like to start, start out pretty broadly and just talk about the cybersecurity space and then move in a little bit and talk about the industry healthcare and the industry itself in the cybersecurity context.

[00:05:49] And then David, I want to come back to you and I’d really like to talk about how you’ve approached end point security. so before we get there, let’s talk about the problem and the challenge. [00:06:00] Tina. Let’s what’s the overall challenge that the industry is facing in terms of, not the industry, but just broadly. Cause you serve more than just healthcare. What are we seeing out there? What’s the challenge of really securing those end point devices? 

[00:06:20] Tina Thorstenson: [00:06:20] So Bill, that’s a great question. And you’re right. I serve not only healthcare, but the broader public sector, community and CrowdStrike is a [00:06:30] global organization with many, many customers across all industry verticals.

[00:06:34] So it’s such a great question to start with as we kicked off the chat here, the adversarial activity is on the rise. So there’s no question about that there are so many different organizations trying to disrupt the healthcare industry and the, and the broader industry [00:07:00] verticals and either just to disrupt or to steal, right? So as we’ve seen in the news, even, very recently, lots of activity out there. So the challenge is that, and David, I spent many, many years running some variety of IT and security operations. So I certainly understand your perspective, on this. The complex IT infrastructure just continues [00:07:30] to grow.

[00:07:32] So one of the big challenges is, we’re here to talk about end points today, laptop desktop servers, we call all of those end points, whether it’s in the cloud or on, on premise and each operational executive and practitioner has to manage this increasingly complex infrastructure, which I think is certainly a huge challenge for all organizations.

[00:07:59] And then the other [00:08:00] challenge in this space is that, until recently, the solutions they weren’t there. When I spent time as a deputy CIO and CISO for Arizona State University, most recently before changing careers and joining CrowdStrike. And, I got lots of battle scars from solutions that didn’t work out so great. But the great thing is they’re next gen solutions here now. And, so that, that frames up a little bit of the problem, I think. 

[00:08:30] [00:08:30] Bill Russell: [00:08:30] Yeah. And we’re going to talk about, about the CrowdStrike solution here in a minute. The thing I remember is just, there was so such a proliferation of tools. We had like 35 different tools trying to secure the end points. And it was just kind of a nightmare to try to manage all those tools. And anytime you increase complexity, you open the door for human error within the code base, all sorts of other things. Vik you and I have [00:09:00] talked a zero trust framework. We’ve talked a lot of security items on the show. Give us an idea of what the industry is trying to do around security. What does this year look like specifically in terms of what healthcare is trying to do and what’s working and what’s maybe not working at this point. 

[00:09:20] Vik Nagjee: [00:09:20] Yeah, I read somewhere the other day. I used to say that we’re in like the 76th day of March, but I read something even better that we’re actually at the [00:09:30] fifth year of 2020. So I don’t know if this year is like barely upside down, things keep changing, but a few things I think remain pretty clear as to what healthcare organizations are trying to do just around security I think. 

[00:09:46] There’s been a big shift and it’s happened over a period of time. But this year, I think it’s really accelerated it where this notion around, protecting the perimeter and focusing on the data center related technologies for security, [00:10:00] I think has changed. The mindset has changed and David can correct me here as we go along.

[00:10:05] But I think that this focus around, the new perimeter being identity, being the person, being the end points, really with, with the focus on, those, those seem to be the easiest ways in. Like, if you study any of these malware related attacks or any of the attacks, sort of on one side, all a lot of them are starting from [00:10:30] straight phishing, right?

