Established in 2006 by the Council of Australian Governments, Healthdirect Australia offers free health advice online and by phone. Its popular services attract one million phone calls each year and a million visits to its web properties every month. The firm was one of Amazon Web Services’ first customers when the cloud giant opened its datacenter facility in the country in 2012.
Trend Micro sat down with Healthdirect Australia’s Chief Architect and Head of Technology Development, Bruce Haefele and Security Manager, Brett Knuth, to find out more about their approach to cyber security and how Deep Security has helped their business.
What are the main challenges shaping your information security strategy?
Compliance is extremely important for us – we have to follow 1,000 very prescriptive Information Security Manual (ISM) controls mandated by the Australian Signals Directorate (ASD). These include the ASD Top 35 Mitigations for security like applying patches within two days of their release and implementing a host based intrusion detection/prevention system. As a government body and a healthcare firm we’re a target for attackers, so we needed a security solution to give us better visibility into our cloud-based environment. As a bare minimum any new solution had to be in line with the Center for Internet Security (CIS) standards around the hardening of virtual instances.
Why did you choose Trend Micro?
When we launched on AWS in 2013, we initially had open source security products in place. But it didn’t take long for us to outgrow them, as the architecture expanded to include access control environments and administrative networks, and server incidents increased. In August that year we turned to Trend Micro for a proof of concept and straightaway it was able to show us just how effectively its products can secure the cloud. It also had no problem helping us to implement the ASD 35 security mitigation strategies.
What security are you running in the cloud?
We’re running Trend Micro Deep Security – it’s well suited to us because it integrates perfectly with AWS and our dynamic, elastic compute environment. We run hundreds of AWS instances at any given time across multiple virtual private clouds (VPCs), and we can spin those up or down and re-provision most of them with the latest versions and patch levels in 15 to 30 minutes. Deep Security’s vulnerability alerts and virtual patching capabilities are extremely important, helping us stay protected while we test patches and therefore meet the ASD’s strict compliance requirements.
The platform’s intrusion detection and prevention system (IDS/IPS) gives us the level of visibility into threats required by the ASD. It means we can centrally manage firewalls policies, monitor apps for unexpected changes and inspect logs for suspect behavior, all from a single product. We’ve also purchased Trend Micro Smart Protection for Endpoints to protect this other part of the IT environment. It features OfficeScan, which secures both our Mac and Windows machines.
How has Deep Security helped support your business?
We work to a continuous delivery development approach, which sometimes involves ripping out and replacing products. But whatever we put in there, Deep Security will work with it, and it takes no time to manage. It’s helped us satisfy our strict compliance requirements by keeping citizens’ data safe and preventing service outages. In one seven-day period, Deep Security IDS/IPS spotted and blocked over 5,000 attacks targeted at Healthdirect.
Deep Security has also helped support our drive to be more efficient with our IT resources and costs. We use the bring your own license (BYOL) option on the AWS Marketplace to save money annually, and add hourly licenses when we need to scale out. It means we’re not paying for licenses that sit dormant, so Deep Security helps us be a more flexible and agile organization.
What future deployments are you planning?
Our workforce has grown significantly over the past few years so we want to roll-out a BYOD program to support employees. To secure and manage those endpoints we’re looking at implementing OfficeScan for around 500 vendor and employee devices. In addition, we’re planning a test deployment of Trend Micro Deep Discovery in our AWS environment. It’ll be really useful to spot payloads that shouldn’t be in the traffic, and where malformed packets come from. With Deep Discovery we’ll be able to lock down the firewall ports, put in rule sets, and be more proactive than reactive.
See the full success story with Healthdirect Australia here.