Security Consulting and SIEM Implementation for a Large Healthcare Organization
The End Customer is a large healthcare organization with the staff of more than 4200, based in Westchester, USA.
The End Customer needed a SIEM solution to provide log management capabilities, deep healthcare data analytics, and comprehensive customizable reports to be compliant with generic regulations of the healthcare industry in the US. It also needed to achieve a better visibility of internal processes. IBM Security Information and Event Manager (TSIEM) was chosen as the target implementation platform because of its stability, advanced human-understandable General Event Model and compliance reporting capabilities.
The End Customer brought in a Partner - a USA-based IBM Premium Business Partner and IBM Partner World Beacon Award winner, to oversee the project. The Partner turned to ScienceSoft for the expertise in designing, customizing and implementing SIEM solutions. The Partner selected ScienceSoft because of its strong background in the SIEM for healthcare area, and particularly, profound expertise in SIEM since 2004.
ScienceSoft involved a team of two SIEM consultants to create architecture of the SIEM solution for the End Customer, customize the data collection and normalization mechanisms. The team needed to design a set of compliance and general reports and deploy the solution in both test and production environments.
The project was split into two phases – Discovery phase and Deployment & information transfer phase:
Discovery phase. One ScienceSoft SIEM consultant visited the End Customer site in order to gather all necessary data and requirements, and to develop the solution architecture and the Solution design document. The information on discovered business processes and identified dependencies had to be analyzed in order to develop the architecture design and create the Solution design. The Solution design document illustrated and described the recommended SIEM architecture for Client's IT environment with reference to requirements, issues, constraints, dependencies, objectives and other considerations identified in the Discovery phase. These deliveries were then presented to End Customer's stakeholders and for their approval.
Solution Deployment and Transfer of Information phase. ScienceSoft's consultants validated the designated SIEM solution hardware, installed and configured SIEM application components and developed dedicated solutions to collect and process data. As a part of information transfer, ScienceSoft demonstrated the configuration and use of IBM TSIEM, reviewed and demonstrated the use of TSIEM report editor. Finally, ScienceSoft provided a Deployment summary document to the Customer's technical project team. The Deployment summary document summarized deployment services performed, highlighted deviations from standard product functionality as well as the solution architectural design and detailed tasks and issues that remained outstanding.
ScienceSoft's consultants implemented an original data collection and processing mechanism capable of combining information from several sources (special healthcare applications and a transactions database) into an integral and complete data structure suitable for further processing. Custom event sources and User information sources were implemented in order to provide normalization and grouping mechanisms to build a data structure compliant with W7 standard. Several sets of reports were created covering all requirements related to information visibility and compliance regulations:
- Financial access reports
- On-demand reporting by personnel and patients ID/Names, type of the transaction
- VIP patients audit
- Employee admitted as Patient reports
- Physician access reports
The resulting SIEM for healthcare is capable of processing up to 700,000 medical transaction events per day. The solution is successfully deployed, tested for performance, stability and data integrity in production environment and all information is successfully transferred to the Customer's side.
- Average Events per Second volume: 1000
- Total Number of Log Sources: 5
- Event Sources Developed: 3
- Threat Cases Created: 10
Technologies and Tools
TSIEM, DB2, WAS, TDI, VMWare, GSL, GML, GEM, W7, GVS, RegExp, SQL, Batch, Shell, Python.