[00:10:30] So these are things that get impacted or come in from proliferation of, or a compromise, of individuals and these individuals are working on end points. So this whole notion around how do I actually protect the end points while I still keep everything inside safe and balanced. That’s number one, and then operationally, and I think we just touched both Tina and David touched on this and you did too, Bill. Operationally, given the sort of smorgasbord or [00:11:00] hodgepodge or whatever you want to call it, of all these tools and technologies and capabilities and applications that we have inside of healthcare that have to be very carefully orchestrated and balanced, you add something else on, and it’s just a little bit off kilter and it kind of like breaks the whole balance. And now suddenly you have performance issues or your application doesn’t run. So then what’s the standard answer? Is it my applications should be exempt from AV, my application should be exempt from whatever, because it’s not going to work if you don’t do [00:11:30] that. Well, then what’s the point, right? 

[00:11:32] I mean, if you actually go and read some of the solar wind stuff, like part of the reason why it got as far as it did is because the specific instructions were that these binaries and these applications themselves were exempt from any of the other tools that may or may not have caught issues that were going on with this particular tool, simply because it’s like, it just won’t work if you scan this right? 

[00:11:57] So long story short. And I think in healthcare what’s [00:12:00] happening is people are starting to get to the point to say, okay, this whole malware thing is really getting asked to start to think about like endpoint protection. We have to do that, but we have to do it in a way that doesn’t break everything else and we have to be able to operationally manage it. And we really need something that’s not going to completely crush the environment. So that’s kind of how I see it. 

[00:12:22] Bill Russell: [00:12:22] Yeah. So David let’s come back to you. I assume some of this stuff resonates with you in terms of the challenge. [00:12:30] What was the specific challenge that you were trying to address at St. Luke’s and how did you go about addressing it first?

[00:12:37] David Maddox: [00:12:37] I feel like, after listening to Vik, I need to put a little bit of money in the offering plate, because what he’s saying rings so true to, but the challenge is that, that we, we face every day from an end point perspective. The the device you provide an employee is, is just as personal as their cell phone or their tablet or [00:13:00] something else.

[00:13:00] So what we’re sitting in and the challenge we were trying to solve with this particular solution was, we needed something that, that really went across, a wide variety of platforms and operating systems and to Vik’s point, we need this, something that was fairly, seamless and that it had a really small footprint. So we have, and we continue to have, or we will always in my belief have some kinds of malware [00:13:30] threat at the end point and you need a solution that you feel confident and that can not only detect, but provides you the capabilities to quickly remediate. And, and that was our number one objective.

[00:13:43] But at the same time to, to ViK’s point, it cannot interrupt the objective. So it cannot stop patient care. It cannot prevent a person from sending an email. It can not get in the way, because at some, at a certain point in time the end user [00:14:00] or even your peers on the technology side, lose confidence in that system.

[00:14:05] And then it becomes the default. When we troubleshoot is we remove AV or we turn this off and that’s not what we want. So I’ll just share with you. We had some very core principles when we were selecting a solution and they were really around broad coverage. As I’ve mentioned, a small footprint, we wanted a very effective and intuitive management [00:14:30] console because you got a lot of people with different skillsets who may be at some point in time required to help us  determine a problem. We want to clearly define remediation playbook. So if you see something based on the asset class, here’s what you do. and then we wanted a capability to collaborately threat hunt. So once again, we have a certain set of skills within our environment that allows us to identify things based on certain behaviors.

[00:14:59] But by [00:15:00] incorporating, an intelligent set of tools, we’re also able to lean on some very smart, intelligent experts that say based on what we’re seeing in your environment and the past behaviors, here’s things we recommend you either address or how you tune our system to be more effective, et cetera.

[00:15:20] But we wanted that extra expertise to help us stay, sharpen in our efforts to protect the system. And then the last thing which is most important is [00:15:30] we have to justify the investment. So we want an SLA or something that helps us verify that the money we’re spending is effective. And we want metrics to show that the controls we say are in place are actually in place and they’re effective.

[00:15:44] Bill Russell: [00:15:44] So interesting. So you ended up going in the CrowdStrike direction, as you mentioned earlier. and so here’s what I’ve heard so far from you. I heard, lightweight so that, lightweight agent so that it wasn’t intruding with, [00:16:00] the, just the normal care that is going on. It wasn’t impacting clinicians.

