The Public Health of the Generalitat Valenciana (Spain) trusts in WatchGuard for SOC
The Department of Universal Health and Public Health of the Generalitat Valenciana provides services to some 5 million people in 542 municipalities. In recent years, the Valencian Community (Spain) has experienced a significant growth in the demand for healthcare, forcing the institution to optimize resources and strengthen its IT systems.
The Regional Ministry of Health has a multi-center structure structured around 24 health departments and 29 hospitals. In technological terms, this translates into an infrastructure made up of 37 DPCs, 1,100 servers and more than 35,000 endpoints distributed throughout the different centers in the region. All these communications are channeled through a central DPC. In addition to this infrastructure, a large group of companies, laboratories and suppliers are connected to the Conselleria's corporate network via VPN.
Managing such a heterogeneous and dispersed environment is complex, and even more so with the arrival of the pandemic, when it was necessary to prepare the staff against the clock to adopt teleworking, and to organize a centralized and coordinated management of connections with the premise of cybersecurity.
"We had to send more than 3,000 people to work from home in a matter of days, guaranteeing the security of connections and data against possible cyberattacks or information leaks," explains Antonio Grimaltos, technician at the Information Security Office (OSI) of the Department of Universal Health and Public Health of the Generalitat Valenciana. "Added to this was another challenge: we had to combat the increase in ransomware and the volume of threats related to the pandemic and which were targeting hospitals in particular."
Thus, the institution had to secure some 2,600 private computers of its employees, as it only had 400 corporate computers enabled to work and connect from outside the corporate network. This was a very laborious and complex job, since the number of VPN connections to the Consellería's apps or to its remote desktop (RDP) was going to grow exponentially, and it was also necessary to study in detail what impact all these personal computers could produce when connecting to the organization.
The entity saw that the essential services it provides, such as primary and specialized care, the systems services and communications apps offered by the hospital DPCs, and the central
services through which the Conselleria communicates with the Ministry of Health continued to operate.
In parallel, Spain's National Cryptographic Center (CCN) called on cybersecurity and IT firms to help public organizations in this pandemic state. This is where WatchGuard for SOCs came into play, offering its WatchGuard Advanced EPDR solution, a comprehensive and advanced endpoint security platform that integrates endpoint protection (EPP) and endpoint detection and response (EDR) functionalities. The solution met all the essential criteria set by the Regional Ministry of Health: from ease and speed of deployment - it was implemented on 2,600 computers in just one week - to ease of control and management, and compatibility with all types of operating systems, from Linux to Mac, and of course Windows. In addition, the solution also passed all the tests put on the table by the Security Incident Response Team (CSIRT), which was an additional endorsement for the tool, which was subjected to a very exhaustive study in which it detected absolutely everything.
"Along with the simplicity and high capabilities of the tool, a major reason we chose WatchGuard Advanced EPDR was that it allowed us to anonymize the user," stresses Grimaltos. "This was non-negotiable. We had - and still have - no interest in knowing who the user of a computer is or what they connect to in their free time. WatchGuard allowed us to parameterize privacy so that only the computer name and local IP of the computer would be saved, and only in case of incidents would the connection be analyzed. This convinced users that they could install WatchGuard on their personal laptops with complete peace of mind."
Thus, with a VPN and WatchGuard Advanced EPDR's advanced security installed on the 2,600 computers that were to be connected to the Conselleria's network, the problem was solved, and tight security control was maintained. The solution enabled continuous, centralized monitoring of all endpoints, detection, and classification of all activity, and blocking of anomalous behavior of users, machines and processes, providing an additional layer of intelligence protection that allowed us to stay one step ahead of attackers. "We now had proactive anticipation, incident response and first-class threat hunting services, which was crucial to improve and accelerate the protection of endpoints and, by extension, of our systems, in the face of evolving attacks," said Grimaltos.
This project to adapt the thousands of workers of the Conselleria de Sanidad to teleworking, allowed to keep its employees operational in the worst moments, protecting the information and corporate systems continuously. It has also enabled remote connections today. It was all thanks to WatchGuard's technology and their selfless help, as they provided the licenses free of charge at the most critical moment at the beginning of the pandemic.
"We had as many as 2,997 machines registered in the Conselleria's console at the same time. Between March and December, we received between 50,000 and 70,000 cybersecurity alerts, of which 1,464 were for different types of threats. The best thing is that we did not have any incidents to report. All the attacks were detected and neutralized by WatchGuard," emphasizes Antonio Grimaltos.
The agency has also succeeded in implementing a culture of cybersecurity that many users did not have.
"We passed the test and now, after many lessons learned from both a technical and operational standpoint, we continue to work with WatchGuard," says Grimaltos. "We maintain this platform for the connections of our users' computers that connect via VPN. We currently have 5,000 licenses of WatchGuard Advanced EPDR."
On the other hand, the Regional Ministry of Health is deploying the WatchGuard Orion platform, a cloud solution that accelerates threat hunting, detection and response in the organization.
Security analysts now have guidance in the process of triage, investigation and immediate reaction, moving to an offensive security strategy that significantly reduces investigation and remediation times.