Medical Devices
K&U logo- white green

Medical Devices

Audience: Healthcare Security Teams: CTI, Vulnerability, CISO

Challenge

The CISO of a large healthcare provider requested analysis on threats to the company’s medical devices so that the leadership team can develop a proactive threat mitigation plan. The analysis team uses Avalon’s integration partner data to assemble a thorough picture of the threat, along with a targeted list of indicators that can be used to surgically remove the vulnerability from the network without disrupting key services.

Avalon Collaboration

Analysts assemble in Avalon in order to coordinate and collaborate with each other to understand what threat actors are discussing medical device vulnerabilities in the Deep and Dark Web (DDW). An analyst creates a Forum Post entity and labels it “medical device vulnerabilities”. The analyst then runs the Flashpoint Intel and FireEye Threat Intelligence enrichments. The enrichment surfaces a number of DDW forums where threat actors are actively discussing the vulnerabilities and how to exploit them. The DDW data enrichments also provide related indicators of compromise that are listed in the forum posts.

The analyst then begins to use the reporting feature in Avalon to begin to map out threat actors and forums while communicating in the Interact feature of Avalon collaborating with the other analysts on what additional indicators have been discovered. The analysts then identify a suspicious domain and enrich the domain with the Flashpoint, Farsight, Cofense and Crowdstrike datasets and discover numerous Intelligence reports, IPs, Domains, and malicious hashes. These can be used for further reporting to the CISO, and IOCs can be exported for use in defensive tools. The team is able to collaborate on the workspace in real time, with other analysts’ work and results instantly displayed to all team members.

Outcome

Real-time collaboration enabled a broad investigation into a critical security topic, generating a report for CISO business resiliency considerations and a list of actionable indicators for export into security tools that could be further investigated with Avalon.

  • Multiple levels of investigation were made possible through concurrent workstreams in a single workspace and seamless communication through Avalon’s built-in chat feature
  • Teams were able to quickly and efficiently build off of each other’s work to produce actionable intelligence
  • Malicious domains, IPs, and hashes were easily exported to security tools to prevent data from being compromised

About Us

King & Union is a cybersecurity company that has built and designed Avalon, the industry’s first cyber analysis platform. The Avalon Cyber Analysis Platform helps analysts streamline threat investigations by providing the intelligence, tools and collaboration security analysts need in a seamless, integrated workspace.