[00:16:06] It wasn’t impacting their workflow. That was number one. And number two broad set. Right? So we’re not only putting it on windows seven. We might be putting it on windows 10. We might be putting it on just a ton of different devices. So you needed a broad set there. You wanted to elevate your team to really be able to identify those key events that [00:16:30] you needed to look into and do threat hunting. Am I on track so far?

[00:16:35] David Maddox: [00:16:35] You’re right. So to your third point, those indicators of compromise most AV systems out there will say, Hey, there’s something on your system that’s been identified by a signature of some sort. The difference between a traditional solution and crowd strike is crushed. Strike is looking at the behaviors that are displayed with or within that device.

[00:16:58] So it may say, [00:17:00] Hey, we’ve seen executable FIHR. It’s running a script it’s going out or is trying to make a call to an IP address, or it’s trying to do this set of things that are either abnormal or that have been verified to be malicious in nature. Those are the things that you don’t necessarily get with a traditional solution.

[00:17:24] And that’s why we felt it was very important for us to get to really the next level of [00:17:30] end point protection that allows us to not only say, yeah, we, these are known indicators and own hashes known bad things. We know those, the community shares that information. We push that out as quickly as possible, but there may be tactics that are new that we also need to be aware of. And CrowdStrike is smart enough to say these tactics have not occurred in your environment before either. We’re confident that it is something that we need to get [00:18:00] off of the machine, or let’s collectively work together to determine if it’s legitimate or not. And if it’s not, then we will add that those indicators to our set of services and going forward, when they see it, we will know what to do about it.

[00:18:15] Bill Russell: [00:18:15] So Tina, that’s the difference between signature-based and behavioral? Sort of behavioral analysis of what’s actually going on on the device. I remember those signatures, we used to always update them and then something new would come out and it wasn’t [00:18:30] really looking for it yet. So it was sort of, we sort of had to know what we were looking for before we could find it. But now that sort of changes the game a little bit. Talk, talk about talking about that solution. 

[00:18:41] Tina Thorstenson: [00:18:41] Absolutely. So David’s absolutely right. I mean we were on a. Mission and, and it cross, like we say, we are on a mission to stop breaches, right? We are, not leveraging, secret signature-based technology at all.

[00:18:59] We do [00:19:00] have what you might consider traditional AAV leveraging machine learning, to proactively, stop attacks that have malware incorporated in them, but what we’ve seen and it continues, to, to be on the rise is that the number of attacks that have a malware included in them is diminishing. It’s now less than half of the attacks we see. Right? So solutions that are only going after the malware based, attacks are missing a [00:19:30] lot of the problem. So the. The solution that, that we have, we call it the next gen solution born in the cloud, designed for the cloud. we collect the telemetry of the sensors that are deployed across millions of devices or around the globe.

[00:19:46] And, and we leverage that data to protect organizations. So, where we can see indicators of attack, interestingly, as we track these adversaries, they [00:20:00] follow similar patterns each time. Right. So our thinking is that if we can help organizations respond in what we call a one ten sixty. A minute to detect an issue, 10 minutes to triage it, and 60 minutes to remediate it, to resolve the issue completely.

[00:20:18] Organizations can get out in front of the vast majority of attacks on their system before they get to the point of having safe Phi be exfiltrated [00:20:30] or any other sensitive data that they wouldn’t, wish to have out, or, maybe the adversary is just after disrupting, Organizations, certainly we wouldn’t want that to happen in the healthcare environment.

[00:20:42] We’ve seen some recent news that way as well. So, so we created a next gen solution. Single, lightweight agent as David has alluded to that doesn’t require a reboot. the, the doctors and nurses and the staff, they don’t have to do anything to, to, activate this, this [00:21:00] solution. And then David’s team, especially the security team can focus on those behavioral activities that, That that come in from the CrowdStrike solution and, and resolve things, without the, the hospital, really even understanding that, that these things are going on behind the scenes, because we do it in such a non-disruptive way. 

