Isolate and segment PCI environment
Deny traffic from unauthorized systems
Reduce time and cost of audits
Isolate PoS system traffic
Enable PoS communication across any network
Flat L2 and Bridged L2/L3 Networks
Shared health systems network
Small staff and outsourced PoS development
Deploy in 3 months before PCI Audit
Isolated and segmented hundreds of PoS systems
Deployed in less than one week
50% faster audit, 30% less cost
Segmented machine-to-machine encrypted access for remote Developers
Instant add and revocation for peer-to-peer WAN network communications
Patient Quality, Care, and Safety Realized
Listed among the top 10 hospitals in the U.S, this provider needed to segment their Point of Sale systems and get them off the health systems' shared network. After a failed PCI audit, they needed to comply with PCI requirements but also eliminate the PoS systems from becoming attack vectors. They were on the same networks that were supporting the hospitals' medical devices and patient records with nothing more than VLANs, ACLs, and firewall rules standing between them.
With hundreds of PoS systems spanning gift shops, cafes, parking, and pharmacy sales, the scope was large and affected nearly every network across their campus.
Eliminate Internal Firewalls and VPNs
The hospital had used a combination of firewalls, VPNs, VLANs and ACLs to control access and segment their PoS environment but found it too complex and error-prone to maintain. They were determined to find an alternative to the complexity that caused them to fail their PCI audit.
Simple, Non-Disruptive Deployment
The hospital selected Tempered Networks after the security team ran a pilot to test the unique claims of IDN’s ability to rapidly isolate, segment, and control access to PCI systems. With no training, it took the team less than an hour to deploy their pilot without having to modify the underlying network or disrupt the PoS systems.
Make PoS systems Invisible
Specific PoS systems, like parking kiosks, were grouped into their own encrypted overlay network to allow only authenticated network communication between the kiosks and their settlement servers and gateways. No other systems on the shared network were able to establish communications with these systems let alone discover or see them. The hospital effectively cloaked their entire PCI infrastructure from all other systems. All PCI communications were encrypted, isolated, and ran unimpeded able to communicate only with their whitelisted and authenticated peers. They were able to eliminate their internal firewalls and the use of addresses and ports as a way to allow or deny internal access.
Peer-to-Peer WAN communications Made Simple
After their purchase, the hospital now had the recipe for rapid deployment and the creation of WAN overlay segments. In less than one day they had deployed a production IDN for developers using HIPclients for developer devices, the HIPrelay for private IDN routing, and HIPservers on all PoS servers. With just a few steps they grouped these machines into their own overlay network and set trust relationships between the HIPclients and HIPservers, not the whole network as before with VPNs. The ability to instantly add, move, disable, or revoke developer access gave them complete control over who, when, and what could be accessed down to specific clients and servers.
“Our PoS infrastructure is completly hardened from the inside out, something we were not able to do using our next-gen firewalls and VPNs. Only authorized PoS systems can establish communication with each other via ID network segments in our overlay network."
Manager, Security Architecture
Northeast Healthcare Provider
Fast Deployment with an Even Faster and Successful Audit
Deployment of Tempered Networks took approximately one week from start to finish. Completing early allowed the team to do more penetration testing and to their delight, they frustrated the pen testers who could not find the IP addresses associated with their PCI environment. Because of Tempered Networks built-in PCI audit reports, the audit itself was able to complete in half the time at a third of the cost.
Experience the same simplicity, security, and cost-savings