A leading provider of information technology and mobility applications and services for U.S. hospitals and health systems, including customized application development.
- Industry: Healthcare
- Geography: US
- Employees: 1,400
- Products Supported: ERP
The Client offers end-to-end healthcare IT applications, hardware and customization services, including business intelligence, disaster recovery and help desk.
Like most organizations, the Client must address a wide variety of security threats. In today’s world, bad actors use malicious servers running scripts that constantly probe for vulnerabilities to exploit all around the world.
“This particular exploit was a WebLogic deserialization Java vulnerability,” says the Client’s chief information security officer. “Basically, the attackers were attempting to install crypto-miner software that would let them use our servers to mine crypto currencies like Bitcoin. Vendor patches don’t effectively address all vulnerabilities,” the CISO explains. In fact, the Vendor patch released on April 17, 2017 didn’t fully mitigate the threat and systems continued to be breached.
“Plus you have to perform regression testing and take your systems down to apply patches before hackers find you. When we discovered a successful attack on some of our servers with a connection to the Internet we immediately placed a call to our third-party support provider, Rimini Street, for assistance.”
After identifying the nature of the attack, Rimini Street recommended Waratek, a Preferred Solution Provider working side-by-side to mitigate the threat.
“Working with Waratek and Rimini Street, we set up a demo scenario on a non-production server,” the CISO says. “They first used Metasploit to prove the vulnerability could be exploited. Next, we installed the Waratek Patch software, which blocked the exploit and gave us confidence to install in production.”
Because the Waratek virtual patching solution does not touch source code, there is no regression testing and no system downtime required.
“This approach protects our software much quicker than vendor patches and without disrupting operations. Initial installation was easy and took less than a day. Now that we’re familiar with the software, we could now set it up within an hour on a new server.” – Client’s senior security analyst
- Time-to-remediate CWE
- Support and maintenance savings
- Performance impact