[00:21:25] Bill Russell: [00:21:25] Yeah. Vik, I want to come back to you and David, I’m going to come back to you and, [00:21:30] talk to me about, Talk to me about architecture and overload, right? So we sort of alluded to this earlier when you reduce the number of solutions, it sorta makes you feel like you’re not covering everything. But in reality, when we simplified the solutions it appears more and more like we’re looking at the right things instead of. Having point solutions for 20 things. We’re now looking at the behaviors of [00:22:00] what’s going on in the cloud and on our network. So we’re able to do things, talk about the architecture moving forward. Why a cloud solution? Why is the lightweight agent? Why does all this stuff works for healthcare. 

[00:22:13] Vik Nagjee: [00:22:13] Yeah. Good question. I think that there’s a couple of different things, so there’s the technology aspects of it that we talked about, but then there’s also a couple of things that Tina mentioned, and David also alluded to, which is around the people process aspects.

[00:22:26] I want to touch on all three of those to say, how does this. [00:22:30] How does this sort of a partnership, if you will, between a health organization and a CrowdStrike, how does it actually become a one plus one equal to six sort of thing? Right? So technology, you simplify it, you have a, a fewer panes of glass that unicorn of the single pane of glass, right.

[00:22:49] We’ll leave that aside, but fewer panes of glass makes it a lot easier for you to be able to know what’s going on in your environment and assuming you’ve picked a [00:23:00] solution that is, has high fidelity and can detect anomalies that are not just coming off of a dictionary when you fed into the system, which is very old school, right.

[00:23:10] It’s more around behavior and anomaly detection. And so on. Like we just discussed. then you can have a high level of fidelity and confidence in the fact that this platform will find things that are not seeming to be normal, and you can do something with it, like the 1 10 60, that coupled with [00:23:30] the lightweight aspect of it, the thing that you can actually go in and convince people to say, you’re not going to need to reboot where I put it up there, we’re going to monitor performance. We’re going to make sure that that elaborate trade performance is good people aren’t going to complain. And if they do the work through it and resolve it and build the confidence, the cybersecurity function builds confidence across the rest of the organization. 

[00:23:51] That’s the one technology piece. I think that the healthcare organization can really benefit from, by simplifying the rest of the stuff that they have employed for the various [00:24:00] agents. The second piece. And I think this goes in tandum is the combination of how CrowdStrike has built this entire thing, you know in a cloud first environment, which allows them to use their, every single one of their global customers and every single thing that they see across these global customers as the base for your environment.

[00:24:23] So you might be, St. Luke’s that’s running in the Midwest, in the U S but you’re [00:24:30] benefiting from all of the anomalies that CrowdStrike is seeing across the bowl in your real time. This is not like at ETL process where they’re like, Oh, I’m going to batch out stuff that I’ve seen over the last six months and then feed a repository to say, Oh, if you see something like this, Then you should do something about it.

[00:24:49] Bill Russell: [00:24:49] So we don’t have to rely on David and his staff to do something 

[00:24:54] Vik Nagjee: [00:24:54] Exactly. Right. But, but it’s a combination and a partnership. That’s why it’s so important because David and his staff, knowing [00:25:00] the health system better than anybody else ever could. Right. So bringing those things together to say, okay, we’re seeing something go on.

[00:25:09] It seems like one of those things that we’ve seen go on and, Wherever which country picked, picks up country seems to be something similar going on here. Now let’s work with the staff locally to say, Hey, let’s go look at this thing and say, is this really that? Or is this something different than it looks kind of like that?

[00:25:26] And then if it’s POS Pata, that’s fine. Cause there’s few of those, [00:25:30] but better err, on the side of caution than to just shut the system off and then, impact care. I think that’s the, that’s the people process side. And when you put all those things together and you have the simplicity of the solution, the waste deploy, the less, the, you don’t have a big burden in terms of deploying and monitoring, et cetera.

