<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2659386&amp;fmt=gif">
Talk to an expert
Case Studies

Western Reserve Hospital Elevates Security Posture with 24/7 SOC-as-a-Service

Western Reserve Hospital is one of Northeast Ohio’s most advanced community hospitals, with a staff of nearly 900 employees including physicians, nurses, technicians, support and administrative teams. Owned and operated by physicians in the community, Western Reserve’s mission is delivery of the safest, highest quality health care available.

That attention to patient concerns extends to data security and privacy. This is especially important as healthcare systems and medical records are virtually all digital and connected to the network. As such, the delivery of care is highly dependent on systems, applications and data that are constantly targeted and threatened by ransomware, malware, and other forms of attack.

With these issues, and regulatory concerns in mind, Western Reserve Hospital set out to modernize, centralize, and increase the capability of its information security efforts. That included providing an effective, 24/7 threat detection and response capability.

iStock-1128660269Dagmar Ostermann-Held, director of information security at Western Reserve Hospital, recognized that licensing and managing a traditional security information and event management (SIEM) system, or staffing and operating a 24/7 security operations center (SOC), simply weren’t practical options given the organization’s resources and primary focus on delivering patient care.

Ostermann-Held knew she didn’t want to work with a service provider that relied on a third party, on-premises SIEM, or one that bound her with a rigid, long-term contract. And she wanted to ensure that the data sources that were important to her could be readily integrated into the SIEM. Without these, she was concerned it would be a frustrating and expensive working relationship.

In addition, SIEMs typically require a lot of resources and expertise to properly monitor and maintain, and Ostermann-Held knew this wasn’t a viable approach.

Ostermann-Held sought to avoid these challenges as she began searching for a security partner. Along with a team consisting of the CIO, and their infrastructure, applications, and support team leaders, members evaluated several co-managed SIEM options and managed security service providers.

The team could all quickly and easily grasp Cysiv’s value proposition. “Cysiv’s next-generation cloud-native SIEM, and their logical and comprehensive approach to data science make so much sense,” says Ostermann-Held. “By providing the analysts and other experts to do around-the-clock monitoring, all with a licensing model that doesn’t lock us into a long-term commitment, while giving us the cost predictability we need, Cysiv is perfectly aligned with our requirements and resources”.

In addition, Cysiv’s ability to leverage healthcare industry-specific threat intel feeds was another important consideration. “Data integration with traditional SIEMs can often be a laborious and time-consuming process, but Cysiv’s commitment to quickly supporting new data sources, at no cost to us, was very compelling.”

The Cysiv onboarding process proved a pleasant surprise. “Deployment was very smooth, with their experts working closely with our IT operations team,” says Ostermann-Held.

Security data, including that from their endpoint detection and response (EDR) solution, and other relevant telemetry, is automatically and continuously fed into Cysiv’s cloud native SOC-as-a-service platform where it is parsed, cleansed, normalized, and enriched to generate telemetry in a common information model (CIM) format. This data provides the necessary foundation for Cysiv’s advanced threat detection, investigation, hunting and response activities.

Cysiv analysts directly and actively monitor all detections (things that have been flagged as potential threats) around the clock and triage suspicious entities generated by Cysiv Command while following the Cysiv SOC incident handling workflow. Security incident cases are created for a suspicious entity that cannot be confirmed as benign true positive/false positive during triage to continue with the threat investigation process.

Analysts at Western Reserve Hospital are alerted via email if there’s an escalation and receive a phone call if there’s a severity-1 issue, all according to the standard runbooks that were developed with Ostermann-Held and her team. Western Reserve analysts then log into Cysiv Command to view case details and communicate with Cysiv experts who make recommendations for remediation and response that security analysts at the hospital then implement.


“We were fully operational within two months of contract signature,” observed Ostermann-Held. “Cysiv does all the heavy lifting to monitor for, and isolate, the incidents we need to be concerned about, without all the noise. And our team receives the timely and comprehensive information on these potential incidents in order to act. The efficiency of this process gives our small team more time to focus on other important security related priorities.”

Ostermann-Held and her team are providing valuable, direct input on new platform features, security rule enhancements, and additional data sources they need support for, without the delays and interference of a middleman that are common with a traditional MSSP.

“Cysiv has a strong ‘can do’ culture and has shown an excellent willingness to work with us,” she adds. Earlier this year, healthcare providers across the country were alerted of a malicious server that was targeting hospitals. This triggered an investigation by Ostermann-Held’s team, and together with the Cysiv team they were able to ensure Western Reserve Hospital and its patients and staff wouldn’t be impacted.

Cysiv’s SOC-as-a-service is now an integral part of Western Reserve Hospital’s comprehensive information security strategy.



back to all resources
share this:

related to this

Webinar: Securing Business Growth: The Road to 24/7 Threat Detection and Response