[00:25:47] I think that the, and then that’s when you bring the, it who’ve been as well, right? Because they’re responsible for a lot of the deployment and management and networking and so on. I think a combination of both really is what helps the [00:26:00] organization move forward. 

[00:26:01] Bill Russell: [00:26:01] Yeah. And David, I want to talk to you about the people side of it, which, which Vik just brought up. I want to talk about the experience of your team, because you are the quintessential case of you did outsource a portion of this to CrowdStrike and then elevated what your team’s doing, which is the promise, we always say that about outsourcing. We’re going to bring to elevate the team. And you’ve been able to do that. Talk about that a little bit. 

[00:26:27] David Maddox: [00:26:27] Well it’s a learning process. [00:26:30] I, I will have to admit that when we first started to consider the complete Falcon solution, my team was a little apprehensive because the first question is the state, can they respond fast enough? But, as part of the partnership that you understand that, an organization like CrowdStrike brings a very high level of expertise to the table. 

[00:26:57] And what we’re looking for is [00:27:00] really, trying to address the problem, which is how do we quickly resolve pinpoint issues. What I will share with you is when we first entered into the agreement and we started to configure the solution, we would see alerts pop up on the console, just like the Falcon team would see them.

[00:27:17] And then the tendency was for us to just jump in and try and resolve them. but what we found out is we may be in the midst of trying to figure out what was going on and CrowdStrike sends us an [00:27:30] alert and say, Oh, by the way, we have remediated the system. And so what I was sharing with you is you’re exactly right.

[00:27:37] We decided that we were going to let the experts do what we engage them to do and leverage that relationship to learn how to get better at the areas that we needed to get better in. And that’s actually bread honey. And what’s really interesting about how the dynamic evolved is we can pick up the phone and there are times when we’re on [00:28:00] the phone with CrowdStrike three or four times a week, not necessarily a bout a specific end point issue, but Hey, something has come out. How do we use the tool to understand what the indicators of compromise are? And then how do we make sure that our systems and our protections are protected? And that’s the value that. a service like cross dried brains because we have an exercise. We call LOE every time an alert comes out, we want to understand as quickly as possible what our [00:28:30] “level of exposure” is.

[00:28:31] And so from a desktop perspective, we can quickly go to the console. CrowdStrike has a community of threats that are out there. So I can go read about any of the threat gangs or anything that’s going on along with the indicators of compromise. And I can search my system to see if that’s even shown up in my environment.

[00:28:52] Those are the value asks that we didn’t do before. So not only do they provide a service that remediates at the desktop, they [00:29:00] also provide information on the back end where we can actually learn this particular variant of ransomware may not specifically be applicable to your environment. We haven’t seen it in the healthcare environment.

[00:29:13] Bill Russell: [00:29:13] So your threat hunters are actually being proactive, looking at you. 

[00:29:19] David Maddox: [00:29:19] Yeah. Proactive, but they have expertise behind them that can also help them look in the right place. So it’s kind of cheating on an Easter egg hunt, because if, if you have somebody to kind of tell you where to [00:29:30] look, you’ll probably find the eggs and that’s what CrowdStrike is. I guess helping us do. Is we’re not just hunting. We’re hunting intelligently. 

[00:29:39] Bill Russell: [00:29:39] Yeah. So Tina talk a little bit about, I think the solution is called the Falcon solution. Is that correct? That would, that would make sense. So talk a little bit about that. I mean, one of the things that we heard was after hours support and the first thing that comes to my head is, how many of the attacks actually happen after hours? Probably a majority, I would [00:30:00] imagine. Talk about that service and how it helps an organization that maybe only has 20 people trying to cover 13,000 devices across 60 counties. 

[00:30:11] Tina Thorstenson: [00:30:11] Absolutely. Bill. So essentially what we’ve done at CrowdStrike is we’ve flipped the model, the old model, was that, security companies would come in and maybe  even in 24 /7 service [00:30:30] just fire off alerts. and, and that generated a lot of alert, fatigue. when you, if you can imagine the, the user experience for the analysts at the customer, and not even knowing where to start, because the alerts are coming in so fast, they don’t know which ones are false positives, which ones are high fidelity alerts.

[00:30:52] So we completely changed that model. We only send high fidelity alerts and we only send, [00:31:00] those that we haven’t already resolved. You can get to those to David’s point. You, you can, see where the, tax services has been. BUt what we offer in addition to a suite of products that, an organization can deploy through the help of Alliance partners, like a serious with a Viktor on the call with us today, Beyond that this Falcon complete [00:31:30] option is basically designed to be an extension of the security team to allow the internal teams to do more high value things that are very specific to their healthcare organization and allow CrowdStrike to do what CrowdStrike does best, which is basically minimize the attack surface that you see coming in, that people have to pay attention to. Anyway, let technology do what technology does best, immediately protect where, wherever we can detect and respond quickly again, within that [00:32:00] hour timeframe and, David and each one of our customers can see exactly how quickly we’re responding and on each one of those.

[00:32:07] And, we work hard to, to respond well within that, that threshold. And then, mitigate things before they turn into a breach, because as David was talking about, when you see, when we see an executable fire up, that just doesn’t look quite right. If we can stop it there, before the reconnaissance [00:32:30] happens, because once an adversary gains a foothold, they look around to see what they can do, what, what can they monetize?

[00:32:35] What can they disrupt? And then they’ll just deploy additional technology. And if we can stop them at that front gate, that’s huge. And that’s what the complete team does and much like we’re seeing. play out right now this week with some of the recent announcements, we follow the same methodology.

[00:32:54] We, we put a blog up recently this week, straight off the Crosstrek page. [00:33:00] talking about how, The adversary is taking this identity centric approach. And I think it was Vic, you mentioned it early on. I call it, if you can just ask somebody for their car keys and walk away with it, why, why not?

[00:33:16] I mean it’s the simplest solution for an adversary, to, to walk in and look like, look like a legit user and a, what. What a Crosstrek is about is pairing what we’re seeing, the activity we’re actually seeing go on on the [00:33:30] device, with the identity of, of who is logging in and what they typically do. that behavioral piece to see if it’s. If it looks legitimate or not. 

[00:33:42] Bill Russell: [00:33:42] Yeah. One of the things I want to close with, I’ve been asking guests of the show, a variation of this question over the last, a couple of months. And that is, what do you think the lasting impact on, [00:34:00] healthcare it is going to be as a result of what we’ve experienced over the last 12 months as a result of the pandemic, what’s going to be the lasting impact. Do you think on health? It, I guess Vic, I’ll start with you, David, I’ll end with you, Vic, what what’s, what’s the lasting impact of the pandemic on health IT? 

[00:34:24] Vik Nagjee: [00:34:24] Things are, things are going to move a lot quicker, just because we’ve demonstrated [00:34:30] that we can do things quicker and better, How any of those pick any of those examples sort of showed us that we could do that. The things that would take a couple of three years to do we’ve been able to do in months second, is I think the whole notion of the cloud and cloud scale, even if you don’t pick your stuff up and move it up to the cloud, but just learning from cloud scale type things like CrowdStrike, I think has become very, very important because the landscape [00:35:00] that you have to.

[00:35:01] Focused on previously used to be fairly local, but now it’s like a global landscape, especially when you think about security rights crew related things. So I think, and then there’s a whole bunch of variations amongst those, you know, remote work, et cetera, et cetera. But I think this whole notion around, identity being the new perimeter and how to security tie in, I think those are things that are going to change that have changed and will continue to sort of evolve as we go forward, that’s [00:35:30] that’s just how I see it. 

[00:35:31] Bill Russell: [00:35:31] Yep. Tina lasting impact on health it as a result of the pandemic or, or health it security as a result of the pandemic. 

[00:35:39] Tina Thorstenson: [00:35:39] Yeah, lasting impact, innovation opportunities are being fast-tracked. We’re seeing that, are already pick up, much like Vic was mentioning these digital transformation efforts underway to simplify the technology infrastructure, kind of where we started and also leverage the new tools and solutions that are, that are there [00:36:00] today that weren’t there.

[00:36:02] Know, just a short time ago and the second thing in terms of lasting impact. And I think it’s representative of the group you brought onto this call today is this community aspect where we’re all working together to bring solutions, to defend against the adversary. Since we’re having a security conversation or help solve it, health, hygiene, issues. And, it takes a village. 

[00:36:29] Bill Russell: [00:36:29] And David, we’re [00:36:30] going to give you the last word lasting impact on health it or help it security as a result of the pandemic? 

[00:36:37] David Maddox: [00:36:37] Well, I’d say there’s a couple of things. One in particular that we’ve seen within our health system is that the patient is now comfortable with, virtual visits.

[00:36:45] And so, the, the old paradigm of I’ve got to get to a hospital, or I’ve got to get to a doctor’s office to see my physician. has changed and this changed significantly. We’ve seen the number of telehealth visits skyrocket as a result [00:37:00] of the pandemic, maybe because you still have to see your caregiver and we’re building models now that are fast tracking, providing care in non-traditional, which will soon be traditional models, whether it be at home or in other places outside of the traditional locations.

[00:37:18] So that kind of dovetails into what Vic is saying. The, the, the locations where we provide service, deliver service, access service are no longer in those traditional places. So [00:37:30] identity is crucial. The other piece that I would say to that is the patient identity is just as much a part of our ecosystem going forward as a clinician or an administrative assistant or someone else they’re all within that one ecosystem now.

[00:37:46] So we have an even greater responsibility. To protect the identities that are assigned to us or that are within our realm of care. So the challenges are growing exponentially. People are moving quickly. [00:38:00] They’re dispersed the devices they use are just as diverse as the people we treat, but the expectations are still the same, no matter who it is, whether it’s a patient or a administrative person or whatever the expectation is that their data is secure. Which means we’ve got to have some pretty sophisticated tools that are portable and, that don’t interrupt patient care. So things are dynamic and they’re changing fast, but, and I don’t see them going back into the, to the old ways. 

[00:38:30] [00:38:29] Bill Russell: [00:38:29] Fantastic. I want to thank the three of you for sharing your experience and wisdom with the community. A great solution. Really appreciate what you’re doing at St. Luke’s what you’re doing at CrowdStrike. And Vik always loved having you on the show. and just knocking it back and forth and hearing what’s going on. You look a little tired Vik. Is there a lot going on right now? 

[00:38:56] Vik Nagjee: [00:38:56] I am a little tired. That’s for another day.

[00:39:01] [00:39:00] Bill Russell: [00:39:01] Yeah. The, it’s it’s interesting. Cause we had sort of a break when, when we searched early on, like people didn’t know what to do. People were going home and there was this sort of lull. And then it has really picked up towards the end of this year. So hopefully the health it staff has got a chance to get a break or we’ll get a chance to get a break. We’re actually recording this before the holidays it’ll air after the holidays. But hopefully people got a break over the holidays. Hey, thanks [00:39:30] again for your time. Really appreciate it. All right. 

[00:39:32] David Maddox: [00:39:32] Thanks for the opportunity.

[00:39:34]Bill Russell: [00:39:34] What a great conversation. I hope you enjoyed it and got as much out of it. As I did. If you know someone that might benefit from our channel, please forward them a note. They can subscribe on our website this week, or wherever you listen to podcasts, Apple, Google, overcast, Spotify, Stitcher. You get the picture? We want to thank our channel sponsors who are investing in our vision and mission to develop the next generation of health IT leaders, VMware Hill-Rom and Starbridge [00:40:00] advisors. Thanks for listening. That’s all for now.